2 files changed, 214 insertions, 5 deletions

diff --git a/net/openldap24-server/Makefile b/net/openldap24-server/Makefile
index 8dc00d977748..262cb0e48915 100644
--- a/net/openldap24-server/Makefile
+++ b/net/openldap24-server/Makefile
@@ -58,8 +58,8 @@ WANT_OPENLDAP_VER?=	24
 BROKEN=			incompatible OpenLDAP version: ${WANT_OPENLDAP_VER}
 .endif
 
-PORTREVISION_CLIENT=	0
-PORTREVISION_SERVER=	1
+PORTREVISION_CLIENT=	1
+PORTREVISION_SERVER=	2
 OPENLDAP_SHLIB_MAJOR=	2
 OPENLDAP_SHLIB_MINOR=	10.3
 OPENLDAP_MAJOR=		${DISTVERSION:R}
@@ -76,6 +76,7 @@ OPTIONS_DEFINE+=	ACCESSLOG AUDITLOG COLLECT CONSTRAINT DDS
 OPTIONS_DEFINE+=	DEREF DYNGROUP DYNLIST MEMBEROF PPOLICY PROXYCACHE
 OPTIONS_DEFINE+=	REFINT RETCODE RWM SEQMOD SSSVLV SYNCPROV TRANSLUCENT
 OPTIONS_DEFINE+=	UNIQUE VALSORT SMBPWD SHA2 DYNAMIC_BACKENDS SASL
+OPTIONS_DEFINE+=	LMPASSWD
 
 OPTIONS_DEFAULT=	MDB SYNCPROV DYNAMIC_BACKENDS
 
@@ -117,6 +118,7 @@ UNIQUE_DESC=		With attribute Uniqueness overlay
 VALSORT_DESC=		With Value Sorting overlay
 SMBPWD_DESC=		With Samba Password hashes overlay
 SHA2_DESC=		With SHA2 Password hashes overlay
+LMPASSWD_DESC=		With LM hash password support (DEPRECATED)
 DYNAMIC_BACKENDS_DESC=	Build dynamic backends
 .endif
 
@@ -130,7 +132,7 @@ OPENLDAP_PKGFILESUFX=
 
 CONFIGURE_SED=		-e 's,uuid/uuid.h,xxuuid/uuid.h,g'
 
-.include <bsd.port.pre.mk>
+.include <bsd.port.options.mk>
 
 .if defined(CLIENT_ONLY)
 PORTDOCS=		CHANGES drafts rfc
@@ -244,7 +246,6 @@ OVERLAY_ENABLE=		yes
 
 CONFIGURE_ARGS+=	--localstatedir=${LOCALSTATEDIR} \
 			--enable-crypt \
-			--enable-lmpasswd \
 			--enable-ldap=${BACKEND_ENABLE} \
 			--enable-meta=${BACKEND_ENABLE} \
 			--enable-rewrite \
@@ -285,6 +286,10 @@ CONFIGURE_ARGS+=	--enable-dyngroup=${OVERLAY_ENABLE}
 CONFIGURE_ARGS+=	--enable-dynlist=${OVERLAY_ENABLE}
 .endif
 
