5535 – smbk5pwd uses private heimdal functions

Issue 5535 - smbk5pwd uses private heimdal functions

Summary: smbk5pwd uses private heimdal functions

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	contrib (show other issues)
Version:	2.4.8
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-05-28 14:07 UTC by guillomovitch@gmail.com
Modified:	2014-08-01 21:03 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description guillomovitch@gmail.com 2008-05-28 14:07:38 UTC

Full_Name: Guillaume Rousse
Version: 2.4.8
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.55.250.67)


smbk5pwd uses two private heimdal functions:
_kadm5_set_keys
_kadm5_free_keys

As of heimdal 1.1, those functions are not exported anymore. As a consequence,
opendalp crashes as soon as I try to change password when the overlay is
activated.

According to heimdal maintainers, smb5pwd should rather use
hdb_generate_key_set_password and hdb_free_keys to generate the key data. I
tried to produce a patch myself (available at
http://www.zarb.org/~guillomovitch/openldap-smbk5pwd-2.4.8-dont-use-internal-functions.patch)
by inlining _kadm5_set_keys function directly in smbk5pwd, but I don't know how
to deal with members of private kadm_context structure.

Comment 1 Howard Chu 2008-06-03 19:29:42 UTC

moved from Incoming to Contrib

Comment 2 admin@dmarkey.com 2009-04-25 01:21:18 UTC

Please review http://dmarkey.com/~dmarkey/smbk5pwd.patch to fix this.

Against 2.4.16 smbk5pwd.

Comment 3 Howard Chu 2009-06-23 22:44:40 UTC

changed notes

Comment 4 admin@dmarkey.com 2009-06-23 23:18:26 UTC

Please note Guillaume.Rousse@inria.fr
 is the author of the patch i supplied. Origin:
http://www.stacken.kth.se/lists/heimdal-discuss/2008-05/msg00107.html

Comment 5 guillomovitch@gmail.com 2009-06-24 12:40:54 UTC

The patch is course usable for integration in openldap (I originaly 
posted it on the list precisely for this purpose, sorry if I wasn't 
clear enough).

Comment 6 Howard Chu 2009-06-26 02:09:26 UTC

changed notes
changed state Open to Test

Comment 7 Quanah Gibson-Mount 2009-06-27 18:48:35 UTC

changed notes

Comment 8 Quanah Gibson-Mount 2009-06-27 18:48:36 UTC

changed state Test to Release

Comment 9 Quanah Gibson-Mount 2009-07-22 17:10:03 UTC

changed notes
changed state Release to Closed

Comment 10 OpenLDAP project 2014-08-01 21:03:28 UTC

different fix in HEAD
fixed in RE24