The Samba-Bugzilla – Attachment 7728 Details for
Bug 9037
Name clash in MD5 cause the "net ads join" fails on T4 (sun4v) systems on Solaris 10.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
rfc1321 (Solaris libmd5.so) patch against the git master
samba-master-MD5-clash.patch (text/plain), 16.04 KB, created by
Jura Sasek
on 2012-07-30 11:06:43 UTC
(
hide
)
Description:
rfc1321 (Solaris libmd5.so) patch against the git master
Filename:
MIME Type:
Creator:
Jura Sasek
Created:
2012-07-30 11:06:43 UTC
Size:
16.04 KB
patch
obsolete
>diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c >index 2d6d6f6..8f143bf 100644 >--- a/auth/credentials/credentials_ntlm.c >+++ b/auth/credentials/credentials_ntlm.c >@@ -110,7 +110,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred > /* LM Key is incompatible... */ > *flags &= ~CLI_CRED_LANMAN_AUTH; > } else if (*flags & CLI_CRED_NTLM2) { >- struct MD5Context md5_session_nonce_ctx; >+ MD5_CTX md5_session_nonce_ctx; > uint8_t session_nonce[16]; > uint8_t session_nonce_hash[16]; > uint8_t user_session_key[16]; >diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c >index d9bea1c..4060428 100644 >--- a/auth/ntlmssp/ntlmssp_server.c >+++ b/auth/ntlmssp/ntlmssp_server.c >@@ -369,7 +369,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security, > */ > if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { > if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) { >- struct MD5Context md5_session_nonce_ctx; >+ MD5_CTX md5_session_nonce_ctx; > state->doing_ntlm2 = true; > > memcpy(state->session_nonce, ntlmssp_state->internal_chal.data, 8); >diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c >index 4d07a81..c0be914 100644 >--- a/auth/ntlmssp/ntlmssp_sign.c >+++ b/auth/ntlmssp/ntlmssp_sign.c >@@ -51,7 +51,7 @@ static void calc_ntlmv2_key(uint8_t subkey[16], > DATA_BLOB session_key, > const char *constant) > { >- struct MD5Context ctx3; >+ MD5_CTX ctx3; > MD5Init(&ctx3); > MD5Update(&ctx3, session_key.data, session_key.length); > MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1); >diff --git a/lib/crypto/hmacmd5.c b/lib/crypto/hmacmd5.c >index cfbd428..2419bdb 100644 >--- a/lib/crypto/hmacmd5.c >+++ b/lib/crypto/hmacmd5.c >@@ -36,7 +36,7 @@ _PUBLIC_ void hmac_md5_init_rfc2104(const uint8_t *key, int key_len, HMACMD5Cont > /* if key is longer than 64 bytes reset it to key=MD5(key) */ > if (key_len > 64) > { >- struct MD5Context tctx; >+ MD5_CTX tctx; > > MD5Init(&tctx); > MD5Update(&tctx, key, key_len); >@@ -91,7 +91,7 @@ _PUBLIC_ void hmac_md5_update(const uint8_t *text, int text_len, HMACMD5Context > ***********************************************************************/ > _PUBLIC_ void hmac_md5_final(uint8_t *digest, HMACMD5Context *ctx) > { >- struct MD5Context ctx_o; >+ MD5_CTX ctx_o; > > MD5Final(digest, &ctx->ctx); > >diff --git a/lib/crypto/hmacmd5.h b/lib/crypto/hmacmd5.h >index 91b8ca5..1fc2750 100644 >--- a/lib/crypto/hmacmd5.h >+++ b/lib/crypto/hmacmd5.h >@@ -25,7 +25,7 @@ > > typedef struct > { >- struct MD5Context ctx; >+ MD5_CTX ctx; > uint8_t k_ipad[65]; > uint8_t k_opad[65]; > >diff --git a/lib/crypto/md5.h b/lib/crypto/md5.h >index 388cdf8..4467a34 100644 >--- a/lib/crypto/md5.h >+++ b/lib/crypto/md5.h >@@ -6,6 +6,14 @@ > #define HEADER_MD5_H > #endif > >+#ifdef HAVE_MD5_H >+/* >+ * Try to avoid clashes with Solaris MD5 implementation. >+ * ...where almost all implementations follows: >+ * Schneier's: "Cryptography Classics Library" >+ */ >+#include <md5.h> >+#else /* !HAVE_MD5_H */ > #ifdef HAVE_BSD_MD5_H > /* Try to avoid clashes with BSD MD5 implementation */ > #include <bsd/md5.h> >@@ -18,8 +26,9 @@ > #define MD5Update(c,d,l) CC_MD5_Update(c,d,l) > #define MD5Final(m, c) CC_MD5_Final((unsigned char *)m,c) > #define MD5Context CC_MD5state_st >+typedef struct MD5Context MD5_CTX; > >-#else >+#else /* have nothing other, use Samba internal MD5 */ > typedef struct MD5Context { > uint32_t buf[4]; > uint32_t bits[2]; >@@ -32,8 +41,10 @@ void MD5Init(MD5_CTX *context); > void MD5Update(MD5_CTX *context, const uint8_t *buf, > size_t len); > void MD5Final(uint8_t digest[MD5_DIGEST_LENGTH], MD5_CTX *context); >-#endif /* HAVE_COMMONCRYPTO_COMMONDIGEST_H */ >+#endif /* have nothing other, use Samba internal MD5 */ > > #endif /* HAVE_BSD_MD5_H */ > >+#endif /* HAVE_MD5_H */ >+ > #endif /* !MD5_H */ >diff --git a/lib/crypto/md5test.c b/lib/crypto/md5test.c >index 38626c3..f58e131 100644 >--- a/lib/crypto/md5test.c >+++ b/lib/crypto/md5test.c >@@ -65,7 +65,7 @@ bool torture_local_crypto_md5(struct torture_context *torture) > }; > > for (i=0; i < ARRAY_SIZE(testarray); i++) { >- struct MD5Context ctx; >+ MD5_CTX ctx; > uint8_t md5[16]; > int e; > >diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c >index dfbfdb3..28b46db 100644 >--- a/libcli/auth/credentials.c >+++ b/libcli/auth/credentials.c >@@ -79,7 +79,7 @@ static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *cr > { > unsigned char zero[4], tmp[16]; > HMACMD5Context ctx; >- struct MD5Context md5; >+ MD5_CTX md5; > > ZERO_STRUCT(creds->session_key); > >diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c >index 37d5672..b1ca1ba 100644 >--- a/libcli/auth/smbencrypt.c >+++ b/libcli/auth/smbencrypt.c >@@ -99,7 +99,7 @@ bool E_md4hash(const char *passwd, uint8_t p16[16]) > > void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_out[16]) > { >- struct MD5Context tctx; >+ MD5_CTX tctx; > MD5Init(&tctx); > MD5Update(&tctx, salt, 16); > MD5Update(&tctx, nthash, 16); >@@ -646,7 +646,7 @@ bool decode_pw_buffer(TALLOC_CTX *ctx, > > void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key) > { >- struct MD5Context tctx; >+ MD5_CTX tctx; > unsigned char key_out[16]; > > /* Confounder is last 16 bytes. */ >@@ -726,7 +726,7 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, > struct wkssvc_PasswordBuffer **pwd_buf) > { > uint8_t buffer[516]; >- struct MD5Context ctx; >+ MD5_CTX ctx; > struct wkssvc_PasswordBuffer *my_pwd_buf = NULL; > DATA_BLOB confounded_session_key; > int confounder_len = 8; >@@ -764,7 +764,7 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, > char **pwd) > { > uint8_t buffer[516]; >- struct MD5Context ctx; >+ MD5_CTX ctx; > size_t pwd_len; > > DATA_BLOB confounded_session_key; >diff --git a/libcli/drsuapi/repl_decrypt.c b/libcli/drsuapi/repl_decrypt.c >index 6fff2fe..00b8db8 100644 >--- a/libcli/drsuapi/repl_decrypt.c >+++ b/libcli/drsuapi/repl_decrypt.c >@@ -39,7 +39,7 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx, > DATA_BLOB