summaryrefslogtreecommitdiffstats
path: root/mod_auth_xradius-0.4.6-libnss_libxradius.patch
diff options
context:
space:
mode:
Diffstat (limited to 'mod_auth_xradius-0.4.6-libnss_libxradius.patch')
-rw-r--r--mod_auth_xradius-0.4.6-libnss_libxradius.patch331
1 files changed, 331 insertions, 0 deletions
diff --git a/mod_auth_xradius-0.4.6-libnss_libxradius.patch b/mod_auth_xradius-0.4.6-libnss_libxradius.patch
new file mode 100644
index 0000000..de26df8
--- /dev/null
+++ b/mod_auth_xradius-0.4.6-libnss_libxradius.patch
@@ -0,0 +1,331 @@
+diff -Naur mod_auth_xradius-0.4.6.old/configure.ac mod_auth_xradius-0.4.6/configure.ac
+--- mod_auth_xradius-0.4.6.old/configure.ac 2012-07-13 16:14:18.597720284 +0200
++++ mod_auth_xradius-0.4.6/configure.ac 2012-07-13 16:15:15.348824052 +0200
+@@ -35,6 +35,17 @@
+ MODULE_CFLAGS="${LIBRADIUS_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
+ MODULE_LIBS="${APR_MEMCACHE_LIBS}"
+
++dnl NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
++dnl collisions on NSS initialization/shutdown with other libraries
++LIBS="$LIBS -lnss3"
++AC_CHECK_FUNC(NSS_InitContext,
++[
++ AC_DEFINE(HAVE_NSS_INITCONTEXT, 1, [if you have the NSS_InitContext function])
++ AC_SUBST(HAVE_NSS_INITCONTEXT, [1])
++],
++AC_MSG_ERROR([Missing NSS_InitContext]))
++
++
+ AC_SUBST(MODULE_CFLAGS)
+ AC_SUBST(MODULE_LIBS)
+
+diff -Naur mod_auth_xradius-0.4.6.old/libradius/porting.h mod_auth_xradius-0.4.6/libradius/porting.h
+--- mod_auth_xradius-0.4.6.old/libradius/porting.h 2012-07-13 16:14:18.599720322 +0200
++++ mod_auth_xradius-0.4.6/libradius/porting.h 2012-07-13 16:14:36.172062002 +0200
+@@ -15,7 +15,7 @@
+
+ #else
+
+-#include "md5.h"
++#include "sechash.h"
+ #define MD5_DIGEST_LENGTH 16
+ #define MD5Final xrad_MD5Final
+ #define MD5Init xrad_MD5Init
+diff -Naur mod_auth_xradius-0.4.6.old/libradius/radlib.c mod_auth_xradius-0.4.6/libradius/radlib.c
+--- mod_auth_xradius-0.4.6.old/libradius/radlib.c 2012-07-13 16:14:18.599720322 +0200
++++ mod_auth_xradius-0.4.6/libradius/radlib.c 2012-07-13 16:15:15.349824040 +0200
+@@ -40,6 +40,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
++#include <nss3/nss.h>
+
+ #include "porting.h"
+ #include "radlib_private.h"
+@@ -87,6 +88,24 @@
+ }
+ #endif
+
++static NSSInitContext *xrad_nss_init(void)
++{
++ NSSInitContext *nctx = NULL;
++ NSSInitParameters initparams;
++
++ memset((void *) &initparams, '\0', sizeof(initparams));
++ initparams.length = sizeof(initparams);
++
++ return NSS_InitContext("", "", "", "", &initparams,
++ NSS_INIT_READONLY
++ | NSS_INIT_NOCERTDB
++ | NSS_INIT_NOMODDB
++ | NSS_INIT_FORCEOPEN
++ | NSS_INIT_NOROOTINIT
++ | NSS_INIT_OPTIMIZESPACE
++ | NSS_INIT_PK11RELOAD);
++}
++
+ static void
+ clear_password(struct xrad_handle *h)
+ {
+@@ -110,24 +129,32 @@
+ static void
+ insert_scrambled_password(struct xrad_handle *h, int srv)
+ {
+- MD5_CTX ctx;
++ NSSInitContext *nctx;
++ HASHContext *md5_ctx;
+ unsigned char md5[MD5_DIGEST_LENGTH];
+ const struct xrad_server *srvp;
+ int padded_len;
+ int pos;
++ unsigned int len;
+
+ srvp = &h->servers[srv];
+ padded_len = h->pass_len == 0 ? 16 : (h->pass_len+15) & ~0xf;
+
++ nctx = xrad_nss_init();
++ md5_ctx = HASH_Create(HASH_AlgMD5);
++
+ memcpy(md5, &h->request[POS_AUTH], LEN_AUTH);
+ for (pos = 0; pos < padded_len; pos += 16) {
+ int i;
+
+ /* Calculate the new scrambler */
