Samba vs LDAP/SSL ans SHA256 cert on NetBSD

Jeremy Allison jra at samba.org
Tue Jun 2 11:18:13 MDT 2015


On Sat, May 30, 2015 at 05:36:19AM +0000, Emmanuel Dreyfus wrote:
> On Fri, May 29, 2015 at 02:37:03PM -0700, Jeremy Allison wrote:
> > Yes, that looks right !
> 
> Attached is an updated patch. 
> 
> I tested the configure part and correct macro are set in 
> bin/default/include/config.h 
> 
> However I was not able to build because of missing python modules. 
> (your new build system is too modern :-)
> I assume this config.h will be included by sha256.c -> sha256.h -> replace.h
> -> config.h ?

Reviewed-by: Jeremy Allison <jra at samba.org>

Can I get a second Team reviewer ?

> >From 8c17d95a27bf8b519d25ebe2b676917219519239 Mon Sep 17 00:00:00 2001
> From: Emmanuel Dreyfus <manu at netbsd.org>
> Date: Sat, 30 May 2015 07:31:01 +0200
> Subject: [PATCH 3/3] Prevent clashes between system and Samba SHA functions
> 
> Samba provides its own set of SHA function, which would replace
> libc-provided flavors. This is a problem because while the prototypes
> are the same, the context structure are different. As a result,
> when connecting to a LDAP/SSL directory, we go through
> libldap/libssl/libcrypto and there libcrypto expects to call libc
> SHA functions, not Samba's.
> 
> The fix is to check for SHA function presence and rename Samba's
> version to avoid a clash.
> ---
>  lib/crypto/sha256.h          | 5 ++++-
>  lib/crypto/sha512.h          | 2 +-
>  lib/crypto/wscript_configure | 7 +++++++
>  3 files changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/crypto/sha256.h b/lib/crypto/sha256.h
> index 7ee8fac..010dbff 100644
> --- a/lib/crypto/sha256.h
> +++ b/lib/crypto/sha256.h
> @@ -42,11 +42,14 @@
>   */
>  #define HEIM_SHA_H 1
>  
> -#if 0
> +#if SHA1_RENAME_NEEDED
>  /* symbol renaming */
>  #define SHA1_Init hc_SHA1_Init
>  #define SHA1_Update hc_SHA1_Update
>  #define SHA1_Final hc_SHA1_Final
> +#endif
> +#if SHA256_RENAME_NEEDED
> +/* symbol renaming */
>  #define SHA256_Init hc_SHA256_Init
>  #define SHA256_Update hc_SHA256_Update
>  #define SHA256_Final hc_SHA256_Final
> diff --git a/lib/crypto/sha512.h b/lib/crypto/sha512.h
> index dc394fd..509fd95 100644
> --- a/lib/crypto/sha512.h
> +++ b/lib/crypto/sha512.h
> @@ -36,7 +36,7 @@
>  #ifndef HEIM_SHA_H
>  #define HEIM_SHA_H 1
>  
> -#if 0
> +#if SHA512_RENAME_NEEDED
>  /* symbol renaming */
>  #define SHA512_Init hc_SHA512_Init
>  #define SHA512_Update hc_SHA512_Update
> diff --git a/lib/crypto/wscript_configure b/lib/crypto/wscript_configure
> index 21ec566..130acec 100644
> --- a/lib/crypto/wscript_configure
> +++ b/lib/crypto/wscript_configure
> @@ -6,3 +6,10 @@ if not conf.CHECK_FUNCS_IN('MD5Init', 'bsd', headers='bsd/md5.h',
>                          checklibc=True)
>  conf.CHECK_FUNCS_IN('CC_MD5_Init', '', headers='CommonCrypto/CommonDigest.h',
>      checklibc=True)
> +
> +if conf.CHECK_FUNCS('SHA1_Update'):
> +	conf.DEFINE('SHA1_RENAME_NEEDED', 1)
> +if conf.CHECK_FUNCS('SHA256_Update'):
> +	conf.DEFINE('SHA256_RENAME_NEEDED', 1)
> +if conf.CHECK_FUNCS('SHA512_Update'):
> +	conf.DEFINE('SHA512_RENAME_NEEDED', 1)
> -- 
> 2.3.2
> 



More information about the samba-technical mailing list