Attachment 199442 Details for Bug 233633 – Patch for OpenLDAP 2.417 to use gnutls

[patch] Patch for OpenLDAP 2.417 to use gnutls

openldap-gnutls.patch (text/plain), 3.36 KB, created by Steffen Hau on 2009-07-28 14:48:00 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Steffen Hau

Created: 2009-07-28 14:48:00 UTC

Size: 3.36 KB

patch

obsolete

>If GnuTLS is used, the lmpasswd module for USE=samba does not compile.
>Forward-port an old Debian patch that upstream never applied.
>
>X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633
>X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
>X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
>
>--- openldap-2.4.17.orig/libraries/liblutil/passwd.c	2009-07-27 18:59:19.635995474 -0700
>+++ openldap-2.4.17/libraries/liblutil/passwd.c	2009-07-27 19:01:13.588069010 -0700
>@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];
> typedef PK11Context *des_context[1];
> #define DES_ENCRYPT CKA_ENCRYPT
> 
>+#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
>+#	include <gcrypt.h>
>+static int gcrypt_init = 0;
>+
>+typedef const void* des_key;
>+typedef unsigned char des_cblock[8];
>+typedef des_cblock des_data_block;
>+typedef int des_key_schedule; /* unused */
>+typedef des_key_schedule des_context; /* unused */
>+#define des_failed(encrypted) 0
>+#define des_finish(key, schedule) 
>+
>+#define des_set_key_unchecked( key, key_sched ) \
>+  gcry_cipher_setkey( hd, key, 8 )
>+
>+#define des_ecb_encrypt( input, output, key_sched, enc ) \
>+  gcry_cipher_encrypt( hd, *output, 8, *input, 8 )
>+
>+#define des_set_odd_parity( key ) do {} while(0)
>+
> #endif
> 
> #endif /* SLAPD_LMHASH */
>@@ -651,7 +671,7 @@ static int chk_md5(
> 
> #ifdef SLAPD_LMHASH
> 
>-#if defined(HAVE_OPENSSL)
>+#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H)
> 
> /*
>  * abstract away setting the parity.
>@@ -841,6 +861,19 @@ static int chk_lanman(
> 	des_data_block StdText = "KGS!@#$%";
> 	des_data_block PasswordHash1, PasswordHash2;
> 	char PasswordHash[33], storedPasswordHash[33];
>+
>+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
>+	gcry_cipher_hd_t hd;
>+
>+	if ( !gcrypt_init ) {
>+	  gcry_check_version( GCRYPT_VERSION );
>+	  gcrypt_init = 1;
>+	}
>+
>+	schedule = schedule; /* unused - avoid warning */
>+
>+	gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
>+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
> 	
> 	for( i=0; i<cred->bv_len; i++) {
> 		if(cred->bv_val[i] == '\0') {
>@@ -883,6 +916,10 @@ static int chk_lanman(
> 	strncpy( storedPasswordHash, passwd->bv_val, 32 );
> 	storedPasswordHash[32] = '\0';
> 	ldap_pvt_str2lower( storedPasswordHash );
>+
>+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
>+	gcry_cipher_close( hd );
>+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
> 	
> 	return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
> }
>@@ -1138,6 +1175,19 @@ static int hash_lanman(
> 	des_data_block PasswordHash1, PasswordHash2;
> 	char PasswordHash[33];
> 	
>+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
>+	gcry_cipher_hd_t hd;
>+
>+	if ( !gcrypt_init ) {
>+	  gcry_check_version( GCRYPT_VERSION );
>+	  gcrypt_init = 1;
>+	}
>+
>+	schedule = schedule; /* unused - avoid warning */
>+
>+	gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
>+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
>+
> 	for( i=0; i<passwd->bv_len; i++) {
> 		if(passwd->bv_val[i] == '\0') {
> 			return LUTIL_PASSWD_ERR;	/* NUL character in password */
>@@ -1168,6 +1218,10 @@ static int hash_lanman(
> 	
> 	hash->bv_val = PasswordHash;
> 	hash->bv_len = 32;
>+
>+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
>+	gcry_cipher_close( hd );
>+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
> 	
> 	return pw_string( scheme, hash );
> }

Actions: View | Diff

Attachments on bug 233633: 199398 | 199442