+- MD5Init(&ctx);
+- MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
+- MD5Update(&ctx, md5, 16);
+- MD5Final(md5, &ctx);
++ HASH_Begin(md5_ctx);
++ HASH_Update(md5_ctx,
++ (const unsigned char *)srvp->secret,
++ strlen(srvp->secret));
++ HASH_Update(md5_ctx, md5, 16);
++ HASH_End(md5_ctx, md5, &len, sizeof(md5));
++
+
+ /*
+ * Mix in the current chunk of the password, and copy
+@@ -139,24 +166,43 @@
+ h->request[h->pass_pos + pos + i] =
+ md5[i] ^= h->pass[pos + i];
+ }
++
++ HASH_Destroy(md5_ctx);
++
++ NSS_ShutdownContext(nctx);
+ }
+
+ static void
+ insert_request_authenticator(struct xrad_handle *h, int srv)
+ {
+- MD5_CTX ctx;
++ NSSInitContext *nctx;
++ HASHContext *md5_ctx;
+ const struct xrad_server *srvp;
++ unsigned int len;
+
+ srvp = &h->servers[srv];
+
+ /* Create the request authenticator */
+- MD5Init(&ctx);
+- MD5Update(&ctx, &h->request[POS_CODE], POS_AUTH - POS_CODE);
+- apr_generate_random_bytes(&h->request[POS_AUTH], LEN_AUTH);
+- MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH);
+- MD5Update(&ctx, &h->request[POS_ATTRS], h->req_len - POS_ATTRS);
+- MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
+- MD5Final(&h->request[POS_AUTH], &ctx);
++ nctx = xrad_nss_init();
++ md5_ctx = HASH_Create(HASH_AlgMD5);
++
++ HASH_Begin(md5_ctx);
++ HASH_Update(md5_ctx, &h->request[POS_CODE], POS_AUTH - POS_CODE);
++ apr_generate_random_bytes(&h->request[POS_AUTH], LEN_AUTH);
++ HASH_Update(md5_ctx,
++ (const unsigned char *)&h->request[POS_AUTH],
++ LEN_AUTH);
++ HASH_Update(md5_ctx,
++ (const unsigned char *)&h->request[POS_ATTRS],
++ h->req_len - POS_ATTRS);
++ HASH_Update(md5_ctx,
++ (const unsigned char *)srvp->secret,
++ strlen(srvp->secret));
++ HASH_End(md5_ctx, &h->request[POS_AUTH], &len, sizeof(h->request[POS_AUTH]));
++
++ HASH_Destroy(md5_ctx);
++
++ NSS_ShutdownContext(nctx);
+ }
+
+ static void
+@@ -192,10 +238,12 @@
+ is_valid_response(struct xrad_handle *h, int srv,
+ const struct sockaddr_in *from)
+ {
+- MD5_CTX ctx;
++ NSSInitContext *nctx;
++ HASHContext *md5_ctx;
+ unsigned char md5[MD5_DIGEST_LENGTH];
+ const struct xrad_server *srvp;
+ int len;
++ unsigned int hash_len;
+ #ifdef WITH_SSL
+ HMAC_CTX hctx;
+ u_char resp[MSGSIZE], md[EVP_MAX_MD_SIZE];
+@@ -218,12 +266,19 @@
+ return 0;
+
+ /* Check the response authenticator */
+- MD5Init(&ctx);
+- MD5Update(&ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE);
+- MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH);
+- MD5Update(&ctx, &h->response[POS_ATTRS], len - POS_ATTRS);
+- MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
+- MD5Final(md5, &ctx);
++ nctx = xrad_nss_init();
++ md5_ctx = HASH_Create(HASH_AlgMD5);
++ HASH_Begin(md5_ctx);
++ HASH_Update(md5_ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE);
++ HASH_Update(md5_ctx, &h->request[POS_AUTH], LEN_AUTH);
++ HASH_Update(md5_ctx, &h->response[POS_ATTRS], len - POS_ATTRS);
++ HASH_Update(md5_ctx,
++ (const unsigned char *)srvp->secret,
++ strlen(srvp->secret));
++ HASH_End(md5_ctx, md5, &hash_len, sizeof(md5));
++ HASH_Destroy(md5_ctx);
++ NSS_ShutdownContext(nctx);
++
+ if (memcmp(&h->response[POS_AUTH], md5, sizeof md5) != 0)
+ return 0;
+
+@@ -1128,7 +1183,9 @@
+ char R[LEN_AUTH];
+ const char *S;
+ int i, Ppos;
+- MD5_CTX Context;
++ int hash_len;
++ NSSInitContext *nctx;
++ HASHContext *md5_ctx;
