linamh/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch

If GnuTLS is used, the lmpasswd module for USE=samba does not compile.
Forward-port an old Debian patch that upstream never applied.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Signed-off-by: Steffen Hau <steffen@hauihau.de>
X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633
X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341

--- openldap-2.4.17.orig/libraries/liblutil/passwd.c	2009-07-27 18:59:19.635995474 -0700
+++ openldap-2.4.17/libraries/liblutil/passwd.c	2009-07-27 19:01:13.588069010 -0700
@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];
 typedef PK11Context *des_context[1];
 #define DES_ENCRYPT CKA_ENCRYPT
 
+#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+#	include <gcrypt.h>
+static int gcrypt_init = 0;
+
+typedef const void* des_key;
+typedef unsigned char des_cblock[8];
+typedef des_cblock des_data_block;
+typedef int des_key_schedule; /* unused */
+typedef des_key_schedule des_context; /* unused */
+#define des_failed(encrypted) 0
+#define des_finish(key, schedule) 
+
+#define des_set_key_unchecked( key, key_sched ) \
+  gcry_cipher_setkey( hd, key, 8 )
+
+#define des_ecb_encrypt( input, output, key_sched, enc ) \
+  gcry_cipher_encrypt( hd, *output, 8, *input, 8 )
+
+#define des_set_odd_parity( key ) do {} while(0)
+
 #endif
 
 #endif /* SLAPD_LMHASH */
@@ -651,7 +671,7 @@ static int chk_md5(
 
 #ifdef SLAPD_LMHASH
 
-#if defined(HAVE_OPENSSL)
+#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H)
 
 /*
  * abstract away setting the parity.
@@ -841,6 +861,19 @@ static int chk_lanman(
 	des_data_block StdText = "KGS!@#$%";
 	des_data_block PasswordHash1, PasswordHash2;
 	char PasswordHash[33], storedPasswordHash[33];
+
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+	gcry_cipher_hd_t hd;
+
+	if ( !gcrypt_init ) {
+	  gcry_check_version( GCRYPT_VERSION );
+	  gcrypt_init = 1;
+	}
+
+	schedule = schedule; /* unused - avoid warning */
+
+	gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
 	
 	for( i=0; i<cred->bv_len; i++) {
 		if(cred->bv_val[i] == '\0') {
@@ -883,6 +916,10 @@ static int chk_lanman(
 	strncpy( storedPasswordHash, passwd->bv_val, 32 );
 	storedPasswordHash[32] = '\0';
 	ldap_pvt_str2lower( storedPasswordHash );
+
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+	gcry_cipher_close( hd );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
 	
 	return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
 }
@@ -1138,6 +1175,19 @@ static int hash_lanman(
 	des_data_block PasswordHash1, PasswordHash2;
 	char PasswordHash[33];
 	
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+	gcry_cipher_hd_t hd;
+
+	if ( !gcrypt_init ) {
+	  gcry_check_version( GCRYPT_VERSION );
+	  gcrypt_init = 1;
+	}
+
+	schedule = schedule; /* unused - avoid warning */
+
+	gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
 	for( i=0; i<passwd->bv_len; i++) {
 		if(passwd->bv_val[i] == '\0') {
 			return LUTIL_PASSWD_ERR;	/* NUL character in password */
@@ -1168,6 +1218,10 @@ static int hash_lanman(
 	
 	hash->bv_val = PasswordHash;
 	hash->bv_len = 32;
+
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+	gcry_cipher_close( hd );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
 	
 	return pw_string( scheme, hash );
 }
net-nds/openldap: bump and add samba4 overlay git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@2251 6952d904-891a-0410-993b-d76249ca496b 2010-06-03 05:55:47 +02:00			`If GnuTLS is used, the lmpasswd module for USE=samba does not compile.`
			`Forward-port an old Debian patch that upstream never applied.`

			`Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>`
			`Signed-off-by: Steffen Hau <steffen@hauihau.de>`
			`X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633`
			`X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997`
			`X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341`

			`--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700`
			`+++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700`
			`@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];`
			`typedef PK11Context *des_context[1];`
			`#define DES_ENCRYPT CKA_ENCRYPT`

			`+#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)`
			`+# include <gcrypt.h>`
			`+static int gcrypt_init = 0;`
			`+`
			`+typedef const void* des_key;`
			`+typedef unsigned char des_cblock[8];`
			`+typedef des_cblock des_data_block;`
			`+typedef int des_key_schedule; /* unused */`
			`+typedef des_key_schedule des_context; /* unused */`
			`+#define des_failed(encrypted) 0`
			`+#define des_finish(key, schedule)`
			`+`
			`+#define des_set_key_unchecked( key, key_sched ) \`
			`+ gcry_cipher_setkey( hd, key, 8 )`
			`+`
			`+#define des_ecb_encrypt( input, output, key_sched, enc ) \`
			`+ gcry_cipher_encrypt( hd, output, 8, input, 8 )`
			`+`
			`+#define des_set_odd_parity( key ) do {} while(0)`
			`+`
			`#endif`

			`#endif /* SLAPD_LMHASH */`
			`@@ -651,7 +671,7 @@ static int chk_md5(`

			`#ifdef SLAPD_LMHASH`

			`-#if defined(HAVE_OPENSSL)`
			`+#if defined(HAVE_OPENSSL) \|\| defined(HAVE_GNUTLS_GNUTLS_H)`

			`/*`
			`* abstract away setting the parity.`
			`@@ -841,6 +861,19 @@ static int chk_lanman(`
			`des_data_block StdText = "KGS!@#$%";`
			`des_data_block PasswordHash1, PasswordHash2;`
			`char PasswordHash[33], storedPasswordHash[33];`
			`+`
			`+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)`
			`+ gcry_cipher_hd_t hd;`
			`+`
			`+ if ( !gcrypt_init ) {`
			`+ gcry_check_version( GCRYPT_VERSION );`
			`+ gcrypt_init = 1;`
			`+ }`
			`+`
			`+ schedule = schedule; /* unused - avoid warning */`
			`+`
			`+ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );`
			`+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */`

			`for( i=0; i<cred->bv_len; i++) {`
			`if(cred->bv_val[i] == '\0') {`
			`@@ -883,6 +916,10 @@ static int chk_lanman(`
			`strncpy( storedPasswordHash, passwd->bv_val, 32 );`
			`storedPasswordHash[32] = '\0';`
			`ldap_pvt_str2lower( storedPasswordHash );`
			`+`
			`+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)`
			`+ gcry_cipher_close( hd );`
			`+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */`

			`return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;`
			`}`
			`@@ -1138,6 +1175,19 @@ static int hash_lanman(`
			`des_data_block PasswordHash1, PasswordHash2;`
			`char PasswordHash[33];`

			`+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)`
			`+ gcry_cipher_hd_t hd;`
			`+`
			`+ if ( !gcrypt_init ) {`
			`+ gcry_check_version( GCRYPT_VERSION );`
			`+ gcrypt_init = 1;`
			`+ }`
			`+`
			`+ schedule = schedule; /* unused - avoid warning */`
			`+`
			`+ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );`
			`+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */`
			`+`
			`for( i=0; i<passwd->bv_len; i++) {`
			`if(passwd->bv_val[i] == '\0') {`
			`return LUTIL_PASSWD_ERR; /* NUL character in password */`
			`@@ -1168,6 +1218,10 @@ static int hash_lanman(`

			`hash->bv_val = PasswordHash;`
			`hash->bv_len = 32;`
			`+`
			`+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)`
			`+ gcry_cipher_close( hd );`
			`+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */`

			`return pw_string( scheme, hash );`
			`}`