[pkgsrc/trunk]: pkgsrc/net/samba Fix Samba ability to use LDAP/SSL with a SHA...

[manu <manu%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/08a0fb255623
branches:  trunk
changeset: 652292:08a0fb255623
user:      manu <manu%pkgsrc.org@localhost>
date:      Fri May 29 09:01:09 2015 +0000

description:
Fix Samba ability to use LDAP/SSL with a SHA2 certificate

NetBSD's libc and Samba both proide SHA2 function with the same
protoype, but with different private context structures. The
Samba version must not override the libc version, otherwise they
are used when using LDAP/SSL, through libldap/libssl/libcrypto
but libcrtypo expect to use the libc flavor.

Without this fix, Samba cannot connect to a LDAP directory that
has a SHA2-signed certificate. This rather cryptic error is raised
in smbd logs:
error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib

diffstat:

 net/samba/Makefile                          |   3 ++-
 net/samba/distinfo                          |   3 ++-
 net/samba/patches/patch-lib_crypto_sha256.h |  28 ++++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 2 deletions(-)

diffs (64 lines):

diff -r 3c2ba12a7ca9 -r 08a0fb255623 net/samba/Makefile
--- a/net/samba/Makefile        Fri May 29 07:52:09 2015 +0000
+++ b/net/samba/Makefile        Fri May 29 09:01:09 2015 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.253 2015/02/24 09:54:47 taca Exp $
+# $NetBSD: Makefile,v 1.254 2015/05/29 09:01:09 manu Exp $
 
 DISTNAME=      samba-${VERSION}
 CATEGORIES=    net
@@ -10,6 +10,7 @@
 LICENSE=       gnu-gpl-v3
 
 VERSION=       3.6.25
+PKGREVISION=   1
 
 CONFLICTS+=    ja-samba-[0-9]* pam-smbpass-[0-9]* winbind-[0-9]*
 
diff -r 3c2ba12a7ca9 -r 08a0fb255623 net/samba/distinfo
--- a/net/samba/distinfo        Fri May 29 07:52:09 2015 +0000
+++ b/net/samba/distinfo        Fri May 29 09:01:09 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.102 2015/02/24 09:54:47 taca Exp $
+$NetBSD: distinfo,v 1.103 2015/05/29 09:01:09 manu Exp $
 
 SHA1 (samba-3.6.25.tar.gz) = 86fbfcfe80454cc7dbe510e7d58c02922cac3efa
 RMD160 (samba-3.6.25.tar.gz) = 4df673ddac2a3fc8590820c8651e10f0dac90281
@@ -31,4 +31,5 @@
 SHA1 (patch-be) = 2b298e596f2f57a595b83619ba68f6ad95febaaa
 SHA1 (patch-bf) = 19932332d11ce447293b061cd47506fef3d01853
 SHA1 (patch-eg) = af5ebab1c8e183020bb9a5914d0a218ad91d1a0b
+SHA1 (patch-lib_crypto_sha256.h) = f4bd82ba7e63d078543e388621bf30f6f31e0d18
 SHA1 (patch-smbd_notify__inotify.c) = b950f16f4284e1bc4096c10c24a490e5b2b66915
diff -r 3c2ba12a7ca9 -r 08a0fb255623 net/samba/patches/patch-lib_crypto_sha256.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/samba/patches/patch-lib_crypto_sha256.h       Fri May 29 09:01:09 2015 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-lib_crypto_sha256.h,v 1.1 2015/05/29 09:01:09 manu Exp $
+
+Workaroud a conflict between NetBSD libc's and Samva sha2 functions.
+
+--- ../lib/crypto/sha256.h.orig        2015-05-29 10:05:16.000000000 +0200
++++ ../lib/crypto/sha256.h     2015-05-29 10:13:36.000000000 +0200
+@@ -41,9 +41,20 @@
+    (tridge)
+  */
+ #define HEIM_SHA_H 1
+ 
+-#if 0
++/*
++ * NetBSD has sha1/sha2 functions built-in libc. The prototype
++ * are the same, but the private context are not. Samba-provided
++ * version must be renamed so that they are not used instead of 
++ * the libc-expected version when going through 
++ * libldap/libssl/libcrypto for ldaps:// connexions.
++ * 
++ * Without this, Samba cannot connect to a LDAP directory that
++ * has a SHA256 certificate. This rather cryptic error is raised:
++ * error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
++ */
++#if defined(__NetBSD__)
+ /* symbol renaming */
+ #define SHA1_Init hc_SHA1_Init
+ #define SHA1_Update hc_SHA1_Update
+ #define SHA1_Final hc_SHA1_Final