The Samba-Bugzilla – Attachment 9216 Details for
Bug 10143
Mozldap C-SDK is not supported
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
diff agains 3.6.15 (3.6.18 only has offset in configure.in)
mozldap.patch (text/plain), 12.26 KB, created by
Jura Sasek
on 2013-09-16 18:47:06 UTC
(
hide
)
Description:
diff agains 3.6.15 (3.6.18 only has offset in configure.in)
Filename:
MIME Type:
Creator:
Jura Sasek
Created:
2013-09-16 18:47:06 UTC
Size:
12.26 KB
patch
obsolete
>--- a/source3/param/loadparm.c 2013-03-18 01:59:37.000000000 -0700 >+++ b/source3/param/loadparm.c 2013-05-10 23:59:37.528279300 +0200 >@@ -278,6 +278,9 @@ > int ldap_follow_referral; > char *szLdapSuffix; > char *szLdapAdminDn; >+ char *szLdapCertDBdir; >+ char *szLdapKeyDBdir; >+ bool ldap_privkey_open; > int ldap_debug_level; > int ldap_debug_threshold; > int iAclCompat; >@@ -3701,6 +3704,33 @@ > .flags = FLAG_ADVANCED, > }, > { >+ .label = "ldap certdb dir", >+ .type = P_STRING, >+ .p_class = P_GLOBAL, >+ .ptr = &Globals.szLdapCertDBdir, >+ .special = NULL, >+ .enum_list = NULL, >+ .flags = FLAG_ADVANCED, >+ }, >+ { >+ .label = "ldap keydb dir", >+ .type = P_STRING, >+ .p_class = P_GLOBAL, >+ .ptr = &Globals.szLdapKeyDBdir, >+ .special = NULL, >+ .enum_list = NULL, >+ .flags = FLAG_ADVANCED, >+ }, >+ { >+ .label = "ldap privkey open", >+ .type = P_BOOL, >+ .p_class = P_GLOBAL, >+ .ptr = &Globals.ldap_privkey_open, >+ .special = NULL, >+ .enum_list = NULL, >+ .flags = FLAG_ADVANCED, >+ }, >+ { > .label = "ldap delete dn", > .type = P_BOOL, > .p_class = P_GLOBAL, >@@ -5366,6 +5396,9 @@ > string_set(&Globals.szLdapIdmapSuffix, ""); > > string_set(&Globals.szLdapAdminDn, ""); >+ string_set(&Globals.szLdapCertDBdir, get_dyn_PRIVATE_DIR()); >+ string_set(&Globals.szLdapKeyDBdir, get_dyn_PRIVATE_DIR()); >+ Globals.ldap_privkey_open = False; > Globals.ldap_ssl = LDAP_SSL_START_TLS; > Globals.ldap_ssl_ads = False; > Globals.ldap_deref = -1; >@@ -5747,6 +5780,9 @@ > > FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix) > FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn) >+FN_GLOBAL_STRING(lp_ldap_certdb_dir, &Globals.szLdapCertDBdir) >+FN_GLOBAL_STRING(lp_ldap_keydb_dir, &Globals.szLdapKeyDBdir) >+FN_GLOBAL_BOOL(lp_ldap_privkey_open, &Globals.ldap_privkey_open) > FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl) > FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads) > FN_GLOBAL_INTEGER(lp_ldap_deref, &Globals.ldap_deref) >--- a/source3/include/proto.h 2013-03-18 01:59:37.000000000 -0700 >+++ b/source3/include/proto.h 2013-05-11 00:04:26.565521200 +0200 >@@ -1429,6 +1429,9 @@ > bool lp_passdb_expand_explicit(void); > char *lp_ldap_suffix(void); > char *lp_ldap_admin_dn(void); >+char *lp_ldap_certdb_dir(void); >+char *lp_ldap_keydb_dir(void); >+bool lp_ldap_privkey_open(void); > int lp_ldap_ssl(void); > bool lp_ldap_ssl_ads(void); > int lp_ldap_deref(void); >--- a/source3/include/smb_ldap.h 2013-03-18 01:59:37.000000000 -0700 >+++ b/source3/include/smb_ldap.h 2013-04-29 13:33:34.602541500 -0700 >@@ -63,6 +63,10 @@ > > #endif /* HAVE_LDAP_H */ > >+#if HAVE_LDAP_SSL_H >+#include <ldap_ssl.h> >+#endif /* HAVE_LDAP_SSL_H */ >+ > #ifndef HAVE_LDAP > #define LDAP void > #define LDAPMessage void >--- a/source3/lib/smbldap.c 2013-05-08 