Attachment 2182 Details for Bug 3504 – Patch for Samba-3.0.23c

[patch] Patch for Samba-3.0.23c

patch-nsldap (text/plain), 12.62 KB, created by Alex Deiter on 2006-10-12 23:31:55 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Alex Deiter

Created: 2006-10-12 23:31:55 UTC

Size: 12.62 KB

patch

obsolete

>--- source/configure.in.orig	Mon Jun 26 11:06:06 2006
>+++ source/configure.in	Mon Jun 26 11:09:29 2006
>@@ -3184,6 +3184,10 @@
>   AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init)
> 
>   ########################################################
>+  # check for Netscape SSL API
>+  AC_CHECK_FUNC_EXT(ldapssl_init,$LDAP_LIBS)
>+
>+  ########################################################
>   # If we have LDAP, does it's rebind procedure take 2 or 3 arguments?
>   # Check found in pam_ldap 145.
>   AC_CHECK_FUNC_EXT(ldap_set_rebind_proc,$LDAP_LIBS)
>--- source/include/config.h.in.orig	Mon Jun 26 11:10:19 2006
>+++ source/include/config.h.in	Mon Jun 26 11:10:46 2006
>@@ -804,6 +804,9 @@
> /* Whether ldap is available */
> #undef HAVE_LDAP
> 
>+/* Define to 1 if you have the `ldapssl_init' function. */
>+#undef HAVE_LDAPSSL_INIT
>+
> /* Define to 1 if you have the `ldap_add_result_entry' function. */
> #undef HAVE_LDAP_ADD_RESULT_ENTRY
> 
>--- source/include/smbldap.h.orig	Mon Jun 26 11:10:58 2006
>+++ source/include/smbldap.h	Mon Jun 26 11:11:34 2006
>@@ -216,7 +216,8 @@
> 
> #endif 	/* HAVE_LDAP */
> 
>-#define LDAP_CONNECT_DEFAULT_TIMEOUT   15
>+#define LDAP_CONNECTION_DEFAULT_TIMEOUT 1
>+#define LDAP_OPERATION_DEFAULT_TIMEOUT 15
> #define LDAP_PAGE_SIZE 1024
> 
> #endif	/* _SMBLDAP_H */
>--- source/lib/smbldap.c.orig	Mon Jun 26 11:11:44 2006
>+++ source/lib/smbldap.c	Mon Jun 26 11:25:58 2006
>@@ -6,6 +6,7 @@
>    Copyright (C) Shahms King			2001
>    Copyright (C) Andrew Bartlett		2002-2003
>    Copyright (C) Stefan (metze) Metzmacher	2002-2003
>+   Copyright (C) Alex Deiter			2006
>     
>    This program is free software; you can redistribute it and/or modify
>    it under the terms of the GNU General Public License as published by
>@@ -628,67 +629,102 @@
> int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
> {
> 	int rc;
>-
>-	DEBUG(10, ("smb_ldap_setup_connection: %s\n", uri));
>-	
>+	int ot = lp_ldap_operation_timeout() * 1000;
>+	int ct = lp_ldap_connection_timeout() * 1000;
>+#ifndef HAVE_LDAP_INITIALIZE
>+	int port = 0;
>+	fstring protocol;
>+	fstring host;
>+#endif
>+	DEBUG(10, ("smb_ldap_setup_conn: %s\n", uri));
> #ifdef HAVE_LDAP_INITIALIZE
>-	
>-	rc = ldap_initialize(ldap_struct, uri);
>-	if (rc) {
>-		DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc)));
>+	if ((rc = ldap_initialize(ldap_struct, uri)) != LDAP_SUCCESS) {
>+		DEBUG(0, ("ldap_initialize with %s failed: %s\n",
>+			uri, ldap_err2string(rc)));
>+		return rc;
> 	}
> 
>-	return rc;
>+	DEBUG(3,("Successfully setup ldap_initialize with %s\n", uri));
> #else 
>-
> 	/* Parse the string manually */
>+	SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254);
> 
>-	{
>-		int port = 0;
>-		fstring protocol;
>-		fstring host;
>-		SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254);
>+	/* skip leading "URL:" (if any) */
>+	if ( strnequal( uri, "URL:", 4 ) ) {
>+		uri += 4;
>+	}
> 
>+	sscanf(uri, "%10[^:]://%254[^:/]:%d", protocol, host, &port);
> 
>-		/* skip leading "URL:" (if any) */
>-		if ( strnequal( uri, "URL:", 4 ) ) {
