diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..858e614 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/gssntlmssp-0.7.0.tar.gz diff --git a/0001-Add-compatibility-with-OpenSSL-1.1.0.patch b/0001-Add-compatibility-with-OpenSSL-1.1.0.patch new file mode 100644 index 0000000..a3b3913 --- /dev/null +++ b/0001-Add-compatibility-with-OpenSSL-1.1.0.patch @@ -0,0 +1,149 @@ +From e498737a96e8832a2cb9141ab1fe51e129185a48 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Wed, 29 Jun 2016 11:15:11 -0400 +Subject: [PATCH] Add compatibility with OpenSSL 1.1.0 + +In their continued wisdom OpenSSL developers keep breaking APIs left and right +with very poor documentation and forward/backward source compatibility. + +Signed-off-by: Simo Sorce +--- + src/crypto.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++------------ + 1 file changed, 48 insertions(+), 12 deletions(-) + +diff --git a/src/crypto.c b/src/crypto.c +index 9fe69f97cfe9a4c1c9a5fb1861fef3fdfb8ae596..33a0c3e9060df0fa14784e869b5edce2f462b238 100644 +--- a/src/crypto.c ++++ b/src/crypto.c +@@ -27,6 +27,32 @@ + + #include "crypto.h" + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++HMAC_CTX *HMAC_CTX_new(void) ++{ ++ HMAC_CTX *ctx; ++ ++ ctx = OPENSSL_malloc(sizeof(HMAC_CTX)); ++ if (!ctx) return NULL; ++ ++ HMAC_CTX_init(ctx); ++ ++ return ctx; ++} ++ ++void HMAC_CTX_free(HMAC_CTX *ctx) ++{ ++ if (ctx == NULL) return; ++ ++ HMAC_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++} ++ ++#define EVP_MD_CTX_new EVP_MD_CTX_create ++#define EVP_MD_CTX_free EVP_MD_CTX_destroy ++ ++#endif ++ + int RAND_BUFFER(struct ntlm_buffer *random) + { + int ret; +@@ -42,30 +68,34 @@ int HMAC_MD5_IOV(struct ntlm_buffer *key, + struct ntlm_iov *iov, + struct ntlm_buffer *result) + { +- HMAC_CTX hmac_ctx; ++ HMAC_CTX *hmac_ctx; + unsigned int len; + size_t i; + int ret = 0; + + if (result->length != 16) return EINVAL; + +- HMAC_CTX_init(&hmac_ctx); ++ hmac_ctx = HMAC_CTX_new(); ++ if (!hmac_ctx) { ++ ret = ERR_CRYPTO; ++ goto done; ++ } + +- ret = HMAC_Init_ex(&hmac_ctx, key->data, key->length, EVP_md5(), NULL); ++ ret = HMAC_Init_ex(hmac_ctx, key->data, key->length, EVP_md5(), NULL); + if (ret == 0) { + ret = ERR_CRYPTO; + goto done; + } + + for (i = 0; i < iov->num; i++) { +- ret = HMAC_Update(&hmac_ctx, iov->data[i]->data, iov->data[i]->length); ++ ret = HMAC_Update(hmac_ctx, iov->data[i]->data, iov->data[i]->length); + if (ret == 0) { + ret = ERR_CRYPTO; + goto done; + } + } + +- ret = HMAC_Final(&hmac_ctx, result->data, &len); ++ ret = HMAC_Final(hmac_ctx, result->data, &len); + if (ret == 0) { + ret = ERR_CRYPTO; + goto done; +@@ -74,7 +104,7 @@ int HMAC_MD5_IOV(struct ntlm_buffer *key, + ret = 0; + + done: +- HMAC_CTX_cleanup(&hmac_ctx); ++ HMAC_CTX_free(hmac_ctx); + return ret; + } + +@@ -93,26 +123,32 @@ static int mdx_hash(const EVP_MD *type, + struct ntlm_buffer *payload, + struct ntlm_buffer *result) + { +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + unsigned int len; + int ret; + + if (result->length != 16) return EINVAL; + +- EVP_MD_CTX_init(&ctx); +- ret = EVP_DigestInit_ex(&ctx, type, NULL); ++ ctx = EVP_MD_CTX_new(); ++ if (!ctx) { ++ ret = ERR_CRYPTO; ++ goto done; ++ } ++ ++ EVP_MD_CTX_init(ctx); ++ ret = EVP_DigestInit_ex(ctx, type, NULL); + if (ret == 0) { + ret = ERR_CRYPTO; + goto done; + } + +- ret = EVP_DigestUpdate(&ctx, payload->data, payload->length); ++ ret = EVP_DigestUpdate(ctx, payload->data, payload->length); + if (ret == 0) { + ret = ERR_CRYPTO; + goto done; + } + +- ret = EVP_DigestFinal_ex(&ctx, result->data, &len); ++ ret = EVP_DigestFinal_ex(ctx, result->data, &len); + if (ret == 0) { + ret = ERR_CRYPTO; + goto done; +@@ -121,7 +157,7 @@ static int mdx_hash(const EVP_MD *type, + ret = 0; + + done: +- EVP_MD_CTX_cleanup(&ctx); ++ if (ctx) EVP_MD_CTX_free(ctx); + return ret; + } + +-- +2.9.3 + diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/gssntlmssp.spec b/gssntlmssp.spec new file mode 100644 index 0000000..f8f5dcc --- /dev/null +++ b/gssntlmssp.spec @@ -0,0 +1,170 @@ +Name: gssntlmssp +Version: 0.7.0 +Release: 6%{?dist} +Summary: GSSAPI NTLMSSP Mechanism + +Group: System Environment/Libraries +License: LGPLv3+ +URL: https://fedorahosted.org/gss-ntlmssp +Source0: https://fedorahosted.org/released/gss-ntlmssp/%{name}-%{version}.tar.gz + +Patch01: 0001-Add-compatibility-with-OpenSSL-1.1.0.patch + +Requires: krb5-libs%{?