10:16:26.000000000 +0200 >+++ b/source3/lib/smbldap.c 2013-07-03 09:00:28.482477500 +0200 >@@ -780,7 +780,7 @@ > > int smb_ldap_start_tls(LDAP *ldap_struct, int version) > { >-#ifdef LDAP_OPT_X_TLS >+#ifdef HAVE_LDAP_START_TLS_S > int rc; > #endif > >@@ -788,12 +788,24 @@ > return LDAP_SUCCESS; > } > >-#ifdef LDAP_OPT_X_TLS >+#ifdef HAVE_LDAP_START_TLS_S > if (version != LDAP_VERSION3) { > DEBUG(0, ("Need LDAPv3 for Start TLS\n")); > return LDAP_OPERATIONS_ERROR; > } > >+#ifdef HAVE_LDAPSSL_INIT /* Netscape */ >+ rc = ldapssl_clientauth_init(lp_ldap_certdb_dir(), NULL, >+ lp_ldap_privkey_open(), lp_ldap_keydb_dir(), NULL); >+ if (rc != LDAP_SUCCESS) { >+ DEBUG(0,("ldapssl_clientauth_init with '%s' cert db, " >+ "%s key db, failed: %s\n", >+ lp_ldap_certdb_dir(), lp_ldap_keydb_dir(), >+ ldap_err2string(rc))); >+ return rc; >+ } >+#endif /* HAVE_LDAPSSL_INIT */ >+ > if ((rc = ldap_start_tls_s (ldap_struct, NULL, NULL)) != LDAP_SUCCESS) { > DEBUG(0,("Failed to issue the StartTLS instruction: %s\n", > ldap_err2string(rc))); >@@ -802,12 +814,14 @@ > > DEBUG (3, ("StartTLS issued: using a TLS connection\n")); > return LDAP_SUCCESS; >-#else >+ >+#else /* ! HAVE_LDAP_START_TLS_S */ > DEBUG(0,("StartTLS not supported by LDAP client libraries!\n")); > return LDAP_OPERATIONS_ERROR; >-#endif >+#endif /* HAVE_LDAP_START_TLS_S */ > } > >+ > /******************************************************************** > setup a connection to the LDAP server based on a uri > *******************************************************************/ >@@ -815,8 +829,24 @@ > static int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri) > { > int rc; >+#ifdef LDAP_OPT_TIMELIMIT >+ int ot = lp_ldap_timeout(); >+#endif >+#ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */ >+ int ct = lp_ldap_connection_timeout() * 1000; >+#elif defined (LDAP_OPT_NETWORK_TIMEOUT) /* OpenLDAP */ >+ struct timeval ct; >+#endif >+#ifndef HAVE_LDAP_INITIALIZE >+ int port = 0; >+ fstring protocol; >+ fstring host; >+ /* Following symbols are only available if Mozldap */ >+ /* is compiled with LDAP_DEBUG on */ >+ /* extern int lber_debug, ldap_debug; */ >+#endif > >- DEBUG(10, ("smb_ldap_setup_connection: %s\n", uri)); >+ DEBUG(10, ("smb_ldap_setup_conn: %s\n", uri)); > > #ifdef HAVE_LDAP_INITIALIZE > >@@ -837,74 +867,105 @@ > return LDAP_SUCCESS; > #else > >+ /* lber_debug = 255 ; */ >+ /* ldap_debug = 1023 | 0x4000 ; */ >+ > /* Parse the string manually */ > >- { >- int port = 0; >- fstring protocol; >- fstring host; >- SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); >+ SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); > > >- /* skip leading "URL:" (if any) */ >- if ( strnequal( uri, "URL:", 4 ) ) { >- uri += 4; >- } >+ /* skip leading "URL:" (if any) */ >+ if ( strnequal( uri, "URL:", 4 ) ) { >+ uri += 4; >+ } > >- sscanf(uri, "%10[^:]://%254[^:/]:%d", protocol, host, &port); >+ sscanf(uri, "%10[^:]://%254[^:/]:%d", protocol, host, &port); > >- if (port == 0) { >- if (strequal(protocol, "ldap")) { >- port = LDAP_PORT; >- } else if (strequal(protocol, "ldaps")) { >- port = LDAPS_PORT; >- } else { >- DEBUG(0, ("unrecognised protocol (%s)!\n", protocol)); >- } >+ if (port == 0) { >+ if (strequal(protocol, "ldap")) { >+ port = LDAP_PORT; >+ } else if (strequal(protocol, "ldaps")) { >+ port = LDAPS_PORT; >+ } else { >+ DEBUG(0, ("unrecognised protocol (%s)!