The Samba-Bugzilla – Attachment 2182 Details for
Bug 3504
Allow SSL support when build with Solaris ldap library
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for Samba-3.0.23c
patch-nsldap (text/plain), 12.62 KB, created by
Alex Deiter
on 2006-10-12 23:31:55 UTC
(
hide
)
Description:
Patch for Samba-3.0.23c
Filename:
MIME Type:
Creator:
Alex Deiter
Created:
2006-10-12 23:31:55 UTC
Size:
12.62 KB
patch
obsolete
>--- source/configure.in.orig Mon Jun 26 11:06:06 2006 >+++ source/configure.in Mon Jun 26 11:09:29 2006 >@@ -3184,6 +3184,10 @@ > AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init) > > ######################################################## >+ # check for Netscape SSL API >+ AC_CHECK_FUNC_EXT(ldapssl_init,$LDAP_LIBS) >+ >+ ######################################################## > # If we have LDAP, does it's rebind procedure take 2 or 3 arguments? > # Check found in pam_ldap 145. > AC_CHECK_FUNC_EXT(ldap_set_rebind_proc,$LDAP_LIBS) >--- source/include/config.h.in.orig Mon Jun 26 11:10:19 2006 >+++ source/include/config.h.in Mon Jun 26 11:10:46 2006 >@@ -804,6 +804,9 @@ > /* Whether ldap is available */ > #undef HAVE_LDAP > >+/* Define to 1 if you have the `ldapssl_init' function. */ >+#undef HAVE_LDAPSSL_INIT >+ > /* Define to 1 if you have the `ldap_add_result_entry' function. */ > #undef HAVE_LDAP_ADD_RESULT_ENTRY > >--- source/include/smbldap.h.orig Mon Jun 26 11:10:58 2006 >+++ source/include/smbldap.h Mon Jun 26 11:11:34 2006 >@@ -216,7 +216,8 @@ > > #endif /* HAVE_LDAP */ > >-#define LDAP_CONNECT_DEFAULT_TIMEOUT 15 >+#define LDAP_CONNECTION_DEFAULT_TIMEOUT 1 >+#define LDAP_OPERATION_DEFAULT_TIMEOUT 15 > #define LDAP_PAGE_SIZE 1024 > > #endif /* _SMBLDAP_H */ >--- source/lib/smbldap.c.orig Mon Jun 26 11:11:44 2006 >+++ source/lib/smbldap.c Mon Jun 26 11:25:58 2006 >@@ -6,6 +6,7 @@ > Copyright (C) Shahms King 2001 > Copyright (C) Andrew Bartlett 2002-2003 > Copyright (C) Stefan (metze) Metzmacher 2002-2003 >+ Copyright (C) Alex Deiter 2006 > > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by >@@ -628,67 +629,102 @@ > int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri) > { > int rc; >- >- DEBUG(10, ("smb_ldap_setup_connection: %s\n", uri)); >- >+ int ot = lp_ldap_operation_timeout() * 1000; >+ int ct = lp_ldap_connection_timeout() * 1000; >+#ifndef HAVE_LDAP_INITIALIZE >+ int port = 0; >+ fstring protocol; >+ fstring host; >+#endif >+ DEBUG(10, ("smb_ldap_setup_conn: %s\n", uri)); > #ifdef HAVE_LDAP_INITIALIZE >- >- rc = ldap_initialize(ldap_struct, uri); >- if (rc) { >- DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc))); >+ if ((rc = ldap_initialize(ldap_struct, uri)) != LDAP_SUCCESS) { >+ DEBUG(0, ("ldap_initialize with %s failed: %s\n", >+ uri, ldap_err2string(rc))); >+ return rc; > } > >- return rc; >+ DEBUG(3,("Successfully setup ldap_initialize with %s\n", uri)); > #else >- > /* Parse the string manually */ >+ SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); > >- { >- int port = 0; >- fstring protocol; >- fstring host; >- SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); >+ /* skip leading "URL:" (if any) */ >+ if ( strnequal( uri, "URL:", 4 ) ) { >+ uri += 4; >+ } > >+ sscanf(uri, "%10[^:]://%254[^:/]:%d", protocol, host, &port); > >- /* skip leading "URL:" (if any) */ >- if ( strnequal( uri, "URL:", 4 ) ) { >- uri += 4; >+ if (port == 0) { >+ if (strequal(protocol, "ldap")) { >+ port = LDAP_PORT; >+ } else if (strequal(protocol, "ldaps")) { >+ port = LDAPS_PORT; >+ } else { >+ DEBUG(0, ("Unrecognised protocol: %s\n", protocol)); > } >- >- sscanf(uri, "%10[^:]://%254[^:/]:%d", protocol, host, &port); >- >- if (port == 0) { >- if (strequal(protocol, "ldap")) { >- port = LDAP_PORT; >- } else if (strequal(protocol, "ldaps")) { >- port = LDAPS_PORT; >- } else { >- DEBUG(0, ("unrecognised protocol (%s)!\n", protocol)); >- } >+ } >+ >+ if (strequal(protocol, "ldaps")) { >+#ifdef LDAP_OPT_X_TLS >+ int tls = LDAP_OPT_X_TLS_HARD; >+ >+ if ((*ldap_struct = ldap_init(host, port)) == NULL) { >+ DEBUG(0, ("ldap_init with %s:%d failed\n", host, port)); >+ return LDAP_OPERATIONS_ERROR; > } >- >- if ((*ldap_struct = ldap_init(host, port)) == NULL) { >- DEBUG(0, ("ldap_init failed !\n")); >+ >+ DEBUG(3,("Successfully setup ldap session with %s:%d\n", >+ host, port)); >+ >+ if ((rc = ldap_set_option(*ldap_struct, LDAP_OPT_X_TLS, &tls)) != LDAP_SUCCESS) { >+ DEBUG(0, ("Failed to setup a TLS option: %s\n", >+ ldap_err2string(rc))); >+ return rc; >+ } >+ >+ DEBUG(3,("Successfully setup TLS option\n")); >+#elif defined(HAVE_LDAPSSL_INIT) >+ if ((rc = ldapssl_client_init(lp_ldap_cert_db(), NULL)) != LDAP_SUCCESS) { >+ DEBUG(0,("ldapssl_client_init with '%s' cert db failed: %s\n", >+ lp_ldap_cert_db(), ldap_err2string(rc))); >+ return rc; >+ } >+ >+ if ((*ldap_struct = ldapssl_init(host, port, True)) == NULL) { >+ DEBUG(0, ("ldapssl_init to %s:%d failed!\n", host, port)); > return LDAP_OPERATIONS_ERROR; > } >- >- if (strequal(protocol, "ldaps")) { >-#ifdef LDAP_OPT_X_TLS >- int tls = LDAP_OPT_X_TLS_HARD; >- if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) >- { >- DEBUG(0, ("Failed to setup a TLS session\n")); >- } >- >- DEBUG(3,("LDAPS option set...!\n")); >+ >+ DEBUG(3,("Successfully setup ldapssl session with %s:%d\n", >+ host, port )); > #else >- DEBUG(0,("smbldap_open_connection: Secure connection not supported by LDAP client libraries!\n")); >- return LDAP_OPERATIONS_ERROR; >+ DEBUG(0,("Secure connection not supported by LDAP client libraries\n")); >+ return LDAP_OPERATIONS_ERROR; > #endif /* LDAP_OPT_X_TLS */ >+ } else { >+ if ((*ldap_struct = ldap_init(host, port)) == NULL) { >+ DEBUG(0, ("ldap_init with %s:%d failed\n", host, port)); >+ return LDAP_OPERATIONS_ERROR; > } > >+ DEBUG(3,("Successfully setup ldap session with %s:%d\n", host, port)); > } > #endif /* HAVE_LDAP_INITIALIZE */ >+#ifdef LDAP_OPT_TIMELIMIT >+ if ((rc = ldap_set_option(*ldap_struct, LDAP_OPT_TIMELIMIT, &ot)) != LDAP_SUCCESS) { >+ DEBUG(0,("Failed to setup a ldap operation timeout %d: %s\n", >+ ot, ldap_err2string(rc))); >+ } >+#endif /* LDAP_OPT_TIMELIMIT */ >+#ifdef LDAP_X_OPT_CONNECT_TIMEOUT >+ if ((rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &ct)) != LDAP_SUCCESS) { >+ DEBUG(0,("Failed to setup a ldap connection timeout %d: %s\n", >+ ct, ldap_err2string(rc))); >+ } >+#endif /* LDAP_X_OPT_CONNECT_TIMEOUT */ >+ > return LDAP_SUCCESS; > } > >@@ -1170,7 +1206,7 @@ > int rc = LDAP_SERVER_DOWN; > int attempts = 0; > char *utf8_filter; >- time_t endtime = time(NULL)+lp_ldap_timeout(); >+ time_t endtime = time(NULL)+lp_ldap_operation_timeout(); > struct