confounder; > DATA_BLOB enc_buffer; > >- struct MD5Context md5; >+ MD5_CTX md5; > uint8_t _enc_key[16]; > DATA_BLOB enc_key; > >@@ -198,7 +198,7 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx, > DATA_BLOB rid_crypt_out = data_blob(NULL, 0); > DATA_BLOB confounder; > >- struct MD5Context md5; >+ MD5_CTX md5; > uint8_t _enc_key[16]; > DATA_BLOB enc_key; > >diff --git a/libcli/smb/smb_signing.c b/libcli/smb/smb_signing.c >index a72760b..134b759 100644 >--- a/libcli/smb/smb_signing.c >+++ b/libcli/smb/smb_signing.c >@@ -145,7 +145,7 @@ static void smb_signing_md5(const DATA_BLOB *mac_key, > { > const size_t offset_end_of_sig = (NBT_HDR_SIZE + HDR_SS_FIELD + 8); > uint8_t sequence_buf[8]; >- struct MD5Context md5_ctx; >+ MD5_CTX md5_ctx; > > /* > * Firstly put the sequence number into the first 4 bytes. >diff --git a/source3/configure.in b/source3/configure.in >index bd21db9..afd1f32 100644 >--- a/source3/configure.in >+++ b/source3/configure.in >@@ -611,20 +611,38 @@ AC_CHECK_HEADERS(langinfo.h locale.h) > AC_CHECK_HEADERS(xfs/libxfs.h) > AC_CHECK_HEADERS(netgroup.h) > AC_CHECK_HEADERS(linux/falloc.h) >+AC_CHECK_HEADERS(md5.h) > AC_CHECK_HEADERS(CommonCrypto/CommonDigest.h) > >-AC_CHECK_HEADERS(rpcsvc/yp_prot.h,,,[[ >-#if HAVE_RPC_RPC_H >-#include <rpc/rpc.h> >-#endif >-]]) >-CRYPTO_MD5_OBJ= > if test "x$ac_cv_header_CommonCrypto_CommonDigest_h" != "xyes" >+ dnl CommonCrypto/CommonDigest.h on MacOS >+ CRYPTO_MD5_OBJ= > then >+ dnl check for OS implementation of md5 conformant to rfc1321 >+ if test x"$ac_cv_header_md5_h" = x"yes"; then >+ AC_DEFINE(HAVE_MD5_H, 1, >+ [Whether md5.h is available.]) >+ AC_CHECK_LIB(md5, MD5Update, >+ [ >+ LIBS="${LIBS} -lmd5" >+ CRYPTO_MD5_OBJ= >+ AC_DEFINE(HAVE_LIBMD5, 1, >+ [Whether libmd5 conformant to rfc1321 is available.])], >+ [ >+ CRYPTO_MD5_OBJ="../lib/crypto/md5.o"]) >+ else >+ dnl There is no rfc1321 md5.h nor CommonDigest.h library so we make the Samba one > CRYPTO_MD5_OBJ="../lib/crypto/md5.o" >+ fi > fi > AC_SUBST(CRYPTO_MD5_OBJ) > >+AC_CHECK_HEADERS(rpcsvc/yp_prot.h,,,[[ >+#if HAVE_RPC_RPC_H >+#include <rpc/rpc.h> >+#endif >+]]) >+ > ## These fail to compile on IRIX so just check for their presence > AC_CHECK_HEADERS(sys/mode.h,,,) > >diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c >index fb41c3c..9abd38f 100644 >--- a/source3/libsmb/ntlmssp.c >+++ b/source3/libsmb/ntlmssp.c >@@ -537,7 +537,7 @@ noccache: > return NT_STATUS_NO_MEMORY; > } > } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { >- struct MD5Context md5_session_nonce_ctx; >+ MD5_CTX md5_session_nonce_ctx; > uint8_t session_nonce[16]; > uint8_t session_nonce_hash[16]; > uint8_t user_session_key[16]; >diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c >index 291531e..e5ddc17 100644 >--- a/source3/modules/vfs_streams_xattr.c >+++ b/source3/modules/vfs_streams_xattr.c >@@ -39,7 +39,7 @@ struct stream_io { > > static SMB_INO_T stream_inode(const SMB_STRUCT_STAT *sbuf, const char *sname) > { >- struct MD5Context ctx; >+ MD5_CTX ctx; > unsigned char hash[16]; > SMB_INO_T result; > char *upper_sname; >diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c >index e3bb301..7f1a229 100644 >--- a/source3/rpc_client/init_samr.c >+++ b/source3/rpc_client/init_samr.c >@@ -34,7 +34,7 @@ void init_samr_CryptPasswordEx(const char *pwd, > /* samr_CryptPasswordEx */ > > uchar pwbuf[532]; >- struct MD5Context md5_ctx; >+ MD5_CTX md5_ctx; > uint8_t confounder[16]; > DATA_BLOB confounded_session_key = data_blob(NULL, 16); > >diff --git a/source3/web/swat.c b/source3/web/swat.c >index 90e4af9..d60eca8 100644 >--- a/source3/web/swat.c >+++ b/source3/web/swat.c >@@ -153,7 +153,7 @@ static char *make_parm_name(const char *label) > void get_xsrf_token(const char *username, const char *pass, > const char *formname, time_t xsrf_time, char token_str[33]) > { >- struct MD5Context md5_ctx; >+ MD5_CTX md5_ctx; > uint8_t token[16]; > int i; > >diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c >index 620de75..3254e1e 100644 >--- a/source4/dsdb/samdb/ldb_modules/password_hash.c >+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c >@@ -1368,7 +1368,7 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io, > } > > for (i=0; i < ARRAY_SIZE(wdigest); i++) { >- struct MD5Context md5; >+ MD5_CTX md5; > MD5Init(&md5); > if (wdigest[i].nt4dom) { > MD5Update(&md5, wdigest[i].nt4dom->data, wdigest[i].nt4dom->length); >diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c >index 5d2f928..405efab 100644 >--- a/source4/libcli/raw/smb_signing.c >+++ b/source4/libcli/raw/smb_signing.c >@@ -81,7 +81,7 @@ bool signing_good(struct smb_signing_context *sign_info, > void sign_outgoing_message(struct smb_request_buffer *out, DATA_BLOB *mac_key, unsigned int seq_num) > { > uint8_t calc_md5_mac[16]; >- struct MD5Context md5_ctx; >+ MD5_CTX md5_ctx; > > /* > * Firstly put the sequence number into the first 4 bytes. >@@ -116,7 +116,7 @@ bool check_signed_incoming_message(struct smb_request_buffer *in, DATA_BLOB *mac > uint8_t calc_md5_mac[16]; > uint8_t *server_sent_mac; > uint8_t sequence_buf[8]; >- struct MD5Context md5_ctx; >+ MD5_CTX md5_ctx; > const size_t offset_end_of_sig = (HDR_SS_FIELD + 8); > int i; > const int sign_range = 0; >diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c >index e1094f2..861d746 100644 >--- a/source4/libnet/libnet_passwd.c >+++ b/source4/libnet/libnet_passwd.c >@@ -274,7 +274,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA > DATA_BLOB session_key; > DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); > uint8_t confounder[16]; >- struct MD5Context md5; >+ MD5_CTX md5; > > if (r->samr_handle.in.info21) { > return NT_STATUS_INVALID_PARAMETER_MIX; >@@ -330,7 +330,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TA > DATA_BLOB session_key; > DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); > uint8_t confounder[16]; >- struct MD5Context md5; >+ MD5_CTX md5; > > if (!r->samr_handle.in.info21) { > return NT_STATUS_INVALID_PARAMETER_MIX; >diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c >index c6d6056..0b994f3 100644 >--- a/source4/ntp_signd/ntp_signd.c >+++ b/source4/ntp_signd/ntp_signd.c >@@ -109,7 +109,7 @@ static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn, > enum ndr_err_code ndr_err; > struct ldb_result *res; > const char *attrs[] = { "unicodePwd", "userAccountControl", "cn", NULL }; >- struct MD5Context ctx; >+ MD5_CTX ctx; > struct samr_Password *nt_hash; > uint32_t user_account_control; > int