Date: Tue, 30 Apr 2013 20:42:00 GMT From: Mike Carlson <mike@bayphoto.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/178268: [patch] net/openldap24-server: Add SHA2 password module Message-ID: <201304302042.r3UKg08Q054907@red.freebsd.org> Resent-Message-ID: <201304302050.r3UKo0pe030045@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 178268
>Category: ports
>Synopsis: [patch] net/openldap24-server: Add SHA2 password module
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 30 20:50:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Mike Carlson
>Release: 9.1-RELEASE
>Organization:
Bay Photo Lab
>Environment:
FreeBSD b-bot.discdrive.bayphoto.com 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
There is a SHA2 password backend module in contrib/slapd-modules/passwd/sha2 that allows for SHA256 and SHA384 as well as SHA512 hash algorithms.
It would be really cool if this was a option, otherwise, I have to compile and install by hand.
There is a usability issue though, and that is slappasswd does not understand the new hash providers.
Example:
# slappasswd -h "{SSHA}" -s test
{SSHA}el+EK4rV5AnEodolaO2qXKyxLHsbSmnR
# slappasswd -h "{SHA512}" -s test
Password generation failed for scheme {SHA512}: scheme not recognized
With that, I still feel it is useful, so attached is a svn diff for ports/net/openldap24-server
>How-To-Repeat:
n/a
>Fix:
Patch attached with submission follows:
Index: Makefile
===================================================================
--- Makefile (revision 316958)
+++ Makefile (working copy)
@@ -69,7 +69,7 @@
OPTIONS_DEFINE+= ACCESSLOG AUDITLOG COLLECT CONSTRAINT DDS
OPTIONS_DEFINE+= DEREF DYNGROUP DYNLIST MEMBEROF PPOLICY PROXYCACHE
OPTIONS_DEFINE+= REFINT RETCODE RWM SEQMOD SSSVLV SYNCPROV TRANSLUCENT
-OPTIONS_DEFINE+= UNIQUE VALSORT SMBPWD DYNAMIC_BACKENDS SASL
+OPTIONS_DEFINE+= UNIQUE VALSORT SMBPWD SHA2 DYNAMIC_BACKENDS SASL
OPTIONS_DEFAULT= BDB TCP_WRAPPERS SEQMOD SYNCPROV DYNAMIC_BACKENDS
@@ -110,6 +110,7 @@
UNIQUE_DESC= With attribute Uniqueness overlay
VALSORT_DESC= With Value Sorting overlay
SMBPWD_DESC= With Samba Password hashes overlay
+SHA2_DESC= With SHA2 Password hashes overlay
DYNAMIC_BACKENDS_DESC= Build dynamic backends
.endif
@@ -440,6 +441,12 @@
PLIST_SUB+= SMBPWD="@comment "
.endif
+.if ${PORT_OPTIONS:MSHA2}
+PLIST_SUB+= SHA2=""
+.else
+PLIST_SUB+= SHA2="@comment "
+.endif
+
.if ${PORT_OPTIONS:MRLOOKUPS}
CONFIGURE_ARGS+= --enable-rlookups
PLIST_SUB+= RLOOKUPS=""
@@ -517,6 +524,12 @@
.endif
.endif
+.if ${PORT_OPTIONS:MSHA2}
+post-build:
+ @cd ${BUILD_WRKSRC}/contrib/slapd-modules/passwd/sha2; ${SETENV} ${MAKE_ENV} \
+ ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} all
+.endif
+
pre-su-install:
@if [ -f ${PKGINSTALL} ]; then \
${SETENV} PKG_PREFIX="${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL; \
@@ -553,7 +566,14 @@
${PREFIX}/libexec/openldap/
@${LN} -s smbk5pwd.so.0 ${PREFIX}/libexec/openldap/smbk5pwd.so
.endif
+.if ${PORT_OPTIONS:MSHA2}
+ @${INSTALL_DATA} ${WRKSRC}/contrib/slapd-modules/passwd/sha2/pw-sha2.la \
+ ${PREFIX}/libexec/openldap/
+ @${INSTALL_PROGRAM} ${WRKSRC}/contrib/slapd-modules/passwd/sha2/.libs/pw-sha2.so.0 \
+ ${PREFIX}/libexec/openldap/
+ @${LN} -s pw-sha2.so.0 ${PREFIX}/libexec/openldap/pw-sha2.so
.endif
+.endif
@${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304302042.r3UKg08Q054907>