diff --git a/openldap-smbk5pwd-overlay.patch b/openldap-smbk5pwd-overlay.patch index 4242483..9f14b38 100644 --- a/openldap-smbk5pwd-overlay.patch +++ b/openldap-smbk5pwd-overlay.patch @@ -1,21 +1,30 @@ Compile smbk5pwd together with other overlays. -Resolves: 550895 Author: Jan Šafránek +Resolves: #550895 ---- openldap-2.4.24.orig/contrib/slapd-modules/smbk5pwd/README -+++ openldap-2.4.24/contrib/slapd-modules/smbk5pwd/README +Update to link against OpenSSL, avoid to compile with unsupported backend. + +Author: Jan Vcelak +Resolves: #841560 + +diff --git a/contrib/slapd-modules/smbk5pwd/README b/contrib/slapd-modules/smbk5pwd/README +index f20ad94..b6433ff 100644 +--- a/contrib/slapd-modules/smbk5pwd/README ++++ b/contrib/slapd-modules/smbk5pwd/README @@ -1,3 +1,8 @@ -+******************************************************* -+Red Hat note: Kerberos support is NOT compiled into -+this version of smbk5pwd because we do not use Heimdal. -+******************************************************* ++****************************************************************************** ++Red Hat note: We do not provide Heimdal Kerberos but MIT. Therefore the module ++is compiled only with Samba features in Fedora and Red Hat Enterprise Linux. ++****************************************************************************** + This directory contains a slapd overlay, smbk5pwd, that extends the PasswordModify Extended Operation to update Kerberos keys and Samba password hashes for an LDAP user. ---- openldap-2.4.24.orig/servers/slapd/overlays/Makefile.in -+++ openldap-2.4.24/servers/slapd/overlays/Makefile.in +diff --git a/servers/slapd/overlays/Makefile.in b/servers/slapd/overlays/Makefile.in +index 3af20e8..ef73663 100644 +--- a/servers/slapd/overlays/Makefile.in ++++ b/servers/slapd/overlays/Makefile.in @@ -33,7 +33,8 @@ SRCS = overlays.c \ syncprov.c \ translucent.c \ @@ -26,15 +35,7 @@ Author: Jan Šafránek OBJS = statover.o \ @SLAPD_STATIC_OVERLAYS@ \ overlays.o -@@ -46,14 +47,14 @@ LTONLY_MOD = $(LTONLY_mod) - LDAP_INCDIR= ../../../include - LDAP_LIBDIR= ../../../libraries - --MOD_DEFS = -DSLAPD_IMPORT -+MOD_DEFS = -DSLAPD_IMPORT -DDO_SAMBA - - shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) - NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) +@@ -53,7 +54,7 @@ NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) LIBRARY = ../liboverlays.a @@ -43,13 +44,36 @@ Author: Jan Šafránek XINCPATH = -I.. -I$(srcdir)/.. XDEFS = $(MODULES_CPPFLAGS) -@@ -125,6 +126,9 @@ unique.la : unique.lo +@@ -125,6 +126,12 @@ unique.la : unique.lo valsort.la : valsort.lo $(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS) ++smbk5pwd.lo : smbk5pwd.c ++ $(LTCOMPILE_MOD) -DDO_SAMBA -UHAVE_MOZNSS -DHAVE_OPENSSL $(shell pkg-config openssl --cflags) $< ++ +smbk5pwd.la : smbk5pwd.lo -+ $(LTLINK_MOD) -module -o $@ smbk5pwd.lo version.lo -lldap -L../../../libraries/libldap/.libs/ $(LINK_LIBS) ++ $(LTLINK_MOD) -module -o $@ smbk5pwd.lo version.lo $(LINK_LIBS) $(shell pkg-config openssl --libs) + install-local: $(PROGRAMS) @if test -n "$?" ; then \ $(MKDIR) $(DESTDIR)$(moduledir); \ +diff --git a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c +index d4d7f6f..37f55da 100644 +--- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c ++++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c +@@ -68,9 +68,11 @@ static ObjectClass *oc_krb5KDCEntry; + #ifdef HAVE_GNUTLS + #include + typedef unsigned char DES_cblock[8]; +-#else ++#elif HAVE_OPENSSL + #include + #include ++#else ++#error Unsupported crypto backend. + #endif + #include "ldap_utf8.h" + +-- +1.7.10.4 + diff --git a/openldap.spec b/openldap.spec index 7bf1645..453ec7e 100644 --- a/openldap.spec +++ b/openldap.spec @@ -626,6 +626,7 @@ exit 0 %changelog * Thu Jul 19 2012 Jan Vcelak 2.4.31-5 - fix: querying for IPv6 DNS records when IPv6 is disabled on the host (#835013) +- fix: smbk5pwd module computes invalid LM hashes (#841560) * Wed Jul 18 2012 Jan Vcelak 2.4.31-4 - modify the package build process