>-			uri += 4;
>+	if (port == 0) {
>+		if (strequal(protocol, "ldap")) {
>+			port = LDAP_PORT;
>+		} else if (strequal(protocol, "ldaps")) {
>+			port = LDAPS_PORT;
>+		} else {
>+			DEBUG(0, ("Unrecognised protocol: %s\n", protocol));
> 		}
>-		
>-		sscanf(uri, "%10[^:]://%254[^:/]:%d", protocol, host, &port);
>-		
>-		if (port == 0) {
>-			if (strequal(protocol, "ldap")) {
>-				port = LDAP_PORT;
>-			} else if (strequal(protocol, "ldaps")) {
>-				port = LDAPS_PORT;
>-			} else {
>-				DEBUG(0, ("unrecognised protocol (%s)!\n", protocol));
>-			}
>+	}
>+
>+	if (strequal(protocol, "ldaps")) {
>+#ifdef LDAP_OPT_X_TLS
>+		int tls = LDAP_OPT_X_TLS_HARD;
>+
>+		if ((*ldap_struct = ldap_init(host, port)) == NULL) {
>+			DEBUG(0, ("ldap_init with %s:%d failed\n", host, port));
>+			return LDAP_OPERATIONS_ERROR;
> 		}
>-		
>-		if ((*ldap_struct = ldap_init(host, port)) == NULL)	{
>-			DEBUG(0, ("ldap_init failed !\n"));
>+
>+		DEBUG(3,("Successfully setup ldap session with %s:%d\n",
>+			host, port));
>+
>+		if ((rc = ldap_set_option(*ldap_struct, LDAP_OPT_X_TLS, &tls)) != LDAP_SUCCESS) {
>+			DEBUG(0, ("Failed to setup a TLS option: %s\n",
>+				ldap_err2string(rc)));
>+			return rc;
>+		}
>+
>+		DEBUG(3,("Successfully setup TLS option\n"));
>+#elif defined(HAVE_LDAPSSL_INIT)
>+		if ((rc = ldapssl_client_init(lp_ldap_cert_db(), NULL)) != LDAP_SUCCESS) {
>+			DEBUG(0,("ldapssl_client_init with '%s' cert db failed: %s\n",
>+				lp_ldap_cert_db(), ldap_err2string(rc)));
>+			return rc;
>+		}
>+
>+		if ((*ldap_struct = ldapssl_init(host, port, True)) == NULL) {
>+			DEBUG(0, ("ldapssl_init to %s:%d failed!\n", host, port));
> 			return LDAP_OPERATIONS_ERROR;
> 		}
>-		
>-	        if (strequal(protocol, "ldaps")) {
>-#ifdef LDAP_OPT_X_TLS
>-			int tls = LDAP_OPT_X_TLS_HARD;
>-			if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
>-			{
>-				DEBUG(0, ("Failed to setup a TLS session\n"));
>-			}
>-			
>-			DEBUG(3,("LDAPS option set...!\n"));
>+
>+		DEBUG(3,("Successfully setup ldapssl session with %s:%d\n",
>+			host, port ));
> #else
>-			DEBUG(0,("smbldap_open_connection: Secure connection not supported by LDAP client libraries!\n"));
>-			return LDAP_OPERATIONS_ERROR;
>+		DEBUG(0,("Secure connection not supported by LDAP client libraries\n"));
>+		return LDAP_OPERATIONS_ERROR;
> #endif /* LDAP_OPT_X_TLS */
>+	} else {
>+		if ((*ldap_struct = ldap_init(host, port)) == NULL) {
>+			DEBUG(0, ("ldap_init with %s:%d failed\n", host, port));
>+			return LDAP_OPERATIONS_ERROR;
> 		}
> 
>+		DEBUG(3,("Successfully setup ldap session with %s:%d\n", host, port));
> 	}
> #endif /* HAVE_LDAP_INITIALIZE */
>+#ifdef LDAP_OPT_TIMELIMIT
>+	if ((rc = ldap_set_option(*ldap_struct, LDAP_OPT_TIMELIMIT, &ot)) != LDAP_SUCCESS) {
>+		DEBUG(0,("Failed to setup a ldap operation timeout %d: %s\n",
>+			ot, ldap_err2string(rc)));
>+	}
>+#endif /* LDAP_OPT_TIMELIMIT */
>+#ifdef LDAP_X_OPT_CONNECT_TIMEOUT
>+	if ((rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &ct)) != LDAP_SUCCESS) {
>+		DEBUG(0,("Failed to setup a ldap connection timeout %d: %s\n",
>+			ct, ldap_err2string(rc)));
>+	}
>+#endif /* LDAP_X_OPT_CONNECT_TIMEOUT */
>+
> 	return LDAP_SUCCESS;
> }
> 
>@@ -1170,7 +1206,7 @@
> 	int 		rc = LDAP_SERVER_DOWN;
> 	int 		attempts = 0;
> 	char           *utf8_filter;
>-	time_t		endtime = time(NULL)+lp_ldap_timeout();
