From 484ca0972d395e6bbe5841534f725cf1511a3967 Mon Sep 17 00:00:00 2001 From: manu Date: Fri, 29 May 2015 09:01:09 +0000 Subject: Fix Samba ability to use LDAP/SSL with a SHA2 certificate NetBSD's libc and Samba both proide SHA2 function with the same protoype, but with different private context structures. The Samba version must not override the libc version, otherwise they are used when using LDAP/SSL, through libldap/libssl/libcrypto but libcrtypo expect to use the libc flavor. Without this fix, Samba cannot connect to a LDAP directory that has a SHA2-signed certificate. This rather cryptic error is raised in smbd logs: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib --- net/samba/Makefile | 3 ++- net/samba/distinfo | 3 ++- net/samba/patches/patch-lib_crypto_sha256.h | 28 ++++++++++++++++++++++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 net/samba/patches/patch-lib_crypto_sha256.h diff --git a/net/samba/Makefile b/net/samba/Makefile index 51115caf43a..5c7a7321bdf 100644 --- a/net/samba/Makefile +++ b/net/samba/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.253 2015/02/24 09:54:47 taca Exp $ +# $NetBSD: Makefile,v 1.254 2015/05/29 09:01:09 manu Exp $ DISTNAME= samba-${VERSION} CATEGORIES= net @@ -10,6 +10,7 @@ COMMENT= SMB/CIFS protocol server suite LICENSE= gnu-gpl-v3 VERSION= 3.6.25 +PKGREVISION= 1 CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* winbind-[0-9]* diff --git a/net/samba/distinfo b/net/samba/distinfo index 790d156d89a..94c722bfd76 100644 --- a/net/samba/distinfo +++ b/net/samba/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.102 2015/02/24 09:54:47 taca Exp $ +$NetBSD: distinfo,v 1.103 2015/05/29 09:01:09 manu Exp $ SHA1 (samba-3.6.25.tar.gz) = 86fbfcfe80454cc7dbe510e7d58c02922cac3efa RMD160 (samba-3.6.25.tar.gz) = 4df673ddac2a3fc8590820c8651e10f0dac90281 @@ -31,4 +31,5 @@ SHA1 (patch-bd) = b78324305bbf67fa4a7dd627e0af1618d2bf7b47 SHA1 (patch-be) = 2b298e596f2f57a595b83619ba68f6ad95febaaa SHA1 (patch-bf) = 19932332d11ce447293b061cd47506fef3d01853 SHA1 (patch-eg) = af5ebab1c8e183020bb9a5914d0a218ad91d1a0b +SHA1 (patch-lib_crypto_sha256.h) = f4bd82ba7e63d078543e388621bf30f6f31e0d18 SHA1 (patch-smbd_notify__inotify.c) = b950f16f4284e1bc4096c10c24a490e5b2b66915 diff --git a/net/samba/patches/patch-lib_crypto_sha256.h b/net/samba/patches/patch-lib_crypto_sha256.h new file mode 100644 index 00000000000..afa3ea9476c --- /dev/null +++ b/net/samba/patches/patch-lib_crypto_sha256.h @@ -0,0 +1,28 @@ +$NetBSD: patch-lib_crypto_sha256.h,v 1.1 2015/05/29 09:01:09 manu Exp $ + +Workaroud a conflict between NetBSD libc's and Samva sha2 functions. + +--- ../lib/crypto/sha256.h.orig 2015-05-29 10:05:16.000000000 +0200 ++++ ../lib/crypto/sha256.h 2015-05-29 10:13:36.000000000 +0200 +@@ -41,9 +41,20 @@ + (tridge) + */ + #define HEIM_SHA_H 1 + +-#if 0 ++/* ++ * NetBSD has sha1/sha2 functions built-in libc. The prototype ++ * are the same, but the private context are not. Samba-provided ++ * version must be renamed so that they are not used instead of ++ * the libc-expected version when going through ++ * libldap/libssl/libcrypto for ldaps:// connexions. ++ * ++ * Without this, Samba cannot connect to a LDAP directory that ++ * has a SHA256 certificate. This rather cryptic error is raised: ++ * error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib ++ */ ++#if defined(__NetBSD__) + /* symbol renaming */ + #define SHA1_Init hc_SHA1_Init + #define SHA1_Update hc_SHA1_Update + #define SHA1_Final hc_SHA1_Final -- cgit v1.2.3