[packages/gssntlmssp] - initial - added upstream patch to support openssl 1.1.x and custom to (at least partially) support
qboosh
qboosh at pld-linux.org
Thu Mar 14 17:44:41 CET 2019
commit 631a1caa22eef39b2c0aebf8f56900d1d3f69acc
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Thu Mar 14 17:50:23 2019 +0100
- initial
- added upstream patch to support openssl 1.1.x and custom to (at least partially) support heimdal instead of MIT krb5
gssntlmssp-heimdal.patch | 263 ++++++++++++++++++++++++++++++++++++++++++++
gssntlmssp-openssl1.1.patch | 146 ++++++++++++++++++++++++
gssntlmssp.spec | 115 +++++++++++++++++++
3 files changed, 524 insertions(+)
---
diff --git a/gssntlmssp.spec b/gssntlmssp.spec
new file mode 100644
index 0000000..4efb6e5
--- /dev/null
+++ b/gssntlmssp.spec
@@ -0,0 +1,115 @@
+# TODO:
+# - implement mech.d in heimdal (e.g. by cat /etc/gss/mech.d/*.conf > /etc/gss/mech in %post scripts)
+# - apidocs (doxygen config missing)
+#
+# Conditional build:
+%bcond_with apidocs # API documentation (doxygen config missing in sources)
+#
+Summary: GSSAPI NTLMSSP mechanism
+Summary(pl.UTF-8): Mechanizm GSSAPI NTLMSSP
+Name: gssntlmssp
+Version: 0.7.0
+Release: 1
+License: LGPL v3+
+Group: Libraries
+# also https://github.com/simo5/gss-ntlmssp but no releases there
+Source0: http://releases.pagure.org/gssntlmssp/%{name}-%{version}.tar.gz
+# Source0-md5: 5f890092ecf8a566b7556fca2b60d6cc
+Patch0: %{name}-heimdal.patch
+Patch1: %{name}-openssl1.1.patch
+URL: https://pagure.io/gssntlmssp
+BuildRequires: autoconf >= 2.59
+BuildRequires: automake >= 1:1.11
+BuildRequires: docbook-style-xsl-nons
+BuildRequires: doxygen
+BuildRequires: gettext-tools
+BuildRequires: heimdal-devel
+# pkgconfig(wbclient)
+BuildRequires: libsmbclient-devel
+BuildRequires: libtool >= 2:2
+BuildRequires: libunistring-devel
+BuildRequires: libxslt-progs
+BuildRequires: openssl-devel
+BuildRequires: pkgconfig
+BuildRequires: po4a
+BuildRequires: zlib-devel
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%description
+A GSSAPI Mechanism that implements NTLMSSP.
+
+%description -l pl.UTF-8
+Mechanizm GSSAPI implementujący NTLMSSP.
+
+%package devel
+Summary: Header file for GSSAPI NTLMSSP extensions
+Summary(pl.UTF-8): Plik nagłówkowy rozszerzeń GSSAPI NTLMSSP
+Group: Development/Libraries
+Requires: heimdal-devel
+
+%description devel
+Header file with definition for custom GSSAPI extensions for NTLMSSP.
+
+%description devel -l pl.UTF-8
+Plik nagłówkowy z definicjami rozszerzeń GSSAPI dla NTLMSSP.
+
+%prep
+%setup -q
+%patch0 -p1
+%patch1 -p1
+
+%build
+%{__libtoolize}
+%{__aclocal} -I m4 -I .