>+	time_t		endtime = time(NULL)+lp_ldap_operation_timeout();
> 	struct		timeval timeout;
> 
> 	SMB_ASSERT(ldap_state);
>@@ -1207,7 +1243,7 @@
> 	}
> 
> 	/* Setup timeout for the ldap_search_ext_s call - local and remote. */
>-	timeout.tv_sec = lp_ldap_timeout();
>+	timeout.tv_sec = lp_ldap_operation_timeout();
> 	timeout.tv_usec = 0;
> 
> 	/* Setup alarm timeout.... Do we need both of these ? JRA.
>@@ -1219,7 +1255,7 @@
> 
> 	got_alarm = 0;
> 	CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
>-	alarm(lp_ldap_timeout());
>+	alarm(lp_ldap_operation_timeout());
> 	/* End setup timeout. */
> 
> 	while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) {
>@@ -1356,7 +1392,7 @@
> 	int 		rc = LDAP_SERVER_DOWN;
> 	int 		attempts = 0;
> 	char           *utf8_dn;
>-	time_t		endtime = time(NULL)+lp_ldap_timeout();
>+	time_t		endtime = time(NULL)+lp_ldap_operation_timeout();
> 
> 	SMB_ASSERT(ldap_state);
> 
>@@ -1388,7 +1424,7 @@
> 	int 		rc = LDAP_SERVER_DOWN;
> 	int 		attempts = 0;
> 	char           *utf8_dn;
>-	time_t		endtime = time(NULL)+lp_ldap_timeout();
>+	time_t		endtime = time(NULL)+lp_ldap_operation_timeout();
> 	
> 	SMB_ASSERT(ldap_state);
> 
>@@ -1420,7 +1456,7 @@
> 	int 		rc = LDAP_SERVER_DOWN;
> 	int 		attempts = 0;
> 	char           *utf8_dn;
>-	time_t		endtime = time(NULL)+lp_ldap_timeout();
>+	time_t		endtime = time(NULL)+lp_ldap_operation_timeout();
> 	
> 	SMB_ASSERT(ldap_state);
> 
>@@ -1454,7 +1490,7 @@
> {
> 	int 		rc = LDAP_SERVER_DOWN;
> 	int 		attempts = 0;
>-	time_t		endtime = time(NULL)+lp_ldap_timeout();
>+	time_t		endtime = time(NULL)+lp_ldap_operation_timeout();
> 	
> 	if (!ldap_state)
> 		return (-1);
>--- source/libads/ldap.c.orig	Mon Jun 26 11:26:39 2006
>+++ source/libads/ldap.c	Mon Jun 26 11:27:57 2006
>@@ -86,13 +86,13 @@
> 	int result;
> 
> 	/* Setup timeout for the ldap_search_ext_s call - local and remote. */
>-	timeout.tv_sec = lp_ldap_timeout();
>+	timeout.tv_sec = lp_ldap_operation_timeout();
> 	timeout.tv_usec = 0;
> 
> 	/* Setup alarm timeout.... Do we need both of these ? JRA. */
> 	gotalarm = 0;
> 	CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
>-	alarm(lp_ldap_timeout());
>+	alarm(lp_ldap_operation_timeout());
> 	/* End setup timeout. */
> 
> 	result = ldap_search_ext_s(ld, base, scope, filter, attrs,
>@@ -324,7 +324,7 @@
> 	/* Otherwise setup the TCP LDAP session */
> 
> 	if ( (ads->ld = ldap_open_with_timeout(ads->config.ldap_server_name, 
>-		LDAP_PORT, lp_ldap_timeout())) == NULL )
>+		LDAP_PORT, lp_ldap_operation_timeout())) == NULL )
> 	{
> 		return ADS_ERROR(LDAP_OPERATIONS_ERROR);
> 	}
>--- source/nsswitch/winbindd_rpc.c.orig	Mon Jun 26 11:28:32 2006
>+++ source/nsswitch/winbindd_rpc.c	Mon Jun 26 11:29:00 2006
>@@ -677,7 +677,7 @@
> 	 * search timeout doesn't seem to apply to doing an open as well. JRA.
> 	 */
> 
>-	ldp = ldap_open_with_timeout(server, port, lp_ldap_timeout());
>+	ldp = ldap_open_with_timeout(server, port, lp_ldap_operation_timeout());
> 	if (ldp == NULL)
> 		return -1;
> 
>--- source/param/loadparm.c.orig	Mon Jun 26 11:29:14 2006
>+++ source/param/loadparm.c	Mon Jun 26 11:31:50 2006
>@@ -234,12 +234,14 @@
> 	int ldap_ssl;
> 	char *szLdapSuffix;
> 	char *szLdapAdminDn;
>+	char *ldap_cert_db;
> 	int iAclCompat;
> 	char *szCupsServer;
> 	char *szIPrintServer;
> 	int ldap_passwd_sync; 
> 	int ldap_replication_sleep;
>-	int ldap_timeout; /* This is initialised in init_globals */
