import gssntlmssp-0.7.0-6.el8

.gitignore

@@ -0,0 +1 @@
+SOURCES/gssntlmssp-0.7.0.tar.gz

.gssntlmssp.metadata

@@ -0,0 +1 @@
+c8145411a1a40224a6d22acb45a8059dacaf8044 SOURCES/gssntlmssp-0.7.0.tar.gz

SOURCES/0001-Add-compatibility-with-OpenSSL-1.1.0.patch

@@ -0,0 +1,149 @@
+From e498737a96e8832a2cb9141ab1fe51e129185a48 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 29 Jun 2016 11:15:11 -0400
+Subject: [PATCH] Add compatibility with OpenSSL 1.1.0
+
+In their continued wisdom OpenSSL developers keep breaking APIs left and right
+with very poor documentation and forward/backward source compatibility.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ src/crypto.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 48 insertions(+), 12 deletions(-)
+
+diff --git a/src/crypto.c b/src/crypto.c
+index 9fe69f97cfe9a4c1c9a5fb1861fef3fdfb8ae596..33a0c3e9060df0fa14784e869b5edce2f462b238 100644
+--- a/src/crypto.c
++++ b/src/crypto.c
+@@ -27,6 +27,32 @@
+ 
+ #include "crypto.h"
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++HMAC_CTX *HMAC_CTX_new(void)
++{
++    HMAC_CTX *ctx;
++
++    ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
++    if (!ctx) return NULL;
++
++    HMAC_CTX_init(ctx);
++
++    return ctx;
++}
++
++void HMAC_CTX_free(HMAC_CTX *ctx)
++{
++    if (ctx == NULL) return;
++
++    HMAC_CTX_cleanup(ctx);
++    OPENSSL_free(ctx);
++}
++
++#define EVP_MD_CTX_new EVP_MD_CTX_create
++#define EVP_MD_CTX_free EVP_MD_CTX_destroy
++
++#endif
++
+ int RAND_BUFFER(struct ntlm_buffer *random)
+ {
+     int ret;
+@@ -42,30 +68,34 @@ int HMAC_MD5_IOV(struct ntlm_buffer *key,
+                  struct ntlm_iov *iov,
+                  struct ntlm_buffer *result)
+ {
+-    HMAC_CTX hmac_ctx;
++    HMAC_CTX *hmac_ctx;
+     unsigned int len;
+     size_t i;
+     int ret = 0;
+ 
+     if (result->length != 16) return EINVAL;
+ 
+-    HMAC_CTX_init(&hmac_ctx);
++    hmac_ctx = HMAC_CTX_new();
++    if (!hmac_ctx) {
++        ret = ERR_CRYPTO;
++        goto done;
++    }
+ 
+-    ret = HMAC_Init_ex(&hmac_ctx, key->data, key->length, EVP_md5(), NULL);
++    ret = HMAC_Init_ex(hmac_ctx, key->data, key->length, EVP_md5(), NULL);
+     if (ret == 0) {
+         ret = ERR_CRYPTO;
+         goto done;
+     }
+ 
+     for (i = 0; i < iov->num; i++) {
+-        ret = HMAC_Update(&hmac_ctx, iov->data[i]->data, iov->data[i]->length);
++        ret = HMAC_Update(hmac_ctx, iov->data[i]->data, iov->data[i]->length);
+         if (ret == 0) {
+             ret = ERR_CRYPTO;
+             goto done;
+         }
+     }
+ 
+-    ret = HMAC_Final(&hmac_ctx, result->data, &len);
++    ret = HMAC_Final(hmac_ctx, result->data, &len);
+     if (ret == 0) {
+         ret = ERR_CRYPTO;
+         goto done;
+@@ -74,7 +104,7 @@ int HMAC_MD5_IOV(struct ntlm_buffer *key,
+     ret = 0;
+ 
+ done:
+-    HMAC_CTX_cleanup(&hmac_ctx);
++    HMAC_CTX_free(hmac_ctx);
+     return ret;
+ }
+ 
+@@ -93,26 +123,32 @@ static int mdx_hash(const EVP_MD *type,
+                     struct ntlm_buffer *payload,
+                     struct ntlm_buffer *result)
+ {
+-    EVP_MD_CTX ctx;
++    EVP_MD_CTX *ctx;
+     unsigned int len;
+     int ret;
+ 
+     if (result->length != 16) return EINVAL;
+ 
+-    EVP_MD_CTX_init(&ctx);
+-    ret = EVP_DigestInit_ex(&ctx, type, NULL);
++    ctx = EVP_MD_CTX_new();
++    if (!ctx) {
++        ret = ERR_CRYPTO;
++        goto done;
++    }
++
++    EVP_MD_CTX_init(ctx);
++    ret = EVP_DigestInit_ex(ctx, type, NULL);
+     if (ret == 0) {
+         ret = ERR_CRYPTO;
+         goto done;
+     }
+ 
+-    ret = EVP_DigestUpdate(&ctx, payload->data, payload->length);
++    ret = EVP_DigestUpdate(ctx, payload->data, payload->length);
+     if (ret == 0) {
+         ret = ERR_CRYPTO;
+         goto done;
+     }
+ 
+-    ret = EVP_DigestFinal_ex(&ctx, result->data, &len);
++    ret = EVP_DigestFinal_ex(ctx, result->data, &len);
+     if (ret == 0) {
+         ret = ERR_CRYPTO;
+         goto done;
+@@ -121,7 +157,7 @@ static int mdx_hash(const EVP_MD *type,
+     ret = 0;
+ 
+ done:
+-    EVP_MD_CTX_cleanup(&ctx);
++    if (ctx) EVP_MD_CTX_free(ctx);
+     return ret;
+ }
+ 
+-- 
+2.9.3
+

