- Fix Perl dependency by converting the port from using
bsd.port.{pre,post}.mk to options.mk. [1]
- Fix build with LibreSSL. [2] [3]
- Make LM Password optional and disable by default. [3]
Reported by: Lorenzo Perone <lorenzo.perone@bytesatwork.com> [1],
brd [1]
Submitted by: spil.oss@gmail.com [2]
PR: 194841 [3]
This commit is contained in:
Xin LI
parent
060c0a1c73
commit
c518e1da46
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=372499
@ -58,8 +58,8 @@ WANT_OPENLDAP_VER?= 24
|
||||
BROKEN= incompatible OpenLDAP version: ${WANT_OPENLDAP_VER}
|
||||
.endif
|
||||
|
||||
PORTREVISION_CLIENT= 0
|
||||
PORTREVISION_SERVER= 1
|
||||
PORTREVISION_CLIENT= 1
|
||||
PORTREVISION_SERVER= 2
|
||||
OPENLDAP_SHLIB_MAJOR= 2
|
||||
OPENLDAP_SHLIB_MINOR= 10.3
|
||||
OPENLDAP_MAJOR= ${DISTVERSION:R}
|
||||
@ -76,6 +76,7 @@ OPTIONS_DEFINE+= ACCESSLOG AUDITLOG COLLECT CONSTRAINT DDS
|
||||
OPTIONS_DEFINE+= DEREF DYNGROUP DYNLIST MEMBEROF PPOLICY PROXYCACHE
|
||||
OPTIONS_DEFINE+= REFINT RETCODE RWM SEQMOD SSSVLV SYNCPROV TRANSLUCENT
|
||||
OPTIONS_DEFINE+= UNIQUE VALSORT SMBPWD SHA2 DYNAMIC_BACKENDS SASL
|
||||
OPTIONS_DEFINE+= LMPASSWD
|
||||
|
||||
OPTIONS_DEFAULT= MDB SYNCPROV DYNAMIC_BACKENDS
|
||||
|
||||
@ -117,6 +118,7 @@ UNIQUE_DESC= With attribute Uniqueness overlay
|
||||
VALSORT_DESC= With Value Sorting overlay
|
||||
SMBPWD_DESC= With Samba Password hashes overlay
|
||||
SHA2_DESC= With SHA2 Password hashes overlay
|
||||
LMPASSWD_DESC= With LM hash password support (DEPRECATED)
|
||||
DYNAMIC_BACKENDS_DESC= Build dynamic backends
|
||||
.endif
|
||||
|
||||
@ -130,7 +132,7 @@ OPENLDAP_PKGFILESUFX=
|
||||
|
||||
CONFIGURE_SED= -e 's,uuid/uuid.h,xxuuid/uuid.h,g'
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
.include <bsd.port.options.mk>
|
||||
|
||||
.if defined(CLIENT_ONLY)
|
||||
PORTDOCS= CHANGES drafts rfc
|
||||
@ -244,7 +246,6 @@ OVERLAY_ENABLE= yes
|
||||
|
||||
CONFIGURE_ARGS+= --localstatedir=${LOCALSTATEDIR} \
|
||||
--enable-crypt \
|
||||
--enable-lmpasswd \
|
||||
--enable-ldap=${BACKEND_ENABLE} \
|
||||
--enable-meta=${BACKEND_ENABLE} \
|
||||
--enable-rewrite \
|
||||
@ -285,6 +286,10 @@ CONFIGURE_ARGS+= --enable-dyngroup=${OVERLAY_ENABLE}
|
||||
CONFIGURE_ARGS+= --enable-dynlist=${OVERLAY_ENABLE}
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MLMPASSWD}
|
||||
CONFIGURE_ARGS+= --enable-lmpasswd
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MMEMBEROF}
|
||||
CONFIGURE_ARGS+= --enable-memberof=${OVERLAY_ENABLE}
|
||||
.endif
|
||||
@ -561,4 +566,4 @@ post-install:
|
||||
.endif
|
||||
.endif # defined(CLIENT_ONLY)
|
||||
|
||||
.include <bsd.port.post.mk>
|
||||
.include <bsd.port.mk>
|
||||
|
||||
204
net/openldap24-server/files/patch-des
Normal file
204
net/openldap24-server/files/patch-des
Normal file
@ -0,0 +1,204 @@
|
||||
--- libraries/liblutil/passwd.c.orig 2014-09-19 03:48:49.000000000 +0200
|
||||
+++ libraries/liblutil/passwd.c 2014-11-05 19:57:10.807555025 +0100
|
||||
@@ -38,11 +38,11 @@
|
||||
# include <openssl/des.h>
|
||||
|
||||
|
||||
-typedef des_cblock des_key;
|
||||
-typedef des_cblock des_data_block;
|
||||
-typedef des_key_schedule des_context;
|
||||
-#define des_failed(encrypted) 0
|
||||
-#define des_finish(key, schedule)
|
||||
+typedef DES_cblock DES_key;
|
||||
+typedef DES_cblock DES_data_block;
|
||||
+typedef DES_key_schedule DES_context;
|
||||
+#define DES_failed(encrypted) 0
|
||||
+#define DES_finish(key, schedule)
|
||||
|
||||
#elif defined(HAVE_MOZNSS)
|
||||
/*
|
||||
@@ -53,9 +53,9 @@
|
||||
*/
|
||||
#define PROTYPES_H 1
|
||||
# include <nss/pk11pub.h>
|
||||
-typedef PK11SymKey *des_key;
|
||||
-typedef unsigned char des_data_block[8];
|
||||
-typedef PK11Context *des_context[1];
|
||||
+typedef PK11SymKey *DES_key;
|
||||
+typedef unsigned char DES_data_block[8];
|
||||
+typedef PK11Context *DES_context[1];
|
||||
#define DES_ENCRYPT CKA_ENCRYPT
|
||||
|
||||
#endif
|
||||
@@ -664,10 +664,10 @@
|
||||
* abstract away setting the parity.