>+	int ldap_connection_timeout;
>+	int ldap_operation_timeout;
> 	int ldap_page_size;
> 	BOOL ldap_delete_dn;
> 	BOOL bMsAddPrinterWizard;
>@@ -1162,6 +1164,7 @@
> 	{N_("Ldap Options"), P_SEP, P_SEPARATOR}, 
> 
> 	{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, FLAG_ADVANCED}, 
>+	{"ldap cert db", P_STRING, P_GLOBAL, &Globals.ldap_cert_db, NULL, NULL, FLAG_ADVANCED},
> 	{"ldap delete dn", P_BOOL, P_GLOBAL, &Globals.ldap_delete_dn, NULL, NULL, FLAG_ADVANCED}, 
> 	{"ldap group suffix", P_STRING, P_GLOBAL, &Globals.szLdapGroupSuffix, NULL, NULL, FLAG_ADVANCED}, 
> 	{"ldap idmap suffix", P_STRING, P_GLOBAL, &Globals.szLdapIdmapSuffix, NULL, NULL, FLAG_ADVANCED}, 
>@@ -1171,7 +1174,8 @@
> 	{"ldap replication sleep", P_INTEGER, P_GLOBAL, &Globals.ldap_replication_sleep, NULL, NULL, FLAG_ADVANCED},
> 	{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, FLAG_ADVANCED}, 
> 	{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED}, 
>-	{"ldap timeout", P_INTEGER, P_GLOBAL, &Globals.ldap_timeout, NULL, NULL, FLAG_ADVANCED},
>+	{"ldap connection timeout", P_INTEGER, P_GLOBAL, &Globals.ldap_connection_timeout, NULL, NULL, FLAG_ADVANCED},
>+	{"ldap operation timeout", P_INTEGER, P_GLOBAL, &Globals.ldap_operation_timeout, NULL, NULL, FLAG_ADVANCED},
> 	{"ldap page size", P_INTEGER, P_GLOBAL, &Globals.ldap_page_size, NULL, NULL, FLAG_ADVANCED},
> 	{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, NULL, NULL, FLAG_ADVANCED}, 
> 
>@@ -1567,11 +1571,13 @@
> 	string_set(&Globals.szLdapIdmapSuffix, "");
> 
> 	string_set(&Globals.szLdapAdminDn, "");
>+	string_set(&Globals.ldap_cert_db, "");
> 	Globals.ldap_ssl = LDAP_SSL_ON;
> 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
> 	Globals.ldap_delete_dn = False;
> 	Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
>-	Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT;
>+	Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
>+	Globals.ldap_operation_timeout = LDAP_OPERATION_DEFAULT_TIMEOUT;
> 	Globals.ldap_page_size = LDAP_PAGE_SIZE;
> 
> 	/* This is what we tell the afs client. in reality we set the token 
>@@ -1835,11 +1841,13 @@
> 
> FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
> FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
>+FN_GLOBAL_STRING(lp_ldap_cert_db, &Globals.ldap_cert_db)
> FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
> FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
> FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
> FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)
>-FN_GLOBAL_INTEGER(lp_ldap_timeout, &Globals.ldap_timeout)
>+FN_GLOBAL_INTEGER(lp_ldap_connection_timeout, &Globals.ldap_connection_timeout)
>+FN_GLOBAL_INTEGER(lp_ldap_operation_timeout, &Globals.ldap_operation_timeout)
> FN_GLOBAL_INTEGER(lp_ldap_page_size, &Globals.ldap_page_size)
> FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
> FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
>--- source/libads/cldap.c.orig	Mon Jun 26 12:31:35 2006
>+++ source/libads/cldap.c	Mon Jun 26 12:32:28 2006
>@@ -193,7 +193,7 @@
> 	/* Setup timeout */
> 	gotalarm = 0;
> 	CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
>-	alarm(lp_ldap_timeout());
>+	alarm(lp_ldap_operation_timeout());
> 	/* End setup timeout. */
>  
> 	ret = read(sock, blob.data, blob.length);

Actions: View

Attachments on bug 3504: 1724 | 1841 | 2182 | 3267