fix: smbk5pwd module computes invalid LM hashes

Resolves: #841560
This commit is contained in:
Jan Vcelak 2012-07-19 14:27:10 +02:00
parent 20875f4fb9
commit 9e7cf6735d
2 changed files with 45 additions and 20 deletions

View File

@ -1,21 +1,30 @@
Compile smbk5pwd together with other overlays. Compile smbk5pwd together with other overlays.
Resolves: 550895
Author: Jan Šafránek <jsafrane@redhat.com> Author: Jan Šafránek <jsafrane@redhat.com>
Resolves: #550895
--- openldap-2.4.24.orig/contrib/slapd-modules/smbk5pwd/README Update to link against OpenSSL, avoid to compile with unsupported backend.
+++ openldap-2.4.24/contrib/slapd-modules/smbk5pwd/README
Author: Jan Vcelak <jvcelak@redhat.com>
Resolves: #841560
diff --git a/contrib/slapd-modules/smbk5pwd/README b/contrib/slapd-modules/smbk5pwd/README
index f20ad94..b6433ff 100644
--- a/contrib/slapd-modules/smbk5pwd/README
+++ b/contrib/slapd-modules/smbk5pwd/README
@@ -1,3 +1,8 @@ @@ -1,3 +1,8 @@
+******************************************************* +******************************************************************************
+Red Hat note: Kerberos support is NOT compiled into +Red Hat note: We do not provide Heimdal Kerberos but MIT. Therefore the module
+this version of smbk5pwd because we do not use Heimdal. +is compiled only with Samba features in Fedora and Red Hat Enterprise Linux.
+******************************************************* +******************************************************************************
+ +
This directory contains a slapd overlay, smbk5pwd, that extends the This directory contains a slapd overlay, smbk5pwd, that extends the
PasswordModify Extended Operation to update Kerberos keys and Samba PasswordModify Extended Operation to update Kerberos keys and Samba
password hashes for an LDAP user. password hashes for an LDAP user.
--- openldap-2.4.24.orig/servers/slapd/overlays/Makefile.in diff --git a/servers/slapd/overlays/Makefile.in b/servers/slapd/overlays/Makefile.in
+++ openldap-2.4.24/servers/slapd/overlays/Makefile.in index 3af20e8..ef73663 100644
--- a/servers/slapd/overlays/Makefile.in
+++ b/servers/slapd/overlays/Makefile.in
@@ -33,7 +33,8 @@ SRCS = overlays.c \ @@ -33,7 +33,8 @@ SRCS = overlays.c \
syncprov.c \ syncprov.c \
translucent.c \ translucent.c \
@ -26,15 +35,7 @@ Author: Jan Šafránek <jsafrane@redhat.com>
OBJS = statover.o \ OBJS = statover.o \
@SLAPD_STATIC_OVERLAYS@ \ @SLAPD_STATIC_OVERLAYS@ \
overlays.o overlays.o
@@ -46,14 +47,14 @@ LTONLY_MOD = $(LTONLY_mod) @@ -53,7 +54,7 @@ NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
-MOD_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = -DSLAPD_IMPORT -DDO_SAMBA
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
LIBRARY = ../liboverlays.a LIBRARY = ../liboverlays.a
@ -43,13 +44,36 @@ Author: Jan Šafránek <jsafrane@redhat.com>
XINCPATH = -I.. -I$(srcdir)/.. XINCPATH = -I.. -I$(srcdir)/..
XDEFS = $(MODULES_CPPFLAGS) XDEFS = $(MODULES_CPPFLAGS)
@@ -125,6 +126,9 @@ unique.la : unique.lo @@ -125,6 +126,12 @@ unique.la : unique.lo
valsort.la : valsort.lo valsort.la : valsort.lo
$(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS) $(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS)
+smbk5pwd.lo : smbk5pwd.c
+ $(LTCOMPILE_MOD) -DDO_SAMBA -UHAVE_MOZNSS -DHAVE_OPENSSL $(shell pkg-config openssl --cflags) $<
+
+smbk5pwd.la : smbk5pwd.lo +smbk5pwd.la : smbk5pwd.lo
+ $(LTLINK_MOD) -module -o $@ smbk5pwd.lo version.lo -lldap -L../../../libraries/libldap/.libs/ $(LINK_LIBS) + $(LTLINK_MOD) -module -o $@ smbk5pwd.lo version.lo $(LINK_LIBS) $(shell pkg-config openssl --libs)
+ +
install-local: $(PROGRAMS) install-local: $(PROGRAMS)
@if test -n "$?" ; then \ @if test -n "$?" ; then \
$(MKDIR) $(DESTDIR)$(moduledir); \ $(MKDIR) $(DESTDIR)$(moduledir); \
diff --git a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
index d4d7f6f..37f55da 100644
--- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
+++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
@@ -68,9 +68,11 @@ static ObjectClass *oc_krb5KDCEntry;
#ifdef HAVE_GNUTLS
#include <gcrypt.h>
typedef unsigned char DES_cblock[8];
-#else
+#elif HAVE_OPENSSL
#include <openssl/des.h>
#include <openssl/md4.h>
+#else
+#error Unsupported crypto backend.
#endif
#include "ldap_utf8.h"
--
1.7.10.4

View File

@ -626,6 +626,7 @@ exit 0
%changelog %changelog
* Thu Jul 19 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-5 * Thu Jul 19 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-5
- fix: querying for IPv6 DNS records when IPv6 is disabled on the host (#835013) - fix: querying for IPv6 DNS records when IPv6 is disabled on the host (#835013)
- fix: smbk5pwd module computes invalid LM hashes (#841560)
* Wed Jul 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-4 * Wed Jul 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-4
- modify the package build process - modify the package build process