+%{__autoconf}
+%{__autoheader}
+%{__automake}
+%configure \
+ --disable-silent-rules
+%{__make}
+
+%if %{with apidocs}
+%{__make} docs
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT
+
+# loadable module
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/gssntlmssp/*.la
+
+install -d $RPM_BUILD_ROOT/etc/gss/mech.d
+cp -p examples/mech.ntlmssp $RPM_BUILD_ROOT/etc/gss/mech.d/ntlmssp.conf
+
+%find_lang %{name}
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%if 0
+# TODO: needs support in heimdal.spec
+# (/etc/gss/mech as ghost, move current content with appropriate comment to /etc/gss/mech.d/00_init.conf)
+%post
+umask 022
+cat /etc/gss/mech.d/*.conf >$RPM_BUILD_ROOT/etc/gss/mech
+
+%postun
+umask 022
+if [ "$1" = "0" ]; then
+ cat /etc/gss/mech.d/*.conf >$RPM_BUILD_ROOT/etc/gss/mech
+fi
+%endif
+
+%files -f %{name}.lang
+%defattr(644,root,root,755)
+%dir %{_libdir}/gssntlmssp
+%attr(755,root,root) %{_libdir}/gssntlmssp/gssntlmssp.so
+/etc/gss/mech.d/ntlmssp.conf
+%{_mandir}/man8/gssntlmssp.8*
+
+%files devel
+%defattr(644,root,root,755)
+%{_includedir}/gssapi/gssapi_ntlmssp.h
diff --git a/gssntlmssp-heimdal.patch b/gssntlmssp-heimdal.patch
new file mode 100644
index 0000000..f5efaa9
--- /dev/null
+++ b/gssntlmssp-heimdal.patch
@@ -0,0 +1,263 @@
+--- gssntlmssp-0.7.0/configure.ac.orig 2016-05-23 17:33:43.679657492 +0200
++++ gssntlmssp-0.7.0/configure.ac 2019-03-06 21:19:51.059548400 +0100
+@@ -76,10 +76,10 @@
+ GSSAPI_CFLAGS="`$KRB5_CONFIG --cflags gssapi`"
+ GSSAPI_LIBS="`$KRB5_CONFIG --libs gssapi`"
+ fi
+-AC_CHECK_LIB(gssapi_krb5, gss_import_cred,,
++AC_CHECK_LIB(gssapi, gss_import_cred,,
+ [AC_MSG_ERROR([GSSAPI library does not support gss_import_cred])],
+ [$GSSAPI_LIBS])
+-AC_CHECK_LIB(gssapi_krb5, gss_export_cred,,
++AC_CHECK_LIB(gssapi, gss_export_cred,,
+ [AC_MSG_ERROR([GSSAPI library does not support gss_export_cred])],
+ [$GSSAPI_LIBS])
+
+--- gssntlmssp-0.7.0/src/gss_err.c.orig 2016-05-23 17:33:43.683657469 +0200
++++ gssntlmssp-0.7.0/src/gss_err.c 2019-03-11 09:50:24.093307653 +0100
+@@ -7,7 +7,6 @@
+ #include <errno.h>
+
+ #include <gssapi/gssapi.h>
+-#include <gssapi/gssapi_ext.h>
+
+ #include "gss_ntlmssp.h"
+
+--- gssntlmssp-0.7.0/src/gssapi_ntlmssp.h.orig 2016-06-03 16:28:17.865974253 +0200
++++ gssntlmssp-0.7.0/src/gssapi_ntlmssp.h 2019-03-11 09:50:55.599803635 +0100
+@@ -19,7 +19,6 @@
+ #define _GSSAPI_NTLMSSP_H_
+
+ #include <gssapi/gssapi.h>
+-#include <gssapi/gssapi_ext.h>
+
+ #ifdef __cplusplus
+ extern "C" {
+--- gssntlmssp-0.7.0/src/gss_creds.c.orig 2016-05-23 17:33:43.683657469 +0200
++++ gssntlmssp-0.7.0/src/gss_creds.c 2019-03-11 18:41:53.940545522 +0100
+@@ -21,7 +21,6 @@
+ #include <string.h>
+
+ #include <gssapi/gssapi.h>
+-#include <gssapi/gssapi_ext.h>
+
+ #include "gss_ntlmssp.h"
+
+--- gssntlmssp-0.7.0/src/gss_spi.c.orig 2016-05-23 17:33:43.685657457 +0200
++++ gssntlmssp-0.7.0/src/gss_spi.c 2019-03-11 19:02:57.233701676 +0100
+@@ -16,19 +16,18 @@
+ */
+
+ #include <gssapi/gssapi.h>
+-#include <gssapi/gssapi_ext.h>
+
+ #include "gss_ntlmssp.h"