|
||||
*/
|
||||
static void
|
||||
-des_set_key_and_parity( des_key *key, unsigned char *keyData)
|
||||
+DES_set_key_and_parity( DES_key *key, unsigned char *keyData)
|
||||
{
|
||||
memcpy(key, keyData, 8);
|
||||
- des_set_odd_parity( key );
|
||||
+ DES_set_odd_parity( key );
|
||||
}
|
||||
|
||||
|
||||
@@ -677,7 +677,7 @@
|
||||
* implement MozNSS wrappers for the openSSL calls
|
||||
*/
|
||||
static void
|
||||
-des_set_key_and_parity( des_key *key, unsigned char *keyData)
|
||||
+DES_set_key_and_parity( DES_key *key, unsigned char *keyData)
|
||||
{
|
||||
SECItem keyDataItem;
|
||||
PK11SlotInfo *slot;
|
||||
@@ -699,7 +699,7 @@
|
||||
}
|
||||
|
||||
static void
|
||||
-des_set_key_unchecked( des_key *key, des_context ctxt )
|
||||
+DES_set_key_unchecked( DES_key *key, DES_context ctxt )
|
||||
{
|
||||
ctxt[0] = NULL;
|
||||
|
||||
@@ -712,37 +712,37 @@
|
||||
}
|
||||
|
||||
static void
|
||||
-des_ecb_encrypt( des_data_block *plain, des_data_block *encrypted,
|
||||
- des_context ctxt, int op)
|
||||
+DES_ecb_encrypt( DES_data_block *plain, DES_data_block *encrypted,
|
||||
+ DES_context ctxt, int op)
|
||||
{
|
||||
SECStatus rv;
|
||||
int size;
|
||||
|
||||
if (ctxt[0] == NULL) {
|
||||
/* need to fail here... */
|
||||
- memset(encrypted, 0, sizeof(des_data_block));
|
||||
+ memset(encrypted, 0, sizeof(DES_data_block));
|
||||
return;
|
||||
}
|
||||
rv = PK11_CipherOp(ctxt[0], (unsigned char *)&encrypted[0],
|
||||
- &size, sizeof(des_data_block),
|
||||
- (unsigned char *)&plain[0], sizeof(des_data_block));
|
||||
+ &size, sizeof(DES_data_block),
|
||||
+ (unsigned char *)&plain[0], sizeof(DES_data_block));
|
||||
if (rv != SECSuccess) {
|
||||
/* signal failure */
|
||||
- memset(encrypted, 0, sizeof(des_data_block));
|
||||
+ memset(encrypted, 0, sizeof(DES_data_block));
|
||||
return;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
static int
|
||||
-des_failed(des_data_block *encrypted)
|
||||
+DES_failed(DES_data_block *encrypted)
|
||||
{
|
||||
- static const des_data_block zero = { 0 };
|
||||
+ static const DES_data_block zero = { 0 };
|
||||
return memcmp(encrypted, zero, sizeof(zero)) == 0;
|
||||
}
|
||||
|
||||
static void
|
||||
-des_finish(des_key *key, des_context ctxt)
|
||||
+DES_finish(DES_key *key, DES_context ctxt)
|
||||
{
|
||||
if (*key) {
|
||||
PK11_FreeSymKey(*key);
|
||||
@@ -817,7 +817,7 @@
|
||||
|
||||
static void lmPasswd_to_key(
|
||||
const char *lmPasswd,
|
||||
- des_key *key)
|
||||
+ DES_key *key)
|
||||
{
|
||||
const unsigned char *lpw = (const unsigned char *) lmPasswd;
|
||||
unsigned char k[8];
|
||||
@@ -832,7 +832,7 @@
|
||||
k[6] = ((lpw[5] & 0x3F) << 2) | (lpw[6] >> 6);
|
||||
k[7] = ((lpw[6] & 0x7F) << 1);
|
||||
|
||||
- des_set_key_and_parity( key, k );
|
||||
+ DES_set_key_and_parity( key, k );
|
||||
}
|
||||
|
||||
static int chk_lanman(
|
||||
@@ -843,10 +843,10 @@
|
||||
{
|
||||
ber_len_t i;
|
||||