SPECS/gssntlmssp.spec

@@ -0,0 +1,170 @@
+Name:		gssntlmssp
+Version:	0.7.0
+Release:	6%{?dist}
+Summary:	GSSAPI NTLMSSP Mechanism
+
+Group:		System Environment/Libraries
+License:	LGPLv3+
+URL:		https://fedorahosted.org/gss-ntlmssp
+Source0:        https://fedorahosted.org/released/gss-ntlmssp/%{name}-%{version}.tar.gz
+
+Patch01: 0001-Add-compatibility-with-OpenSSL-1.1.0.patch
+
+Requires: krb5-libs%{?_isa} >= 1.12.1-9
+
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libtool
+BuildRequires: m4
+BuildRequires: libxslt
+BuildRequires: libxml2
+BuildRequires: docbook-style-xsl
+BuildRequires: doxygen
+BuildRequires: gettext-devel
+BuildRequires: pkgconfig
+BuildRequires: krb5-devel >= 1.11.2
+BuildRequires: libunistring-devel
+BuildRequires: openssl-devel
+BuildRequires: pkgconfig(wbclient)
+
+%description
+A GSSAPI Mechanism that implements NTLMSSP
+
+%package devel
+Summary: Development header for GSSAPI NTLMSSP
+Group: Development/Libraries
+License: LGPLv3+
+
+%description devel
+Adds a header file with definition for custom GSSAPI extensions for NTLMSSP
+
+
+%prep
+%setup -q
+%patch01 -p1
+
+%build
+autoreconf -fiv
+%configure \
+    --with-wbclient \
+    --disable-static \
+    --disable-rpath
+
+make %{?_smp_mflags} all
+
+%install
+%make_install
+rm -f %{buildroot}%{_libdir}/gssntlmssp/gssntlmssp.la
+mkdir -p %{buildroot}%{_sysconfdir}/gss/mech.d
+install -pm644 examples/mech.ntlmssp %{buildroot}%{_sysconfdir}/gss/mech.d/ntlmssp.conf
+%{find_lang} %{name}
+
+%check
+make test_gssntlmssp
+
+%files -f %{name}.lang
+%config(noreplace) %{_sysconfdir}/gss/mech.d/ntlmssp.conf
+%{_libdir}/gssntlmssp/
+%{_mandir}/man8/gssntlmssp.8*
+%doc COPYING
+
+%files devel
+%{_includedir}/gssapi/gssapi_ntlmssp.h
+
+%changelog
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 17 2017 Simo Sorce <simo@samba.org> - 0.7.0-3
+- Add OpenSSL 1.1.0 compatibility patch
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Jun  3 2016 Simo Sorce <simo@samba.org> - 0.7.0-1
+- New release 0.7.0
+
+* Fri May 20 2016 Simo Sorce <simo@samba.org> - 0.6.0-4
+- Fix regression in acquire credential code
+- Resolves: #1290831
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Thu Mar 19 2015 Simo Sorce <simo@samba.org> - 0.6.0-1
+- New verion with fixes for 32 bit arches
+- drop patches, they are included in he new upstream release