+ u_char b[MD5_DIGEST_LENGTH], *C, *demangled;
+
+ if ((mlen % 16 != 0) || mlen > 128) {
+@@ -1152,10 +1209,14 @@
+ if (!demangled)
+ return NULL;
+
+- MD5Init(&Context);
+- MD5Update(&Context, S, strlen(S));
+- MD5Update(&Context, R, LEN_AUTH);
+- MD5Final(b, &Context);
++ nctx = xrad_nss_init();
++ md5_ctx = HASH_Create(HASH_AlgMD5);
++ HASH_Begin(md5_ctx);
++ HASH_Update(md5_ctx, S, strlen(S));
++ HASH_Update(md5_ctx, R, LEN_AUTH);
++ HASH_End(md5_ctx, b, &hash_len, sizeof(b));
++ HASH_Destroy(md5_ctx);
++
+ Ppos = 0;
+ while (mlen) {
+
+@@ -1164,15 +1225,19 @@
+ demangled[Ppos++] = C[i] ^ b[i];
+
+ if (mlen) {
+- MD5Init(&Context);
+- MD5Update(&Context, S, strlen(S));
+- MD5Update(&Context, C, 16);
+- MD5Final(b, &Context);
++ md5_ctx = HASH_Create(HASH_AlgMD5);
++ HASH_Begin(md5_ctx);
++ HASH_Update(md5_ctx, S, strlen(S));
++ HASH_Update(md5_ctx, C, 16);
++ HASH_End(md5_ctx, b, &hash_len, sizeof(b));
++ HASH_Destroy(md5_ctx);
+ }
+
+ C += 16;
+ }
+
++ NSS_ShutdownContext(nctx);
++
+ return demangled;
+ }
+
+@@ -1184,9 +1249,11 @@
+ const char *S;
+ u_char b[MD5_DIGEST_LENGTH], *demangled;
+ const u_char *A, *C;
+- MD5_CTX Context;
++ NSSInitContext *nctx;
++ HASHContext *md5_ctx;
+ int Slen, i, Clen, Ppos;
+ u_char *P;
++ unsigned int hash_len;
+
+ if (mlen % 16 != SALT_LEN) {
+ generr(h, "Cannot interpret mangled data of length %lu",
+@@ -1207,11 +1274,15 @@
+ Slen = strlen(S);
+ P = alloca(Clen); /* We derive our plaintext */
+
+- MD5Init(&Context);
+- MD5Update(&Context, S, Slen);
+- MD5Update(&Context, R, LEN_AUTH);
+- MD5Update(&Context, A, SALT_LEN);
+- MD5Final(b, &Context);
++ nctx = xrad_nss_init();
++ md5_ctx = HASH_Create(HASH_AlgMD5);
++ HASH_Begin(md5_ctx);
++ HASH_Update(md5_ctx, S, Slen);
++ HASH_Update(md5_ctx, R, LEN_AUTH);
++ HASH_Update(md5_ctx, A, SALT_LEN);
++ HASH_End(md5_ctx, b, &hash_len, sizeof(b));
++ HASH_Destroy(md5_ctx);
++
+ Ppos = 0;
+
+ while (Clen) {
+@@ -1221,15 +1292,20 @@
+ P[Ppos++] = C[i] ^ b[i];
+
+ if (Clen) {
+- MD5Init(&Context);
+- MD5Update(&Context, S, Slen);
+- MD5Update(&Context, C, 16);
+- MD5Final(b, &Context);
++ md5_ctx = HASH_Create(HASH_AlgMD5);
++ HASH_Begin(md5_ctx);
++ HASH_Update(md5_ctx, S, Slen);
++ HASH_Update(md5_ctx, C, 16);
++ HASH_Update(md5_ctx, A, SALT_LEN);
++ HASH_End(md5_ctx, b, &hash_len, sizeof(b));
++ HASH_Destroy(md5_ctx);
+ }
+
+ C += 16;
+ }
+
++ NSS_ShutdownContext(nctx);
++
+ /*
+ * The resulting plain text consists of a one-byte length, the text and
+ * maybe some padding.
+diff -Naur mod_auth_xradius-0.4.6.old/Makefile.am mod_auth_xradius-0.4.6/Makefile.am
+--- mod_auth_xradius-0.4.6.old/Makefile.am 2012-07-13 16:14:18.598720303 +0200
++++ mod_auth_xradius-0.4.6/Makefile.am 2012-07-13 16:14:36.179062137 +0200
+@@ -24,12 +24,11 @@
+ apachemoddir=${AP_LIBEXECDIR}
+
+ lib_LTLIBRARIES = libxradius.la
+-libxradius_la_SOURCES = libradius/radlib.c libradius/md5c.c
+-libxradius_la_CFLAGS = ${MODULE_CFLAGS}
+-libxradius_la_LDFLAGS = ${MODULE_LIBS}
++libxradius_la_SOURCES = libradius/radlib.c
++libxradius_la_CFLAGS = ${MODULE_CFLAGS} -I${includedir}/nss3 -I${includedir}/nspr4
++libxradius_la_LDFLAGS = ${MODULE_LIBS} -lnss3 -lnspr4
+
+ include_HEADERS = \
+- libradius/md5.h \
+ libradius/porting.h \
+ libradius/radlib.h \
+ libradius/radlib_private.h \
generated by cgit (git 2.34.1) at 2024-05-07 03:05:53 +0000