Samba vs LDAP/SSL ans SHA256 cert on NetBSD
Simo
simo at samba.org
Tue Jun 2 12:15:42 MDT 2015
On Tue, 2015-06-02 at 10:18 -0700, Jeremy Allison wrote:
> On Sat, May 30, 2015 at 05:36:19AM +0000, Emmanuel Dreyfus wrote:
> > On Fri, May 29, 2015 at 02:37:03PM -0700, Jeremy Allison wrote:
> > > Yes, that looks right !
> >
> > Attached is an updated patch.
> >
> > I tested the configure part and correct macro are set in
> > bin/default/include/config.h
> >
> > However I was not able to build because of missing python modules.
> > (your new build system is too modern :-)
> > I assume this config.h will be included by sha256.c -> sha256.h -> replace.h
> > -> config.h ?
>
> Reviewed-by: Jeremy Allison <jra at samba.org>
>
> Can I get a second Team reviewer ?
We need to stop using our own, but for the time being +1
Simo.
> > >From 8c17d95a27bf8b519d25ebe2b676917219519239 Mon Sep 17 00:00:00 2001
> > From: Emmanuel Dreyfus <manu at netbsd.org>
> > Date: Sat, 30 May 2015 07:31:01 +0200
> > Subject: [PATCH 3/3] Prevent clashes between system and Samba SHA functions
> >
> > Samba provides its own set of SHA function, which would replace
> > libc-provided flavors. This is a problem because while the prototypes
> > are the same, the context structure are different. As a result,
> > when connecting to a LDAP/SSL directory, we go through
> > libldap/libssl/libcrypto and there libcrypto expects to call libc
> > SHA functions, not Samba's.
> >
> > The fix is to check for SHA function presence and rename Samba's
> > version to avoid a clash.
> > ---
> > lib/crypto/sha256.h | 5 ++++-
> > lib/crypto/sha512.h | 2 +-
> > lib/crypto/wscript_configure | 7 +++++++
> > 3 files changed, 12 insertions(+), 2 deletions(-)
> >
> > diff --git a/lib/crypto/sha256.h b/lib/crypto/sha256.h
> > index 7ee8fac..010dbff 100644
> > --- a/lib/crypto/sha256.h
> > +++ b/lib/crypto/sha256.h
> > @@ -42,11 +42,14 @@
> > */
> > #define HEIM_SHA_H 1
> >
> > -#if 0
> > +#if SHA1_RENAME_NEEDED
> > /* symbol renaming */
> > #define SHA1_Init hc_SHA1_Init
> > #define SHA1_Update hc_SHA1_Update
> > #define SHA1_Final hc_SHA1_Final
> > +#endif
> > +#if SHA256_RENAME_NEEDED
> > +/* symbol renaming */
> > #define SHA256_Init hc_SHA256_Init
> > #define SHA256_Update hc_SHA256_Update
> > #define SHA256_Final hc_SHA256_Final
> > diff --git a/lib/crypto/sha512.h b/lib/crypto/sha512.h
> > index dc394fd..509fd95 100644
> > --- a/lib/crypto/sha512.h
> > +++ b/lib/crypto/sha512.h
> > @@ -36,7 +36,7 @@
> > #ifndef HEIM_SHA_H
> > #define HEIM_SHA_H 1
> >
> > -#if 0
> > +#if SHA512_RENAME_NEEDED
> > /* symbol renaming */
> > #define SHA512_Init hc_SHA512_Init
> > #define SHA512_Update hc_SHA512_Update
> > diff --git a/lib/crypto/wscript_configure b/lib/crypto/wscript_configure
> > index 21ec566..130acec 100644
> > --- a/lib/crypto/wscript_configure
> > +++ b/lib/crypto/wscript_configure
> > @@ -6,3 +6,10 @@ if not conf.CHECK_FUNCS_IN('MD5Init', 'bsd', headers='bsd/md5.h',
> > checklibc=True)
> > conf.CHECK_FUNCS_IN('CC_MD5_Init', '', headers='CommonCrypto/CommonDigest.h',
> > checklibc=True)
> > +
> > +if conf.CHECK_FUNCS('SHA1_Update'):
> > + conf.DEFINE('SHA1_RENAME_NEEDED', 1)
> > +if conf.CHECK_FUNCS('SHA256_Update'):
> > + conf.DEFINE('SHA256_RENAME_NEEDED', 1)
> > +if conf.CHECK_FUNCS('SHA512_Update'):
> > + conf.DEFINE('SHA512_RENAME_NEEDED', 1)
> > --
> > 2.3.2
> >
--
Simo Sorce
More information about the samba-technical
mailing list