[Freeipa-devel] [PATCH] remove mhash dependency

Pete Rowley prowley at redhat.com
Tue Aug 21 17:36:56 UTC 2007 

Simo Sorce wrote:
> This patch removes our dependency on mhash and uses openssl/md4 instead.
> It also remove -O2 and replaces it with -g on stuff I am working on, we
> can trun on optimization later, now I want to be able to debug by
> default.
>   
>   
looks good
> ------------------------------------------------------------------------
>
> # HG changeset patch
> # User Simo Sorce <ssorce at redhat.com>
> # Date 1187638727 14400
> # Node ID 4e23282948603ca61eb9743ba06fb479eca19428
> # Parent  7bfd4001b6b9bd9c7e4c7ff35d678d79297506e2
> Remove dependncy on libmhash and use openssl md4 functions
> Remove all dependencies on mhash
> Remove code optimizatrion from Makefiles, right now these are
> developers targeted builds, so it is better to have debugging
> symbols around
>
> diff -r 7bfd4001b6b9 -r 4e2328294860 ipa-server/freeipa-server.spec
> --- a/ipa-server/freeipa-server.spec	Fri Aug 17 16:36:59 2007 -0400
> +++ b/ipa-server/freeipa-server.spec	Mon Aug 20 15:38:47 2007 -0400
> @@ -9,9 +9,9 @@ Source0:        %{name}-%{version}.tgz
>  Source0:        %{name}-%{version}.tgz
>  BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
>  
> -BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel mhash-devel
> +BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel
>  
> -Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears libmhash
> +Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears
>  
>  %define httpd_conf /etc/httpd/conf.d
>  %define plugin_dir /usr/lib/dirsrv/plugins
> diff -r 7bfd4001b6b9 -r 4e2328294860 ipa-server/freeipa-server.spec.in
> --- a/ipa-server/freeipa-server.spec.in	Fri Aug 17 16:36:59 2007 -0400
> +++ b/ipa-server/freeipa-server.spec.in	Mon Aug 20 15:38:47 2007 -0400
> @@ -9,9 +9,9 @@ Source0:        %{name}-%{version}.tgz
>  Source0:        %{name}-%{version}.tgz
>  BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
>  
> -BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel mhash-devel
> +BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel
>  
> -Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears libmhash
> +Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears
>  
>  %define httpd_conf /etc/httpd/conf.d
>  %define plugin_dir /usr/lib/dirsrv/plugins
> diff -r 7bfd4001b6b9 -r 4e2328294860 ipa-server/ipa-install/README
> --- a/ipa-server/ipa-install/README	Fri Aug 17 16:36:59 2007 -0400
> +++ b/ipa-server/ipa-install/README	Mon Aug 20 15:38:47 2007 -0400
> @@ -9,7 +9,7 @@ httpd
>  httpd
>  mod_auth_kerb
>  ntp
> -mhash / libgcrypt / mhash-devel
> +openssl-devel
>  
>  Installation example:
>  
> diff -r 7bfd4001b6b9 -r 4e2328294860 ipa-server/ipa-kpasswd/Makefile
> --- a/ipa-server/ipa-kpasswd/Makefile	Fri Aug 17 16:36:59 2007 -0400
> +++ b/ipa-server/ipa-kpasswd/Makefile	Mon Aug 20 15:38:47 2007 -0400
> @@ -3,7 +3,7 @@ INITDIR = $(DESTDIR)/etc/rc.d/init.d
>  INITDIR = $(DESTDIR)/etc/rc.d/init.d
>  
>  LDFLAGS +=-lkrb5 -llber -lldap
> -CFLAGS ?= -Wall -Wshadow -O2
> +CFLAGS ?= -g -Wall -Wshadow
>  
>  OBJS = $(patsubst %.c,%.o,$(wildcard *.c))
>  
> diff -r 7bfd4001b6b9 -r 4e2328294860 ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile
> --- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile	Fri Aug 17 16:36:59 2007 -0400
> +++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile	Mon Aug 20 15:38:47 2007 -0400
> @@ -5,8 +5,8 @@ SHAREDIR = $(DESTDIR)/usr/share/ipa
>  SHAREDIR = $(DESTDIR)/usr/share/ipa
>  
>  SONAME = libipa_pwd_extop.so
> -LDFLAGS += -lkrb5 -llber -lldap -lmhash -llber -lssl
> -CFLAGS ?= -Wall -Wshadow -O2
> +LDFLAGS += -lkrb5 -llber -lldap -llber -lssl
> +CFLAGS ?= -g -Wall -Wshadow
>  CFLAGS += -I/usr/include/$(DIRSRV) -I/usr/include/nss3 -I/usr/include/mozldap -I/usr/include/nspr4 -fPIC -DPIC
>  
>  OBJS = $(patsubst %.c,%.o,$(wildcard *.c))
> diff -r 7bfd4001b6b9 -r 4e2328294860 ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
> --- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c	Fri Aug 17 16:36:59 2007 -0400
> +++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c	Mon Aug 20 15:38:47 2007 -0400
> @@ -66,8 +66,8 @@
>  #include <lber.h>
>  #include <time.h>
>  #include <iconv.h>
> -#include <mhash.h>
>  #include <openssl/des.h>
> +#include <openssl/md4.h>
>  
>  /* Type of connection for this operation;*/
>  #define LDAP_EXTOP_PASSMOD_CONN_SECURE
> @@ -576,7 +576,7 @@ static int encode_ntlm_keys(char *newPas
>  		size_t cs, il, ol, sl;
>  		char *inc, *outc;
>  		char *ucs2Passwd;
> -		MHASH td;
> +		MD4_CTX md4ctx;
>  
>  		/* TODO: must store the dos charset somewhere in the directory */
>  		cd = iconv_open(KTF_UCS2, KTF_UTF8);
> @@ -615,19 +615,30 @@ static int encode_ntlm_keys(char *newPas
>  			sl = 28;
>  		}
>  		
> -		td = mhash_init(MHASH_MD4);
> -		if (td == MHASH_FAILED) {
> +		ret = MD4_Init(&md4ctx);
> +		if (ret == 0) {
>  			ret = -1;
>  			free(ucs2Passwd);
>  			goto done;
>  		}
> -
> -		mhash(td, ucs2Passwd, sl);
> -		mhash_deinit(td, keys->nt);
> +		ret = MD4_Update(&md4ctx, ucs2Passwd, sl);
> +		if (ret == 0) {
> +			ret = -1;
> +			free(ucs2Passwd);
> +			goto done;
> +		}
> +		ret = MD4_Final(keys->nt, &md4ctx);
> +		if (ret == 0) {
> +			ret = -1;
> +			free(ucs2Passwd);
> +			goto done;
> +		}
>  
>  	} else {
>  		memset(keys->nt, 0, 16);
>  	}
> +
> +	ret = 0;
>  
>  done:
>  	return ret;
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


-- 
Pete

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070821/d31c6076/attachment.bin>

More information about the Freeipa-devel mailing list