+
+ OM_uint32 gss_init_sec_context(OM_uint32 *minor_status,
+- gss_cred_id_t claimant_cred_handle,
++ gss_const_cred_id_t claimant_cred_handle,
+ gss_ctx_id_t *context_handle,
+- gss_name_t target_name,
+- gss_OID mech_type,
++ gss_const_name_t target_name,
++ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+- gss_channel_bindings_t input_chan_bindings,
+- gss_buffer_t input_token,
++ const gss_channel_bindings_t input_chan_bindings,
++ const gss_buffer_t input_token,
+ gss_OID *actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 *ret_flags,
+@@ -80,9 +79,9 @@
+ }
+
+ OM_uint32 gss_acquire_cred(OM_uint32 *minor_status,
+- gss_name_t desired_name,
++ gss_const_name_t desired_name,
+ OM_uint32 time_req,
+- gss_OID_set desired_mechs,
++ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+@@ -149,7 +148,7 @@
+ }
+
+ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
+- const gss_name_t input_name,
++ gss_const_name_t input_name,
+ gss_name_t *dest_name)
+ {
+ return gssntlm_duplicate_name(minor_status,
+@@ -164,7 +163,7 @@
+ }
+
+ OM_uint32 gss_context_time(OM_uint32 *minor_status,
+- gss_ctx_id_t context_handle,
++ gss_const_ctx_id_t context_handle,
+ OM_uint32 *time_rec)
+ {
+ return gssntlm_context_time(minor_status, context_handle, time_rec);
+@@ -172,7 +171,7 @@
+
+ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+- gss_cred_id_t acceptor_cred_handle,
++ gss_const_cred_id_t acceptor_cred_handle,
+ gss_buffer_t input_token_buffer,
+ gss_channel_bindings_t input_chan_bindings,
+ gss_name_t *src_name,
+@@ -196,9 +195,9 @@
+ }
+
+ OM_uint32 gss_get_mic(OM_uint32 *minor_status,
+- gss_ctx_id_t context_handle,
++ gss_const_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+- gss_buffer_t message_buffer,
++ const gss_buffer_t message_buffer,
+ gss_buffer_t message_token)
+ {
+ return gssntlm_get_mic(minor_status,
+@@ -210,9 +209,9 @@
+
+
+ OM_uint32 gss_verify_mic(OM_uint32 *minor_status,
+- gss_ctx_id_t context_handle,
+- gss_buffer_t message_buffer,
+- gss_buffer_t message_token,
++ gss_const_ctx_id_t context_handle,
++ const gss_buffer_t message_buffer,
++ const gss_buffer_t message_token,
+ gss_qop_t *qop_state)
+ {
+ return gssntlm_verify_mic(minor_status,
+@@ -223,10 +222,10 @@
+ }
+
+ OM_uint32 gss_wrap(OM_uint32 *minor_status,
+- gss_ctx_id_t context_handle,
++ gss_const_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+- gss_buffer_t input_message_buffer,
++ const gss_buffer_t input_message_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer)
+ {
+@@ -240,8 +239,8 @@
+ }
+
+ OM_uint32 gss_unwrap(OM_uint32 *minor_status,
+- gss_ctx_id_t context_handle,
+- gss_buffer_t input_message_buffer,
++ gss_const_ctx_id_t context_handle,
++ const gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state)
+@@ -255,7 +254,7 @@
+ }
+
+ OM_uint32 gss_wrap_size_limit(OM_uint32 *minor_status,
+- gss_ctx_id_t context_handle,
++ gss_const_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+@@ -270,7 +269,7 @@
+ }
+
+ OM_uint32 gss_inquire_context(OM_uint32 *minor_status,