+.if ${PORT_OPTIONS:MLMPASSWD}
+CONFIGURE_ARGS+=	--enable-lmpasswd
+.endif
+
 .if ${PORT_OPTIONS:MMEMBEROF}
 CONFIGURE_ARGS+=	--enable-memberof=${OVERLAY_ENABLE}
 .endif
@@ -561,4 +566,4 @@ post-install:
 .endif
 .endif # defined(CLIENT_ONLY)
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff --git a/net/openldap24-server/files/patch-des b/net/openldap24-server/files/patch-des
new file mode 100644
index 000000000000..b9541de33cb8
--- /dev/null
+++ b/net/openldap24-server/files/patch-des
@@ -0,0 +1,204 @@
+--- libraries/liblutil/passwd.c.orig	2014-09-19 03:48:49.000000000 +0200
++++ libraries/liblutil/passwd.c	2014-11-05 19:57:10.807555025 +0100
+@@ -38,11 +38,11 @@
+ #	include <openssl/des.h>
+ 
+ 
+-typedef des_cblock des_key;
+-typedef des_cblock des_data_block;
+-typedef des_key_schedule des_context;
+-#define des_failed(encrypted) 0
+-#define des_finish(key, schedule) 
++typedef DES_cblock DES_key;
++typedef DES_cblock DES_data_block;
++typedef DES_key_schedule DES_context;
++#define DES_failed(encrypted) 0
++#define DES_finish(key, schedule) 
+ 
+ #elif defined(HAVE_MOZNSS)
+ /*
+@@ -53,9 +53,9 @@
+ */
+ #define PROTYPES_H 1
+ #	include <nss/pk11pub.h>
+-typedef PK11SymKey *des_key;
+-typedef unsigned char des_data_block[8];
+-typedef PK11Context *des_context[1];
++typedef PK11SymKey *DES_key;
++typedef unsigned char DES_data_block[8];
++typedef PK11Context *DES_context[1];
+ #define DES_ENCRYPT CKA_ENCRYPT
+ 
+ #endif
+@@ -664,10 +664,10 @@
+  * abstract away setting the parity.
+  */
+ static void
+-des_set_key_and_parity( des_key *key, unsigned char *keyData)
++DES_set_key_and_parity( DES_key *key, unsigned char *keyData)
+ {
+     memcpy(key, keyData, 8);
+-    des_set_odd_parity( key );
++    DES_set_odd_parity( key );
+ }
+ 
+ 
+@@ -677,7 +677,7 @@
+  * implement MozNSS wrappers for the openSSL calls 
+  */
+ static void
+-des_set_key_and_parity( des_key *key, unsigned char *keyData)
++DES_set_key_and_parity( DES_key *key, unsigned char *keyData)
+ {
+     SECItem keyDataItem;
+     PK11SlotInfo *slot;
+@@ -699,7 +699,7 @@
+ }
+ 
+ static void
+-des_set_key_unchecked( des_key *key, des_context ctxt )
++DES_set_key_unchecked( DES_key *key, DES_context ctxt )
+ {
+     ctxt[0] = NULL;
+ 
+@@ -712,37 +712,37 @@
+ }
+ 
+ static void
+-des_ecb_encrypt( des_data_block *plain, des_data_block *encrypted, 
+-			des_context ctxt, int op)
++DES_ecb_encrypt( DES_data_block *plain, DES_data_block *encrypted, 
++			DES_context ctxt, int op)
+ {
+     SECStatus rv;
+     int size;
+ 
+     if (ctxt[0] == NULL) {
+ 	/* need to fail here...  */
+-	memset(encrypted, 0, sizeof(des_data_block));
++	memset(encrypted, 0, sizeof(DES_data_block));
+ 	return;
+     }
+     rv = PK11_CipherOp(ctxt[0], (unsigned char *)&encrypted[0], 
+-			&size, sizeof(des_data_block),
+-			(unsigned char *)&plain[0], sizeof(des_data_block));
++			&size, sizeof(DES_data_block),
++			(unsigned char *)&plain[0], sizeof(DES_data_block));
+     if (rv != SECSuccess) {
+ 	/* signal failure */
+-	memset(encrypted, 0, sizeof(des_data_block));
++	memset(encrypted, 0, sizeof(DES_data_block));
+ 	return;
+     }
+     return;
+ }
+ 
+ static int
+-des_failed(des_data_block *encrypted)
++DES_failed(DES_data_block *encrypted)
+ {
+-   static const des_data_block zero = { 0 };