timeval timeout; > > SMB_ASSERT(ldap_state); >@@ -1207,7 +1243,7 @@ > } > > /* Setup timeout for the ldap_search_ext_s call - local and remote. */ >- timeout.tv_sec = lp_ldap_timeout(); >+ timeout.tv_sec = lp_ldap_operation_timeout(); > timeout.tv_usec = 0; > > /* Setup alarm timeout.... Do we need both of these ? JRA. >@@ -1219,7 +1255,7 @@ > > got_alarm = 0; > CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); >- alarm(lp_ldap_timeout()); >+ alarm(lp_ldap_operation_timeout()); > /* End setup timeout. */ > > while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) { >@@ -1356,7 +1392,7 @@ > int rc = LDAP_SERVER_DOWN; > int attempts = 0; > char *utf8_dn; >- time_t endtime = time(NULL)+lp_ldap_timeout(); >+ time_t endtime = time(NULL)+lp_ldap_operation_timeout(); > > SMB_ASSERT(ldap_state); > >@@ -1388,7 +1424,7 @@ > int rc = LDAP_SERVER_DOWN; > int attempts = 0; > char *utf8_dn; >- time_t endtime = time(NULL)+lp_ldap_timeout(); >+ time_t endtime = time(NULL)+lp_ldap_operation_timeout(); > > SMB_ASSERT(ldap_state); > >@@ -1420,7 +1456,7 @@ > int rc = LDAP_SERVER_DOWN; > int attempts = 0; > char *utf8_dn; >- time_t endtime = time(NULL)+lp_ldap_timeout(); >+ time_t endtime = time(NULL)+lp_ldap_operation_timeout(); > > SMB_ASSERT(ldap_state); > >@@ -1454,7 +1490,7 @@ > { > int rc = LDAP_SERVER_DOWN; > int attempts = 0; >- time_t endtime = time(NULL)+lp_ldap_timeout(); >+ time_t endtime = time(NULL)+lp_ldap_operation_timeout(); > > if (!ldap_state) > return (-1); >--- source/libads/ldap.c.orig Mon Jun 26 11:26:39 2006 >+++ source/libads/ldap.c Mon Jun 26 11:27:57 2006 >@@ -86,13 +86,13 @@ > int result; > > /* Setup timeout for the ldap_search_ext_s call - local and remote. */ >- timeout.tv_sec = lp_ldap_timeout(); >+ timeout.tv_sec = lp_ldap_operation_timeout(); > timeout.tv_usec = 0; > > /* Setup alarm timeout.... Do we need both of these ? JRA. */ > gotalarm = 0; > CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); >- alarm(lp_ldap_timeout()); >+ alarm(lp_ldap_operation_timeout()); > /* End setup timeout. */ > > result = ldap_search_ext_s(ld, base, scope, filter, attrs, >@@ -324,7 +324,7 @@ > /* Otherwise setup the TCP LDAP session */ > > if ( (ads->ld = ldap_open_with_timeout(ads->config.ldap_server_name, >- LDAP_PORT, lp_ldap_timeout())) == NULL ) >+ LDAP_PORT, lp_ldap_operation_timeout())) == NULL ) > { > return ADS_ERROR(LDAP_OPERATIONS_ERROR); > } >--- source/nsswitch/winbindd_rpc.c.orig Mon Jun 26 11:28:32 2006 >+++ source/nsswitch/winbindd_rpc.c Mon Jun 26 11:29:00 2006 >@@ -677,7 +677,7 @@ > * search timeout doesn't seem to apply to doing an open as well. JRA. > */ > >- ldp = ldap_open_with_timeout(server, port, lp_ldap_timeout()); >+ ldp = ldap_open_with_timeout(server, port, lp_ldap_operation_timeout()); > if (ldp == NULL) > return -1; > >--- source/param/loadparm.c.orig Mon Jun 26 11:29:14 2006 >+++ source/param/loadparm.c Mon Jun 26 11:31:50 2006 >@@ -234,12 +234,14 @@ > int ldap_ssl; > char *szLdapSuffix; > char *szLdapAdminDn; >+ char *ldap_cert_db; > int iAclCompat; > char *szCupsServer; > char *szIPrintServer; > int ldap_passwd_sync; > int ldap_replication_sleep; >- int ldap_timeout; /* This is initialised in init_globals */ >+ int ldap_connection_timeout; >+ int ldap_operation_timeout; > int