+- gss_ctx_id_t context_handle,
++ gss_const_ctx_id_t context_handle,
+ gss_name_t *src_name,
+ gss_name_t *targ_name,
+ OM_uint32 *lifetime_rec,
+@@ -291,7 +290,7 @@
+ }
+
+ OM_uint32 gss_display_name(OM_uint32 *minor_status,
+- gss_name_t input_name,
++ gss_const_name_t input_name,
+ gss_buffer_t output_name_buffer,
+ gss_OID *output_name_type)
+ {
+@@ -302,8 +301,8 @@
+ }
+
+ OM_uint32 gss_localname(OM_uint32 *minor_status,
+- const gss_name_t name,
+- gss_const_OID mech_type,
++ gss_const_name_t name,
++ const gss_OID mech_type,
+ gss_buffer_t localname)
+ {
+ return gssntlm_localname(minor_status,
+@@ -324,7 +323,7 @@
+ }
+
+ OM_uint32 gss_inquire_sec_context_by_oid(OM_uint32 *minor_status,
+- const gss_ctx_id_t context_handle,
++ gss_const_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
+ {
+@@ -335,7 +334,7 @@
+ }
+
+ OM_uint32 gss_inquire_cred(OM_uint32 *minor_status,
+- gss_cred_id_t cred_handle,
++ gss_const_cred_id_t cred_handle,
+ gss_name_t *name,
+ OM_uint32 *lifetime,
+ gss_cred_usage_t *cred_usage,
+@@ -350,8 +349,8 @@
+ }
+
+ OM_uint32 gss_inquire_cred_by_mech(OM_uint32 *minor_status,
+- gss_cred_id_t cred_handle,
+- gss_OID mech_type,
++ gss_const_cred_id_t cred_handle,
++ const gss_OID mech_type,
+ gss_name_t *name,
+ OM_uint32 *initiator_lifetime,
+ OM_uint32 *acceptor_lifetime,
+--- gssntlmssp-0.7.0/src/gss_names.c.orig 2016-05-23 17:33:43.683657469 +0200
++++ gssntlmssp-0.7.0/src/gss_names.c 2019-03-11 19:30:57.317933212 +0100
+@@ -28,7 +28,6 @@
+ #include <unistd.h>
+
+ #include <gssapi/gssapi.h>
+-#include <gssapi/gssapi_ext.h>
+
+ #include "gss_ntlmssp.h"
+
+--- gssntlmssp-0.7.0/src/gss_ntlmssp.h.orig 2016-05-23 17:33:43.684657463 +0200
++++ gssntlmssp-0.7.0/src/gss_ntlmssp.h 2019-03-11 19:33:23.667140370 +0100
+@@ -66,6 +66,23 @@
+ #define NTLMSSP_CTX_FLAG_SPNEGO_CAN_MIC 0x02 /* SPNEGO asks for MIC */
+ #define NTLMSSP_CTX_FLAG_AUTH_WITH_MIC 0x04 /* Auth MIC was created */
+
++/* MIT->heimdal compatibility */
++struct gss_key_value_element_struct {
++ const char *key;
++ const char *value;
++};
++typedef struct gss_key_value_element_struct gss_key_value_element_desc;
++
++struct gss_key_value_set_struct {
++ OM_uint32 count;
++ gss_key_value_element_desc *elements;
++};
++typedef struct gss_key_value_set_struct gss_key_value_set_desc;
++typedef const gss_key_value_set_desc *gss_const_key_value_set_t;
++
++#define GSS_C_NO_CRED_STORE ((gss_const_key_value_set_t) 0)
++/* END */
++
+ struct gssntlm_name {
+ enum ntlm_name_type {
+ GSSNTLM_NAME_NULL,
diff --git a/gssntlmssp-openssl1.1.patch b/gssntlmssp-openssl1.1.patch
new file mode 100644
index 0000000..5928b48
--- /dev/null
+++ b/gssntlmssp-openssl1.1.patch
@@ -0,0 +1,146 @@
+From e498737a96e8832a2cb9141ab1fe51e129185a48 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Wed, 29 Jun 2016 11:15:11 -0400
+Subject: [PATCH] Add compatibility with OpenSSL 1.1.0
+
+In their continued wisdom OpenSSL developers keep breaking APIs left and right
+with very poor documentation and forward/backward source compatibility.
