Samba vs LDAP/SSL ans SHA256 cert on NetBSD

Emmanuel Dreyfus manu at netbsd.org
Fri May 29 23:36:19 MDT 2015 

On Fri, May 29, 2015 at 02:37:03PM -0700, Jeremy Allison wrote:
> Yes, that looks right !

Attached is an updated patch. 

I tested the configure part and correct macro are set in 
bin/default/include/config.h 

However I was not able to build because of missing python modules. 
(your new build system is too modern :-)
I assume this config.h will be included by sha256.c -> sha256.h -> replace.h
-> config.h ?

-- 
Emmanuel Dreyfus
manu at netbsd.org
-------------- next part --------------
>From 8c17d95a27bf8b519d25ebe2b676917219519239 Mon Sep 17 00:00:00 2001
From: Emmanuel Dreyfus <manu at netbsd.org>
Date: Sat, 30 May 2015 07:31:01 +0200
Subject: [PATCH 3/3] Prevent clashes between system and Samba SHA functions

Samba provides its own set of SHA function, which would replace
libc-provided flavors. This is a problem because while the prototypes
are the same, the context structure are different. As a result,
when connecting to a LDAP/SSL directory, we go through
libldap/libssl/libcrypto and there libcrypto expects to call libc
SHA functions, not Samba's.

The fix is to check for SHA function presence and rename Samba's
version to avoid a clash.
---
 lib/crypto/sha256.h          | 5 ++++-
 lib/crypto/sha512.h          | 2 +-
 lib/crypto/wscript_configure | 7 +++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/crypto/sha256.h b/lib/crypto/sha256.h
index 7ee8fac..010dbff 100644
--- a/lib/crypto/sha256.h
+++ b/lib/crypto/sha256.h
@@ -42,11 +42,14 @@
  */
 #define HEIM_SHA_H 1
 
-#if 0
+#if SHA1_RENAME_NEEDED
 /* symbol renaming */
 #define SHA1_Init hc_SHA1_Init
 #define SHA1_Update hc_SHA1_Update
 #define SHA1_Final hc_SHA1_Final
+#endif
+#if SHA256_RENAME_NEEDED
+/* symbol renaming */
 #define SHA256_Init hc_SHA256_Init
 #define SHA256_Update hc_SHA256_Update
 #define SHA256_Final hc_SHA256_Final
diff --git a/lib/crypto/sha512.h b/lib/crypto/sha512.h
index dc394fd..509fd95 100644
--- a/lib/crypto/sha512.h
+++ b/lib/crypto/sha512.h
@@ -36,7 +36,7 @@
 #ifndef HEIM_SHA_H
 #define HEIM_SHA_H 1
 
-#if 0
+#if SHA512_RENAME_NEEDED
 /* symbol renaming */
 #define SHA512_Init hc_SHA512_Init
 #define SHA512_Update hc_SHA512_Update
diff --git a/lib/crypto/wscript_configure b/lib/crypto/wscript_configure
index 21ec566..130acec 100644
--- a/lib/crypto/wscript_configure
+++ b/lib/crypto/wscript_configure
@@ -6,3 +6,10 @@ if not conf.CHECK_FUNCS_IN('MD5Init', 'bsd', headers='bsd/md5.h',
                         checklibc=True)
 conf.CHECK_FUNCS_IN('CC_MD5_Init', '', headers='CommonCrypto/CommonDigest.h',
     checklibc=True)
+
+if conf.CHECK_FUNCS('SHA1_Update'):
+	conf.DEFINE('SHA1_RENAME_NEEDED', 1)
+if conf.CHECK_FUNCS('SHA256_Update'):
+	conf.DEFINE('SHA256_RENAME_NEEDED', 1)
+if conf.CHECK_FUNCS('SHA512_Update'):
+	conf.DEFINE('SHA512_RENAME_NEEDED', 1)
-- 
2.3.2

More information about the samba-technical mailing list