++   static const DES_data_block zero = { 0 };
+    return memcmp(encrypted, zero, sizeof(zero)) == 0;
+ }
+ 
+ static void
+-des_finish(des_key *key, des_context ctxt)
++DES_finish(DES_key *key, DES_context ctxt)
+ {
+      if (*key) {
+ 	PK11_FreeSymKey(*key);
+@@ -817,7 +817,7 @@
+ 
+ static void lmPasswd_to_key(
+ 	const char *lmPasswd,
+-	des_key *key)
++	DES_key *key)
+ {
+ 	const unsigned char *lpw = (const unsigned char *) lmPasswd;
+ 	unsigned char k[8];
+@@ -832,7 +832,7 @@
+ 	k[6] = ((lpw[5] & 0x3F) << 2) | (lpw[6] >> 6);
+ 	k[7] = ((lpw[6] & 0x7F) << 1);
+ 		
+-	des_set_key_and_parity( key, k );
++	DES_set_key_and_parity( key, k );
+ }	
+ 
+ static int chk_lanman(
+@@ -843,10 +843,10 @@
+ {
+ 	ber_len_t i;
+ 	char UcasePassword[15];
+-	des_key key;
+-	des_context schedule;
+-	des_data_block StdText = "KGS!@#$%";
+-	des_data_block PasswordHash1, PasswordHash2;
++	DES_key key;
++	DES_context schedule;
++	DES_data_block StdText = "KGS!@#$%";
++	DES_data_block PasswordHash1, PasswordHash2;
+ 	char PasswordHash[33], storedPasswordHash[33];
+ 	
+ 	for( i=0; i<cred->bv_len; i++) {
+@@ -864,21 +864,21 @@
+ 	ldap_pvt_str2upper( UcasePassword );
+ 	
+ 	lmPasswd_to_key( UcasePassword, &key );
+-	des_set_key_unchecked( &key, schedule );
+-	des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );
++	DES_set_key_unchecked( &key, &schedule );
++	DES_ecb_encrypt( &StdText, &PasswordHash1, &schedule , DES_ENCRYPT );
+ 
+-	if (des_failed(&PasswordHash1)) {
++	if (DES_failed(&PasswordHash1)) {
+ 	    return LUTIL_PASSWD_ERR;
+ 	}
+ 	
+ 	lmPasswd_to_key( &UcasePassword[7], &key );
+-	des_set_key_unchecked( &key, schedule );
+-	des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );
+-	if (des_failed(&PasswordHash2)) {
++	DES_set_key_unchecked( &key, &schedule );
++	DES_ecb_encrypt( &StdText, &PasswordHash2, &schedule , DES_ENCRYPT );
++	if (DES_failed(&PasswordHash2)) {
+ 	    return LUTIL_PASSWD_ERR;
+ 	}
+ 
+-	des_finish( &key, schedule );
++	DES_finish( &key, schedule );
+ 	
+ 	sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", 
+ 		PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3],
+@@ -1139,10 +1139,10 @@
+ 
+ 	ber_len_t i;
+ 	char UcasePassword[15];
+-	des_key key;
+-	des_context schedule;
+-	des_data_block StdText = "KGS!@#$%";
+-	des_data_block PasswordHash1, PasswordHash2;
++	DES_key key;
++	DES_context schedule;
++	DES_data_block StdText = "KGS!@#$%";
++	DES_data_block PasswordHash1, PasswordHash2;
+ 	char PasswordHash[33];
+ 	
+ 	for( i=0; i<passwd->bv_len; i++) {
+@@ -1160,12 +1160,12 @@
+ 	ldap_pvt_str2upper( UcasePassword );
+ 	
+ 	lmPasswd_to_key( UcasePassword, &key );
+-	des_set_key_unchecked( &key, schedule );
+-	des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );
++	DES_set_key_unchecked( &key, &schedule );
++	DES_ecb_encrypt( &StdText, &PasswordHash1, &schedule , DES_ENCRYPT );
+ 	
+ 	lmPasswd_to_key( &UcasePassword[7], &key );
+-	des_set_key_unchecked( &key, schedule );
+-	des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );
++	DES_set_key_unchecked( &key, &schedule );
++	DES_ecb_encrypt( &StdText, &PasswordHash2, &schedule , DES_ENCRYPT );
+ 	
+ 	sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", 
+ 		PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3],