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+---
+ src/crypto.c | 60 +++++++++++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 48 insertions(+), 12 deletions(-)
+
+diff --git a/src/crypto.c b/src/crypto.c
+index 9fe69f9..33a0c3e 100644
+--- a/src/crypto.c
++++ b/src/crypto.c
+@@ -27,6 +27,32 @@
+
+ #include "crypto.h"
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++HMAC_CTX *HMAC_CTX_new(void)
++{
++ HMAC_CTX *ctx;
++
++ ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
++ if (!ctx) return NULL;
++
++ HMAC_CTX_init(ctx);
++
++ return ctx;
++}
++
++void HMAC_CTX_free(HMAC_CTX *ctx)
++{
++ if (ctx == NULL) return;
++
++ HMAC_CTX_cleanup(ctx);
++ OPENSSL_free(ctx);
++}
++
++#define EVP_MD_CTX_new EVP_MD_CTX_create
++#define EVP_MD_CTX_free EVP_MD_CTX_destroy
++
++#endif
++
+ int RAND_BUFFER(struct ntlm_buffer *random)
+ {
+ int ret;
+@@ -42,30 +68,34 @@ int HMAC_MD5_IOV(struct ntlm_buffer *key,
+ struct ntlm_iov *iov,
+ struct ntlm_buffer *result)
+ {
+- HMAC_CTX hmac_ctx;
++ HMAC_CTX *hmac_ctx;
+ unsigned int len;
+ size_t i;
+ int ret = 0;
+
+ if (result->length != 16) return EINVAL;
+
+- HMAC_CTX_init(&hmac_ctx);
++ hmac_ctx = HMAC_CTX_new();
++ if (!hmac_ctx) {
++ ret = ERR_CRYPTO;
++ goto done;
++ }
+
+- ret = HMAC_Init_ex(&hmac_ctx, key->data, key->length, EVP_md5(), NULL);
++ ret = HMAC_Init_ex(hmac_ctx, key->data, key->length, EVP_md5(), NULL);
+ if (ret == 0) {
+ ret = ERR_CRYPTO;
+ goto done;
+ }
+
+ for (i = 0; i < iov->num; i++) {
+- ret = HMAC_Update(&hmac_ctx, iov->data[i]->data, iov->data[i]->length);
++ ret = HMAC_Update(hmac_ctx, iov->data[i]->data, iov->data[i]->length);
+ if (ret == 0) {
+ ret = ERR_CRYPTO;
+ goto done;
+ }
+ }
+
+- ret = HMAC_Final(&hmac_ctx, result->data, &len);
++ ret = HMAC_Final(hmac_ctx, result->data, &len);
+ if (ret == 0) {
+ ret = ERR_CRYPTO;
+ goto done;
+@@ -74,7 +104,7 @@ int HMAC_MD5_IOV(struct ntlm_buffer *key,
+ ret = 0;
+
+ done:
+- HMAC_CTX_cleanup(&hmac_ctx);
++ HMAC_CTX_free(hmac_ctx);
+ return ret;
+ }
+
+@@ -93,26 +123,32 @@ static int mdx_hash(const EVP_MD *type,
+ struct ntlm_buffer *payload,
+ struct ntlm_buffer *result)
+ {
+- EVP_MD_CTX ctx;
++ EVP_MD_CTX *ctx;
+ unsigned int len;
+ int ret;
+
+ if (result->length != 16) return EINVAL;
+
+- EVP_MD_CTX_init(&ctx);
+- ret = EVP_DigestInit_ex(&ctx, type, NULL);
++ ctx = EVP_MD_CTX_new();
++ if (!ctx) {
++ ret = ERR_CRYPTO;
++ goto done;
++ }
++
++ EVP_MD_CTX_init(ctx);
++ ret = EVP_DigestInit_ex(ctx, type, NULL);
+ if (ret == 0) {
+ ret = ERR_CRYPTO;
+ goto done;
+ }
+
+- ret = EVP_DigestUpdate(&ctx, payload->data, payload->length);
++ ret = EVP_DigestUpdate(ctx, payload->data, payload->length);
+ if (ret == 0) {
+ ret = ERR_CRYPTO;
+ goto done;
+ }
+
+- ret = EVP_DigestFinal_ex(&ctx, result->data, &len);
++ ret = EVP_DigestFinal_ex(ctx, result->data, &len);
+ if (ret == 0) {
+ ret = ERR_CRYPTO;
+ goto done;
+@@ -121,7 +157,7 @@ static int mdx_hash(const EVP_MD *type,
+ ret = 0;
+
+ done:
+- EVP_MD_CTX_cleanup(&ctx);
++ if (ctx) EVP_MD_CTX_free(ctx);
+ return ret;
+ }
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/gssntlmssp.git/commitdiff/631a1caa22eef39b2c0aebf8f56900d1d3f69acc
More information about the pld-cvs-commit
mailing list