Samba vs LDAP/SSL ans SHA256 cert on NetBSD
Jeremy Allison
jra at samba.org
Tue Jun 2 11:18:13 MDT 2015
On Sat, May 30, 2015 at 05:36:19AM +0000, Emmanuel Dreyfus wrote:
> On Fri, May 29, 2015 at 02:37:03PM -0700, Jeremy Allison wrote:
> > Yes, that looks right !
>
> Attached is an updated patch.
>
> I tested the configure part and correct macro are set in
> bin/default/include/config.h
>
> However I was not able to build because of missing python modules.
> (your new build system is too modern :-)
> I assume this config.h will be included by sha256.c -> sha256.h -> replace.h
> -> config.h ?
Reviewed-by: Jeremy Allison <jra at samba.org>
Can I get a second Team reviewer ?
> >From 8c17d95a27bf8b519d25ebe2b676917219519239 Mon Sep 17 00:00:00 2001
> From: Emmanuel Dreyfus <manu at netbsd.org>
> Date: Sat, 30 May 2015 07:31:01 +0200
> Subject: [PATCH 3/3] Prevent clashes between system and Samba SHA functions
>
> Samba provides its own set of SHA function, which would replace
> libc-provided flavors. This is a problem because while the prototypes
> are the same, the context structure are different. As a result,
> when connecting to a LDAP/SSL directory, we go through
> libldap/libssl/libcrypto and there libcrypto expects to call libc
> SHA functions, not Samba's.
>
> The fix is to check for SHA function presence and rename Samba's
> version to avoid a clash.
> ---
> lib/crypto/sha256.h | 5 ++++-
> lib/crypto/sha512.h | 2 +-
> lib/crypto/wscript_configure | 7 +++++++
> 3 files changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/lib/crypto/sha256.h b/lib/crypto/sha256.h
> index 7ee8fac..010dbff 100644
> --- a/lib/crypto/sha256.h
> +++ b/lib/crypto/sha256.h
> @@ -42,11 +42,14 @@
> */
> #define HEIM_SHA_H 1
>
> -#if 0
> +#if SHA1_RENAME_NEEDED
> /* symbol renaming */
> #define SHA1_Init hc_SHA1_Init
> #define SHA1_Update hc_SHA1_Update
> #define SHA1_Final hc_SHA1_Final
> +#endif
> +#if SHA256_RENAME_NEEDED
> +/* symbol renaming */
> #define SHA256_Init hc_SHA256_Init
> #define SHA256_Update hc_SHA256_Update
> #define SHA256_Final hc_SHA256_Final
> diff --git a/lib/crypto/sha512.h b/lib/crypto/sha512.h
> index dc394fd..509fd95 100644
> --- a/lib/crypto/sha512.h
> +++ b/lib/crypto/sha512.h
> @@ -36,7 +36,7 @@
> #ifndef HEIM_SHA_H
> #define HEIM_SHA_H 1
>
> -#if 0
> +#if SHA512_RENAME_NEEDED
> /* symbol renaming */
> #define SHA512_Init hc_SHA512_Init
> #define SHA512_Update hc_SHA512_Update
> diff --git a/lib/crypto/wscript_configure b/lib/crypto/wscript_configure
> index 21ec566..130acec 100644
> --- a/lib/crypto/wscript_configure
> +++ b/lib/crypto/wscript_configure
> @@ -6,3 +6,10 @@ if not conf.CHECK_FUNCS_IN('MD5Init', 'bsd', headers='bsd/md5.h',
> checklibc=True)
> conf.CHECK_FUNCS_IN('CC_MD5_Init', '', headers='CommonCrypto/CommonDigest.h',
> checklibc=True)
> +
> +if conf.CHECK_FUNCS('SHA1_Update'):
> + conf.DEFINE('SHA1_RENAME_NEEDED', 1)
> +if conf.CHECK_FUNCS('SHA256_Update'):
> + conf.DEFINE('SHA256_RENAME_NEEDED', 1)
> +if conf.CHECK_FUNCS('SHA512_Update'):
> + conf.DEFINE('SHA512_RENAME_NEEDED', 1)
> --
> 2.3.2
>
More information about the samba-technical
mailing list