_isa} >= 1.12.1-9 + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: m4 +BuildRequires: libxslt +BuildRequires: libxml2 +BuildRequires: docbook-style-xsl +BuildRequires: doxygen +BuildRequires: gettext-devel +BuildRequires: pkgconfig +BuildRequires: krb5-devel >= 1.11.2 +BuildRequires: libunistring-devel +BuildRequires: openssl-devel +BuildRequires: pkgconfig(wbclient) + +%description +A GSSAPI Mechanism that implements NTLMSSP + +%package devel +Summary: Development header for GSSAPI NTLMSSP +Group: Development/Libraries +License: LGPLv3+ + +%description devel +Adds a header file with definition for custom GSSAPI extensions for NTLMSSP + + +%prep +%setup -q +%patch01 -p1 + +%build +autoreconf -fiv +%configure \ + --with-wbclient \ + --disable-static \ + --disable-rpath + +make %{?_smp_mflags} all + +%install +%make_install +rm -f %{buildroot}%{_libdir}/gssntlmssp/gssntlmssp.la +mkdir -p %{buildroot}%{_sysconfdir}/gss/mech.d +install -pm644 examples/mech.ntlmssp %{buildroot}%{_sysconfdir}/gss/mech.d/ntlmssp.conf +%{find_lang} %{name} + +%check +make test_gssntlmssp + +%files -f %{name}.lang +%config(noreplace) %{_sysconfdir}/gss/mech.d/ntlmssp.conf +%{_libdir}/gssntlmssp/ +%{_mandir}/man8/gssntlmssp.8* +%doc COPYING + +%files devel +%{_includedir}/gssapi/gssapi_ntlmssp.h + +%changelog +* Wed Feb 07 2018 Fedora Release Engineering - 0.7.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 0.7.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.7.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 17 2017 Simo Sorce - 0.7.0-3 +- Add OpenSSL 1.1.0 compatibility patch + +* Fri Feb 10 2017 Fedora Release Engineering - 0.7.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jun 3 2016 Simo Sorce - 0.7.0-1 +- New release 0.7.0 + +* Fri May 20 2016 Simo Sorce - 0.6.0-4 +- Fix regression in acquire credential code +- Resolves: #1290831 + +* Wed Feb 03 2016 Fedora Release Engineering - 0.6.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Mar 19 2015 Simo Sorce - 0.6.0-1 +- New verion with fixes for 32 bit arches +- drop patches, they are included in he new upstream release + +* Thu Jan 08 2015 Simo Sorce - 0.5.0-4 +- Fix build failure in rawhide due to automake 1.15 change in behavior + +* Wed Jan 07 2015 Simo Sorce - 0.5.0-4 +- fix bug #1178686 + +* Tue Sep 02 2014 Pádraig Brady - 0.5.0-3 +- rebuild for libunistring soname bump + +* Sat Aug 16 2014 Fedora Release Engineering - 0.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Aug 12 2014 Simo Sorce - 0.5.0-1 +- New upstream version + +* Fri Aug 1 2014 Simo Sorce - 0.4.0-2 +- put configuration in the new mech.d directory introduced as a backport in + krb5-1.12.1-9 + +* Sat Jun 21 2014 Simo Sorce - 0.4.0-1 +- New upstream release 0.4.0: + * Added support for MIC and Channel Binding features of NTLMv2 + * Improve testing so that multiple versions can be tested + * Various importnat fixes in the GSSAPI interface that were causing errors + * Special workaround for SPNEGO mechanism when talking to Windows Servers and + using the internal NTLM MIC feature. + +* Sat Jun 07 2014 Fedora Release Engineering - 0.3.1-1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun Jan 26 2014 Simo Sorce - 0.3.1-0 +- Fixes #1058025 +- New upstream release 0.3.1: + * Fix segfault in init context. + +* Sun Jan 12 2014 Simo Sorce - 0.3.0-0 +- New upstream release 0.3.0: + * Added support for NTLMv1 Signing and Sealing completing full coverage + of the NTLM protocol + * Added a number of GSSAPI calls to inquire, export and import context and + credentials, in preparation for making it work with GSS-Proxy + * Various fixes memleak and other fixes + +* Fri Dec 13 2013 Simo Sorce - 0.2.0-2 +- Backport patches to fix memory leaks + +* Wed Dec 4 2013 Simo Sorce - 0.2.0-1 +- Backport patch that fixes failures with gss_set_neg_mechs() calls. + +* Fri Oct 18 2013 Simo Sorce - 0.2.0-0 +- New upstream realease 0.2.0: + * Add support for acquire_cred_with_password() + * Fix Signing keys generation + * Add enterprise names support + * Add connectionless mode support + * Add development header gssapi_ntlmssp.h + * Various bugfixes and tests for new features + +* Thu Oct 17 2013 Simo Sorce - 0.1.0-2 +- Fix Requires + +* Thu Oct 17 2013 Simo Sorce - 0.1.0-1 +- Initial import of 0.1.0 + diff --git a/sources b/sources new file mode 100644 index 0000000..a4a641c --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (gssntlmssp-0.7.0.tar.gz) = 43fc9e57c00e74be3c6954b3f43677e176f6284a543917533d7e427dff98810f1547336cdc240e5f9161f62975803f4b39c925a429c6c669202267da99e3d841