\n", protocol)); >+ return LDAP_OPERATIONS_ERROR; > } >+ } > >+ if (strequal(protocol, "ldap")) { > if ((*ldap_struct = ldap_init(host, port)) == NULL) { > DEBUG(0, ("ldap_init failed !\n")); > return LDAP_OPERATIONS_ERROR; > } >- >- if (strequal(protocol, "ldaps")) { >+ } else if (strequal(protocol, "ldaps")) { > #ifdef LDAP_OPT_X_TLS >- int tls = LDAP_OPT_X_TLS_HARD; >- if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) >- { >- DEBUG(0, ("Failed to setup a TLS session\n")); >+ int tls = LDAP_OPT_X_TLS_HARD; >+ if ((*ldap_struct = ldap_init(host, port)) == NULL) { >+ DEBUG(0, ("ldap_init failed !\n")); >+ return LDAP_OPERATIONS_ERROR; >+ } >+ if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) { >+ DEBUG(0, ("Failed to setup a TLS session\n")); >+ } >+ >+ DEBUG(3,("LDAPS option set...!\n")); >+ >+#elif defined(HAVE_LDAPSSL_INIT) /* Netscape */ >+ if (*ldap_struct != NULL) { >+ rc = ldap_unbind_s(*ldap_struct); >+ if (rc == LDAP_SUCCESS) { >+ DEBUG(10, ("LDAP already bound... unbound.\n")); >+ } else { >+ DEBUG(10, ("ldap_unbind_s failed: %s\n", >+ ldap_err2string(rc))); > } >+ *ldap_struct = NULL; >+ } >+ rc = ldapssl_clientauth_init(lp_ldap_certdb_dir(), NULL, >+ lp_ldap_privkey_open(), lp_ldap_keydb_dir(), NULL); >+ if (rc != LDAP_SUCCESS) { >+ DEBUG(0,("ldapssl_clientauth_init with '%s' cert db, " >+ "%s key db, failed: %s\n", >+ lp_ldap_certdb_dir(), lp_ldap_keydb_dir(), >+ ldap_err2string(rc))); >+ return rc; >+ } > >- DEBUG(3,("LDAPS option set...!\n")); >+ if ((*ldap_struct = ldapssl_init(host, port, True)) == NULL) { >+ DEBUG(0, ("ldapssl_init to %s:%d failed!\n", host, >+ port)); >+ return LDAP_OPERATIONS_ERROR; >+ } > #else >- DEBUG(0,("smbldap_open_connection: Secure connection not supported by LDAP client libraries!\n")); >+ DEBUG(0,("smbldap_open_connection: Secure connection not supported by LDAP client libraries!\n")); > return LDAP_OPERATIONS_ERROR; > #endif /* LDAP_OPT_X_TLS */ >- } > } > #endif /* HAVE_LDAP_INITIALIZE */ > >+#ifdef LDAP_OPT_TIMELIMIT >+ rc = ldap_set_option(*ldap_struct, LDAP_OPT_TIMELIMIT, &ot); >+ if (rc != LDAP_SUCCESS) { >+ DEBUG(0,("Failed to setup a ldap operation timeout %d: %s\n", >+ ot, ldap_err2string(rc))); >+ } >+#endif >+ > /* now set connection timeout */ > #ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */ >- { >- int ct = lp_ldap_connection_timeout()*1000; >- rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &ct); >- if (rc != LDAP_SUCCESS) { >- DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n", >- ct, ldap_err2string(rc))); >- } >+ rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &ct); >+ if (rc != LDAP_SUCCESS) { >+ DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n", >+ ct, ldap_err2string(rc))); > } > #elif defined (LDAP_OPT_NETWORK_TIMEOUT) /* OpenLDAP */ >- { >- struct timeval ct; >- ct.tv_usec = 0; >- ct.tv_sec = lp_ldap_connection_timeout(); >- rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT, &ct); >- if (rc != LDAP_SUCCESS) { >- DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n", >- (int)ct.tv_sec, ldap_err2string(rc))); >- } >+ ct.tv_usec = 0; >+ ct.tv_sec = lp_ldap_connection_timeout(); >+ rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT, &ct); >+ if (rc != LDAP_SUCCESS) { >+ DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n", >+ (int)ct.tv_sec, ldap_err2string(rc))); > } > #endif > >@@ -1094,7 +1155,7 @@ > * our credentials. At least *try* to secure the connection - Guenther */ > > smb_ldap_upgrade_conn(ldap_struct, &version); >- smb_ldap_start_tls(ldap_struct, version); >+ /* smb_ldap_start_tls(ldap_struct, version); */ > > /** @TODO Should we be doing something to check what servers we rebind to? > Could we get a referral to a machine that we don't want to give our >--- a/source3/configure.in 2013-04-26 03:05:37.000000000 -0700 >+++ b/source3/configure.in 2013-05-09 13:54:35.613605329 -0700 >@@ -3485,6 +3485,14 @@ > fi > > ################################################################## >+ # check for ldap_ssl.h (Mozldap) >+ AC_CHECK_HEADERS([ldap_ssl.h], [], [], >+ [[#if HAVE_LDAP_H >+ #include <ldap.h> >+ #endif >+ ]]) >+ >+ ################################################################## > # HP/UX does not have ber_tag_t in lber.h - it must be configured as > # unsigned int in include/includes.h > case $host_os in >@@ -3551,6 +3562,14 @@ > AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init) > > ######################################################## >+ # check for Netscape mozldap SSL API >+ AC_CHECK_FUNC_EXT(ldapssl_init,$LDAP_LIBS) >+ >+ ######################################################## >+ # check for StartTLS on API >+ AC_CHECK_FUNC_EXT(ldap_start_tls_s,$LDAP_LIBS) >+ >+ ######################################################## > # If we have LDAP, does it's rebind procedure take 2 or 3 arguments? > # Check found in pam_ldap 145. > AC_CHECK_FUNC_EXT(ldap_set_rebind_proc,$LDAP_LIBS) >@@ -3627,33 +3646,17 @@ > # Check to see whether there is enough LDAP functionality to be able > # to build AD support. > >-# HPUX only has ldap_init; ok, we take care of this in smbldap.c >-case "$host_os" in >- *hpux*) >- AC_CHECK_FUNC_EXT(ldap_init,$LDAP_LIBS) >+ # URL-open support is added into smbldap.c so ldap_init is enough >+ AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init) > >- if test x"$ac_cv_func_ext_ldap_init" != x"yes"; then >+ if test x"$ac_cv_lib_ext_ldap_ldap_init" != x"yes"; then > if test x"$with_ads_support" = x"yes"; then >- AC_MSG_ERROR(Active Directory support on HPUX requires ldap_init) >+ AC_MSG_ERROR(Active Directory support requires ldap_init) > elif test x"$with_ads_support" = x"auto"; then >- AC_MSG_WARN(Disabling Active Directory support (requires ldap_init on HPUX)) >+ AC_MSG_WARN(Disabling Active Directory support (requires ldap_init)) > with_ads_support=no > fi > fi >- ;; >- *) >- AC_CHECK_FUNC_EXT(ldap_initialize,$LDAP_LIBS) >- >- if test x"$ac_cv_func_ext_ldap_initialize" != x"yes"; then >- if test x"$with_ads_support" = x"yes"; then >- AC_MSG_ERROR(Active Directory support requires ldap_initialize) >- elif test x"$with_ads_support" = x"auto"; then >- AC_MSG_WARN(Disabling Active Directory support (requires ldap_initialize)) >- with_ads_support=no >- fi >- fi >- ;; >-esac > > > AC_CHECK_FUNC_EXT(ldap_add_result_entry,$LDAP_LIBS)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9216">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 10143
: 9216