char UcasePassword[15];
|
||||
- des_key key;
|
||||
- des_context schedule;
|
||||
- des_data_block StdText = "KGS!@#$%";
|
||||
- des_data_block PasswordHash1, PasswordHash2;
|
||||
+ DES_key key;
|
||||
+ DES_context schedule;
|
||||
+ DES_data_block StdText = "KGS!@#$%";
|
||||
+ DES_data_block PasswordHash1, PasswordHash2;
|
||||
char PasswordHash[33], storedPasswordHash[33];
|
||||
|
||||
for( i=0; i<cred->bv_len; i++) {
|
||||
@@ -864,21 +864,21 @@
|
||||
ldap_pvt_str2upper( UcasePassword );
|
||||
|
||||
lmPasswd_to_key( UcasePassword, &key );
|
||||
- des_set_key_unchecked( &key, schedule );
|
||||
- des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );
|
||||
+ DES_set_key_unchecked( &key, &schedule );
|
||||
+ DES_ecb_encrypt( &StdText, &PasswordHash1, &schedule , DES_ENCRYPT );
|
||||
|
||||
- if (des_failed(&PasswordHash1)) {
|
||||
+ if (DES_failed(&PasswordHash1)) {
|
||||
return LUTIL_PASSWD_ERR;
|
||||
}
|
||||
|
||||
lmPasswd_to_key( &UcasePassword[7], &key );
|
||||
- des_set_key_unchecked( &key, schedule );
|
||||
- des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );
|
||||
- if (des_failed(&PasswordHash2)) {
|
||||
+ DES_set_key_unchecked( &key, &schedule );
|
||||
+ DES_ecb_encrypt( &StdText, &PasswordHash2, &schedule , DES_ENCRYPT );
|
||||
+ if (DES_failed(&PasswordHash2)) {
|
||||
return LUTIL_PASSWD_ERR;
|
||||
}
|
||||
|
||||
- des_finish( &key, schedule );
|
||||
+ DES_finish( &key, schedule );
|
||||
|
||||
sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
||||
PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3],
|
||||
@@ -1139,10 +1139,10 @@
|
||||
|
||||
ber_len_t i;
|
||||
char UcasePassword[15];
|
||||
- des_key key;
|
||||
- des_context schedule;
|
||||
- des_data_block StdText = "KGS!@#$%";
|
||||
- des_data_block PasswordHash1, PasswordHash2;
|
||||
+ DES_key key;
|
||||
+ DES_context schedule;
|
||||
+ DES_data_block StdText = "KGS!@#$%";
|
||||
+ DES_data_block PasswordHash1, PasswordHash2;
|
||||
char PasswordHash[33];
|
||||
|
||||
for( i=0; i<passwd->bv_len; i++) {
|
||||
@@ -1160,12 +1160,12 @@
|
||||
ldap_pvt_str2upper( UcasePassword );
|
||||
|
||||
lmPasswd_to_key( UcasePassword, &key );
|
||||
- des_set_key_unchecked( &key, schedule );
|
||||
- des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );
|
||||
+ DES_set_key_unchecked( &key, &schedule );
|
||||
+ DES_ecb_encrypt( &StdText, &PasswordHash1, &schedule , DES_ENCRYPT );
|
||||
|
||||
lmPasswd_to_key( &UcasePassword[7], &key );
|
||||
- des_set_key_unchecked( &key, schedule );
|
||||
- des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );
|
||||
+ DES_set_key_unchecked( &key, &schedule );
|
||||
+ DES_ecb_encrypt( &StdText, &PasswordHash2, &schedule , DES_ENCRYPT );
|
||||
|
||||
sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
||||
PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3],
|
||||
Loading…
Reference in New Issue
Block a user