+
+* Thu Jan 08 2015   Simo Sorce <simo@samba.org> - 0.5.0-4
+- Fix build failure in rawhide due to automake 1.15 change in behavior
+
+* Wed Jan 07 2015   Simo Sorce <simo@samba.org> - 0.5.0-4
+- fix bug #1178686
+
+* Tue Sep 02 2014 Pádraig Brady <pbrady@redhat.com> - 0.5.0-3
+- rebuild for libunistring soname bump
+
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Tue Aug 12 2014 Simo Sorce <simo@samba.org> - 0.5.0-1
+- New upstream version
+
+* Fri Aug 1  2014 Simo Sorce <simo@samba.org> - 0.4.0-2
+- put configuration in the new mech.d directory introduced as a backport in
+  krb5-1.12.1-9
+
+* Sat Jun 21 2014 Simo Sorce <simo@samba.org> - 0.4.0-1
+- New upstream release 0.4.0:
+  * Added support for MIC and Channel Binding features of NTLMv2
+  * Improve testing so that multiple versions can be tested
+  * Various importnat fixes in the GSSAPI interface that were causing errors
+  * Special workaround for SPNEGO mechanism when talking to Windows Servers and
+    using the internal NTLM MIC feature.
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sun Jan 26 2014 Simo Sorce <simo@samba.org> - 0.3.1-0
+- Fixes #1058025
+- New upstream release 0.3.1:
+  * Fix segfault in init context.
+
+* Sun Jan 12 2014 Simo Sorce <simo@samba.org> - 0.3.0-0
+- New upstream release 0.3.0:
+  * Added support for NTLMv1 Signing and Sealing completing full coverage
+    of the NTLM protocol
+  * Added a number of GSSAPI calls to inquire, export and import context and
+    credentials, in preparation for making it work with GSS-Proxy
+  * Various fixes memleak and other fixes
+
+* Fri Dec 13 2013 Simo Sorce <simo@samba.org> - 0.2.0-2
+- Backport patches to fix memory leaks
+
+* Wed Dec  4 2013 Simo Sorce <simo@samba.org> - 0.2.0-1
+- Backport patch that fixes failures with gss_set_neg_mechs() calls.
+
+* Fri Oct 18 2013 Simo Sorce <simo@samba.org> - 0.2.0-0
+- New upstream realease 0.2.0:
+  * Add support for acquire_cred_with_password()
+  * Fix Signing keys generation
+  * Add enterprise names support
+  * Add connectionless mode support
+  * Add development header gssapi_ntlmssp.h
+  * Various bugfixes and tests for new features 
+
+* Thu Oct 17 2013 Simo Sorce <simo@samba.org> - 0.1.0-2
+- Fix Requires
+
+* Thu Oct 17 2013 Simo Sorce <simo@samba.org> - 0.1.0-1
+- Initial import of 0.1.0
+