[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: [pamldap] Re: [patch] pam-ccreds: use gcrypt instead of openssl
From: Guido Guenther <agx () sigxcpu ! org>
Date: 2005-04-13 21:02:36
Message-ID: 20050413210236.GA10258 () bogon ! ms20 ! nix
[Download RAW message or body]
On Wed, Apr 13, 2005 at 10:59:01PM +0200, Guido Guenther wrote:
Hi,
This patch uses gcrypt instead of openssl (which might be usefull due to
the GPL vs. OpenSSL license issues). I'm no gcrypt expert so feedback is
very welcome.
diff -u --exclude=debian -Naur libpam-ccreds-1.openssl/configure.in \
libpam-ccreds-1/configure.in
--- libpam-ccreds-1.openssl/configure.in 2004-02-09 09:04:43.000000000 +0100
+++ libpam-ccreds-1/configure.in 2005-04-07 22:44:15.000000000 +0200
@@ -9,7 +9,6 @@
AC_PROG_CPP
AC_PROG_INSTALL
-AC_ARG_WITH(openssl-dir, [ --with-openssl-dir=DIR base directory of OpenSSL \
library]) AC_ARG_WITH(ccreds-file, [ --with-ccreds-file path to cached \
credentials file], [AC_DEFINE_UNQUOTED(CCREDS_FILE, "$with_ccreds_file")])
if test "$ac_cv_prog_gcc" = "yes"; then CFLAGS="$CFLAGS -Wall -fPIC"; fi
@@ -41,23 +40,8 @@
AM_CONDITIONAL(EXTENSION_SO, test "$target_os" = "linux" -o "$target_os" = \
"linux-gnu") AM_CONDITIONAL(EXTENSION_1, test "$TARGET_OS" = "HPUX")
-if test -n "$with_openssl_dir"; then
- CPPFLAGS="$CPPFLAGS -I$with_openssl_dir/include"
- LDFLAGS="$LDFLAGS -L$with_openssl_dir/lib"
- case "$target_os" in
- aix*) LDFLAGS="$LDFLAGS -Wl,-brtl -Wl,-blibpath:$with_openssl_dir/lib"
- pam_ccreds_so_LDFLAGS="$pam_ccreds_so_LDFLAGS -L$with_openssl_dir/lib -brtl \
-blibpath:$with_openssl_dir/lib" ;;
- hpux*) LDFLAGS="$LDFLAGS -Wl,+b$with_openssl_dir/lib"
- pam_ccreds_so_LDFLAGS="$pam_ccreds_so_LDFLAGS -L$with_openssl_dir/lib \
+b$with_openssl_dir/lib" ;;
- solaris*) LDFLAGS="$LDFLAGS -R$with_openssl_dir/lib"
- pam_ccreds_so_LDFLAGS="$pam_ccreds_so_LDFLAGS -L$with_openssl_dir/lib \
-R$with_openssl_dir/lib" ;;
- *) LDFLAGS="$LDFLAGS -Wl,-rpath,$with_openssl_dir/lib" ;;
- esac
-fi
-
AC_CHECK_HEADERS(security/pam_appl.h security/pam_misc.h security/pam_modules.h)
AC_CHECK_HEADERS(pam/pam_appl.h pam/pam_misc.h pam/pam_modules.h)
-AC_CHECK_HEADERS(openssl/opensslconf.h, , AC_MSG_ERROR(could not locate \
<openssl/opensslconf.h>))
AC_CHECK_HEADERS(db.h)
dnl AC_CHECK_HEADERS(db1/db.h)
@@ -70,9 +54,9 @@
AC_CHECK_LIB(db1, main,[LIBS="-ldb1 $LIBS" found_db_lib=yes],,$LIBS)
fi
-AC_CHECK_LIB(crypto, SHA1_Init,[LIBS="-lcrypto $LIBS"],,$LIBS)
AC_CHECK_LIB(pam, pam_start)
AC_CHECK_LIB(pam_misc, misc_conv)
+AM_PATH_LIBGCRYPT(1.2.0,:, AC_MSG_ERROR(could not locate gcrypt library))
AC_OUTPUT(Makefile)
diff -u --exclude=debian -Naur libpam-ccreds-1.openssl/Makefile.am \
libpam-ccreds-1/Makefile.am
--- libpam-ccreds-1.openssl/Makefile.am 2004-02-09 09:04:43.000000000 +0100
+++ libpam-ccreds-1/Makefile.am 2005-04-07 22:37:55.000000000 +0200
@@ -2,7 +2,9 @@
EXTRA_DIST = COPYING.LIB CVSVersionInfo.txt ChangeLog README \
ldap.conf pam.conf pam_ccreds.spec
+AM_CPPFLAGS = $(LIBGCRYPT_CFLAGS)
AM_CFLAGS = -fno-strict-aliasing
+LDADD = $(LIBGCRYPT_LIBS)
pam_ccreds_so_SOURCES = cc_db.c cc_lib.c cc_pam.c cc.h
pam_ccreds_so_LDFLAGS = @pam_ccreds_so_LDFLAGS@
--- libpam-ccreds-1.openssl/cc_lib.c 2004-02-09 09:04:43.000000000 +0100
+++ libpam-ccreds-1/cc_lib.c 2005-04-07 22:58:59.000000000 +0200
@@ -16,7 +16,7 @@
#include <errno.h>
#include <limits.h>
-#include <openssl/sha.h>
+#include <gcrypt.h>
#include "cc_private.h"
@@ -27,7 +27,7 @@
char **derived_key_p,
size_t *derived_key_length_p)
{
- SHA_CTX sha_ctx;
+ gcry_md_hd_t handle;
unsigned char T[4];
T[0] = (type >> 24) & 0xFF;
@@ -35,25 +35,24 @@
T[2] = (type >> 8) & 0xFF;
T[3] = (type >> 0) & 0xFF;
- SHA1_Init(&sha_ctx);
+ gcry_md_open (&handle, GCRY_MD_SHA1, 0);
- *derived_key_p = malloc(SHA_DIGEST_LENGTH);
+ *derived_key_length_p = gcry_md_get_algo_dlen (GCRY_MD_SHA1);
+ *derived_key_p = malloc(*derived_key_length_p);
if (*derived_key_p == NULL) {
return PAM_BUF_ERR;
}
- *derived_key_length_p = SHA_DIGEST_LENGTH;
-
/*
* Salt with key type, service and user names
*/
- SHA1_Update(&sha_ctx, T, sizeof(T));
+ gcry_md_write (handle, T, sizeof(T));
if (pamcch->service != NULL) {
- SHA1_Update(&sha_ctx, pamcch->service, strlen(pamcch->service));
+ gcry_md_write (handle, pamcch->service, strlen(pamcch->service));
}
- SHA1_Update(&sha_ctx, pamcch->user, strlen(pamcch->user));
- SHA1_Update(&sha_ctx, credentials, length);
- SHA1_Final(*derived_key_p, &sha_ctx);
+ gcry_md_write (handle, pamcch->user, strlen(pamcch->user));
+ gcry_md_write (handle, credentials, length);
+ memcpy(*derived_key_p, gcry_md_read(handle, 0), *derived_key_length_p);
return PAM_SUCCESS;
}
It doesn't really belong here, but since there's no dedicated list for
this really nice pam module I'd thought I post it here.
Cheers,
-- Guido
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic