Remove dependncy on libmhash and use openssl md4 functions

Remove all dependencies on mhash Remove code optimizatrion from Makefiles, right now these are developers targeted builds, so it is better to have debugging symbols around
2025-02-25 18:55:28 -06:00 · 2007-08-20 15:38:47 -04:00 · 2007-08-20 15:38:47 -04:00 · aacfce9cf1
commit aacfce9cf1
parent 14d78e9170
6 changed files with 26 additions and 15 deletions
--- a/ipa-server/freeipa-server.spec
+++ b/ipa-server/freeipa-server.spec
@ -9,9 +9,9 @@ URL:            http://www.freeipa.org
 Source0:        %{name}-%{version}.tgz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

-BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel mhash-devel
+BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel

-Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears libmhash
+Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears

 %define httpd_conf /etc/httpd/conf.d
 %define plugin_dir /usr/lib/dirsrv/plugins
--- a/ipa-server/freeipa-server.spec.in
+++ b/ipa-server/freeipa-server.spec.in
@ -9,9 +9,9 @@ URL:            http://www.freeipa.org
 Source0:        %{name}-%{version}.tgz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

-BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel mhash-devel
+BuildRequires: fedora-ds-base-devel openldap-devel krb5-devel nss-devel mozldap-devel openssl-devel

-Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears libmhash
+Requires: python fedora-ds-base krb5-server krb5-server-ldap nss-tools openldap-clients httpd mod_python mod_auth_kerb python-ldap freeipa-python ntp cyrus-sasl-gssapi nss TurboGears

 %define httpd_conf /etc/httpd/conf.d
 %define plugin_dir /usr/lib/dirsrv/plugins
--- a/ipa-server/ipa-install/README
+++ b/ipa-server/ipa-install/README
@ -9,7 +9,7 @@ cyrus-sasl-gssapi
 httpd
 mod_auth_kerb
 ntp
-mhash / libgcrypt / mhash-devel
+openssl-devel

 Installation example:

--- a/ipa-server/ipa-kpasswd/Makefile
+++ b/ipa-server/ipa-kpasswd/Makefile
@ -3,7 +3,7 @@ SBIN = $(PREFIX)/sbin
 INITDIR = $(DESTDIR)/etc/rc.d/init.d

 LDFLAGS +=-lkrb5 -llber -lldap
-CFLAGS ?= -Wall -Wshadow -O2
+CFLAGS ?= -g -Wall -Wshadow

 OBJS = $(patsubst %.c,%.o,$(wildcard *.c))

--- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile
+++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile
@ -5,8 +5,8 @@ LIB64DIR ?= $(PREFIX)/lib64/$(DIRSRV)/plugins
 SHAREDIR = $(DESTDIR)/usr/share/ipa

 SONAME = libipa_pwd_extop.so
-LDFLAGS += -lkrb5 -llber -lldap -lmhash -llber -lssl
-CFLAGS ?= -Wall -Wshadow -O2
+LDFLAGS += -lkrb5 -llber -lldap -llber -lssl
+CFLAGS ?= -g -Wall -Wshadow
 CFLAGS += -I/usr/include/$(DIRSRV) -I/usr/include/nss3 -I/usr/include/mozldap -I/usr/include/nspr4 -fPIC -DPIC

 OBJS = $(patsubst %.c,%.o,$(wildcard *.c))
--- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@ -66,8 +66,8 @@
 #include <lber.h>
 #include <time.h>
 #include <iconv.h>
-#include <mhash.h>
 #include <openssl/des.h>
+#include <openssl/md4.h>

 /* Type of connection for this operation;*/
 #define LDAP_EXTOP_PASSMOD_CONN_SECURE
@ -576,7 +576,7 @@ static int encode_ntlm_keys(char *newPasswd, unsigned int flags, struct ntlm_key
 		size_t cs, il, ol, sl;
 		char *inc, *outc;
 		char *ucs2Passwd;
-		MHASH td;
+		MD4_CTX md4ctx;

 		/* TODO: must store the dos charset somewhere in the directory */
 		cd = iconv_open(KTF_UCS2, KTF_UTF8);
@ -615,20 +615,31 @@ static int encode_ntlm_keys(char *newPasswd, unsigned int flags, struct ntlm_key
 			sl = 28;
 		}
 		
-		td = mhash_init(MHASH_MD4);
-		if (td == MHASH_FAILED) {
+		ret = MD4_Init(&md4ctx);
+		if (ret == 0) {
+			ret = -1;
+			free(ucs2Passwd);
+			goto done;
+		}
+		ret = MD4_Update(&md4ctx, ucs2Passwd, sl);
+		if (ret == 0) {
+			ret = -1;
+			free(ucs2Passwd);
+			goto done;
+		}
+		ret = MD4_Final(keys->nt, &md4ctx);
+		if (ret == 0) {
 			ret = -1;
 			free(ucs2Passwd);
 			goto done;
 		}

-		mhash(td, ucs2Passwd, sl);
-		mhash_deinit(td, keys->nt);
-
 	} else {
 		memset(keys->nt, 0, 16);
 	}

+	ret = 0;
+
 done:
 	return ret;
 }