ldap_page_size; > BOOL ldap_delete_dn; > BOOL bMsAddPrinterWizard; >@@ -1162,6 +1164,7 @@ > {N_("Ldap Options"), P_SEP, P_SEPARATOR}, > > {"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, FLAG_ADVANCED}, >+ {"ldap cert db", P_STRING, P_GLOBAL, &Globals.ldap_cert_db, NULL, NULL, FLAG_ADVANCED}, > {"ldap delete dn", P_BOOL, P_GLOBAL, &Globals.ldap_delete_dn, NULL, NULL, FLAG_ADVANCED}, > {"ldap group suffix", P_STRING, P_GLOBAL, &Globals.szLdapGroupSuffix, NULL, NULL, FLAG_ADVANCED}, > {"ldap idmap suffix", P_STRING, P_GLOBAL, &Globals.szLdapIdmapSuffix, NULL, NULL, FLAG_ADVANCED}, >@@ -1171,7 +1174,8 @@ > {"ldap replication sleep", P_INTEGER, P_GLOBAL, &Globals.ldap_replication_sleep, NULL, NULL, FLAG_ADVANCED}, > {"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, FLAG_ADVANCED}, > {"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED}, >- {"ldap timeout", P_INTEGER, P_GLOBAL, &Globals.ldap_timeout, NULL, NULL, FLAG_ADVANCED}, >+ {"ldap connection timeout", P_INTEGER, P_GLOBAL, &Globals.ldap_connection_timeout, NULL, NULL, FLAG_ADVANCED}, >+ {"ldap operation timeout", P_INTEGER, P_GLOBAL, &Globals.ldap_operation_timeout, NULL, NULL, FLAG_ADVANCED}, > {"ldap page size", P_INTEGER, P_GLOBAL, &Globals.ldap_page_size, NULL, NULL, FLAG_ADVANCED}, > {"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, NULL, NULL, FLAG_ADVANCED}, > >@@ -1567,11 +1571,13 @@ > string_set(&Globals.szLdapIdmapSuffix, ""); > > string_set(&Globals.szLdapAdminDn, ""); >+ string_set(&Globals.ldap_cert_db, ""); > Globals.ldap_ssl = LDAP_SSL_ON; > Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF; > Globals.ldap_delete_dn = False; > Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */ >- Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT; >+ Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT; >+ Globals.ldap_operation_timeout = LDAP_OPERATION_DEFAULT_TIMEOUT; > Globals.ldap_page_size = LDAP_PAGE_SIZE; > > /* This is what we tell the afs client. in reality we set the token >@@ -1835,11 +1841,13 @@ > > FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix) > FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn) >+FN_GLOBAL_STRING(lp_ldap_cert_db, &Globals.ldap_cert_db) > FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl) > FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync) > FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn) > FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep) >-FN_GLOBAL_INTEGER(lp_ldap_timeout, &Globals.ldap_timeout) >+FN_GLOBAL_INTEGER(lp_ldap_connection_timeout, &Globals.ldap_connection_timeout) >+FN_GLOBAL_INTEGER(lp_ldap_operation_timeout, &Globals.ldap_operation_timeout) > FN_GLOBAL_INTEGER(lp_ldap_page_size, &Globals.ldap_page_size) > FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand) > FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand) >--- source/libads/cldap.c.orig Mon Jun 26 12:31:35 2006 >+++ source/libads/cldap.c Mon Jun 26 12:32:28 2006 >@@ -193,7 +193,7 @@ > /* Setup timeout */ > gotalarm = 0; > CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); >- alarm(lp_ldap_timeout()); >+ alarm(lp_ldap_operation_timeout()); > /* End setup timeout. */ > > ret = read(sock, blob.data, blob.length);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 3504
:
1724
|
1841
|
2182
|
3267