ret; >diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c >index 8963b04..379c75d 100644 >--- a/source4/rpc_server/samr/samr_password.c >+++ b/source4/rpc_server/samr/samr_password.c >@@ -548,7 +548,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, > DATA_BLOB new_password; > DATA_BLOB co_session_key; > DATA_BLOB session_key = data_blob(NULL, 0); >- struct MD5Context ctx; >+ MD5_CTX ctx; > > nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key); > if (!NT_STATUS_IS_OK(nt_status)) { >diff --git a/source4/torture/ntp/ntp_signd.c b/source4/torture/ntp/ntp_signd.c >index ce49d4f..89eb1a0 100644 >--- a/source4/torture/ntp/ntp_signd.c >+++ b/source4/torture/ntp/ntp_signd.c >@@ -78,7 +78,7 @@ static bool test_ntp_signd(struct torture_context *tctx, > char *unix_address; > int sys_errno; > >- struct MD5Context ctx; >+ MD5_CTX ctx; > uint8_t sig[16]; > enum ndr_err_code ndr_err; > bool ok; >diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c >index 2a905ea..8fd9c4e 100644 >--- a/source4/torture/rpc/samba3rpc.c >+++ b/source4/torture/rpc/samba3rpc.c >@@ -777,7 +777,7 @@ static bool join3(struct torture_context *tctx, > DATA_BLOB session_key; > DATA_BLOB confounded_session_key = data_blob_talloc( > mem_ctx, NULL, 16); >- struct MD5Context ctx; >+ MD5_CTX ctx; > uint8_t confounder[16]; > > ZERO_STRUCT(u_info); >diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c >index 640bd6a..207224a 100644 >--- a/source4/torture/rpc/samlogon.c >+++ b/source4/torture/rpc/samlogon.c >@@ -1077,7 +1077,7 @@ static bool test_ntlm2(struct samlogon_state *samlogon_state, char **error_strin > uint8_t session_nonce_hash[16]; > uint8_t client_chall[8]; > >- struct MD5Context md5_session_nonce_ctx; >+ MD5_CTX md5_session_nonce_ctx; > HMACMD5Context hmac_ctx; > > ZERO_STRUCT(user_session_key); >diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c >index a460211..fd372cf 100644 >--- a/source4/torture/rpc/samr.c >+++ b/source4/torture/rpc/samr.c >@@ -772,7 +772,7 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc > uint8_t confounder[16]; > char *newpass; > struct dcerpc_binding_handle *b = p->binding_handle; >- struct MD5Context ctx; >+ MD5_CTX ctx; > struct samr_GetUserPwInfo pwp; > struct samr_PwInfo info; > int policy_min_pw_len = 0; >@@ -857,7 +857,7 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t > bool ret = true; > DATA_BLOB session_key; > DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); >- struct MD5Context ctx; >+ MD5_CTX ctx; > uint8_t confounder[16]; > char *newpass; > struct dcerpc_binding_handle *b = p->binding_handle; >@@ -1141,7 +1141,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, > bool ret = true; > DATA_BLOB session_key; > DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); >- struct MD5Context ctx; >+ MD5_CTX ctx; > uint8_t confounder[16]; > char *newpass; > struct dcerpc_binding_handle *b = p->binding_handle; >@@ -2459,7 +2459,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex > DATA_BLOB session_key; > DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); > uint8_t confounder[16]; >- struct MD5Context ctx; >+ MD5_CTX ctx; > > bool ret = true; > struct lsa_String server, account;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9037
:
7699
| 7728 |
7785
|
7819