diff options
author | root <root@rshg054.dnsready.net> | 2011-09-22 23:14:43 +0000 |
---|---|---|
committer | root <root@rshg054.dnsready.net> | 2011-09-22 23:14:43 +0000 |
commit | 919a63ffc80158b2a5610fa87eb51fd5f8f724ba (patch) | |
tree | c33a4966d6efeeb95d903135603c9a402e0d22cb /testing/openldap | |
parent | b7f839da11975b9f2a964a82d591b7a8628f0931 (diff) |
Thu Sep 22 23:14:43 UTC 2011
Diffstat (limited to 'testing/openldap')
-rw-r--r-- | testing/openldap/PKGBUILD | 96 | ||||
-rw-r--r-- | testing/openldap/ntlm.patch | 230 | ||||
-rw-r--r-- | testing/openldap/openldap.install | 20 | ||||
-rwxr-xr-x | testing/openldap/slapd | 49 | ||||
-rw-r--r-- | testing/openldap/slapd.default | 6 |
5 files changed, 401 insertions, 0 deletions
diff --git a/testing/openldap/PKGBUILD b/testing/openldap/PKGBUILD new file mode 100644 index 000000000..d12720e4c --- /dev/null +++ b/testing/openldap/PKGBUILD @@ -0,0 +1,96 @@ +# $Id: PKGBUILD 138388 2011-09-21 13:18:13Z stephane $ +# Maintainer: + +pkgbase=openldap +pkgname=('libldap' 'openldap') +pkgver=2.4.26 +pkgrel=4 +arch=('i686' 'x86_64') +url="http://www.openldap.org/" +license=('custom') +makedepends=('groff' 'libfetch' 'e2fsprogs' 'libtool' 'util-linux' 'libsasl') +source=(ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${pkgbase}-${pkgver}.tgz + slapd slapd.default ntlm.patch) +md5sums=('f36f3086031dd56ae94f722ffae8df5e' + '40fdbdd6c343019cbadf4eb26c6189f2' + '6be69f6b7e522cb64cce8703da81ed32' + '4258ddbef923d1f29f2843bc050f8c56') + +build() { + cd "${srcdir}"/${pkgbase}-${pkgver} + patch -Np1 -i "${srcdir}"/ntlm.patch + sed -i 's|-m 644 $(LIBRARY)|-m 755 $(LIBRARY)|' libraries/{liblber,libldap,libldap_r}/Makefile.in + sed -i 's|#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"|#define LDAPI_SOCK LDAP_DIRSEP "run" LDAP_DIRSEP "openldap" LDAP_DIRSEP "ldapi"|' include/ldap_defaults.h + sed -i 's|%LOCALSTATEDIR%/run|/run/openldap|' servers/slapd/slapd.conf + sed -i 's|-$(MKDIR) $(DESTDIR)$(localstatedir)/run|-$(MKDIR) $(DESTDIR)/run/openldap|' servers/slapd/Makefile.in + + LDFLAGS="$LDFLAGS -L\"${pkgdir}\"/libldap/usr/lib" + ./configure --prefix=/usr --mandir=/usr/share/man --libexecdir=/usr/lib \ + --sysconfdir=/etc --localstatedir=/var/lib/openldap \ + --enable-ipv6 --enable-syslog --enable-local \ + --enable-bdb --enable-hdb \ + --enable-crypt --enable-dynamic \ + --with-threads --disable-wrappers \ + --enable-spasswd --with-cyrus-sasl \ + --enable-overlays=mod --enable-modules=yes + make +} + +check() { + cd "${srcdir}"/${pkgbase}-${pkgver} + make test +} + +package_libldap() { + pkgdesc="Lightweight Directory Access Protocol (LDAP) client libraries" + depends=('libsasl' 'libfetch' 'e2fsprogs') + backup=('etc/openldap/ldap.conf') + options=('!libtool') + + cd "${srcdir}"/${pkgbase}-${pkgver} + for dir in include libraries doc/man/man3 ; do + pushd ${dir} + make DESTDIR="${pkgdir}" install + popd + done + install -Dm644 doc/man/man5/ldap.conf.5.tmp "${pkgdir}"/usr/share/man/man5/ldap.conf.5 + +# get rid of duplicate default conf files + rm "${pkgdir}"/etc/openldap/*.default + + ln -sf liblber.so "${pkgdir}"/usr/lib/liblber.so.2 + ln -sf libldap.so "${pkgdir}"/usr/lib/libldap.so.2 + + install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE +} + +package_openldap() { + pkgdesc="Lightweight Directory Access Protocol (LDAP) client and server" + depends=("libldap>=${pkgver}" 'libtool' 'util-linux') + backup=('etc/openldap/slapd.conf' 'etc/conf.d/slapd') + options=('!libtool' 'emptydirs') + install=openldap.install + + cd "${srcdir}"/${pkgbase}-${pkgver} + for dir in clients servers doc/man/man{1,5,8} ; do + pushd ${dir} + make DESTDIR="${pkgdir}" install + popd + done + rm "${pkgdir}"/usr/share/man/man5/ldap.conf.5 + rm -r "${pkgdir}"/run + +# get rid of duplicate default conf files + rm "${pkgdir}"/etc/openldap/*.default + + ln -s ../lib/slapd "${pkgdir}"/usr/sbin/slapd + + chown root:439 "${pkgdir}"/etc/openldap/{slapd.conf,DB_CONFIG.example} + chmod 640 "${pkgdir}"/etc/openldap/{slapd.conf,DB_CONFIG.example} + + install -dm700 -o 439 -g 439 "${pkgdir}"/var/lib/openldap + install -dm700 -o 439 -g 439 "${pkgdir}"/etc/openldap/slapd.d + install -Dm755 "${srcdir}"/slapd "${pkgdir}"/etc/rc.d/slapd + install -Dm644 "${srcdir}"/slapd.default "${pkgdir}"/etc/conf.d/slapd + install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE +} diff --git a/testing/openldap/ntlm.patch b/testing/openldap/ntlm.patch new file mode 100644 index 000000000..6804b610d --- /dev/null +++ b/testing/openldap/ntlm.patch @@ -0,0 +1,230 @@ +Patch from evolution-exchange (2.10.3). The ldap_ntlm_bind function is +actually called by evolution-data-server, checked at version 1.12.2. +Without this patch, the Exchange addressbook integration uses simple binds +with cleartext passwords. + +Russ checked with openldap-software for upstream's opinion on this patch +on 2007-12-21. Upstream had never received it as a patch submission and +given that it's apparently only for older Exchange servers that can't do +SASL and DIGEST-MD5, it's not very appealing. + +Bug#457374 filed against evolution-data-server asking if this support is +still required on 2007-12-21. + +Index: trunk/include/ldap.h +=================================================================== +--- trunk.orig/include/ldap.h ++++ trunk/include/ldap.h +@@ -2461,5 +2461,25 @@ + LDAPControl **ctrls, + LDAPDerefRes **drp )); + ++/* ++ * hacks for NTLM ++ */ ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) ++LDAP_F( int ) ++ldap_ntlm_bind LDAP_P(( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp )); ++LDAP_F( int ) ++ldap_parse_ntlm_bind_result LDAP_P(( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge)); ++ + LDAP_END_DECL + #endif /* _LDAP_H */ +Index: trunk/libraries/libldap/ntlm.c +=================================================================== +--- /dev/null ++++ trunk/libraries/libldap/ntlm.c +@@ -0,0 +1,138 @@ ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ ++/* ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file ++ */ ++ ++/* Mostly copied from sasl.c */ ++ ++#include "portable.h" ++ ++#include <stdlib.h> ++#include <stdio.h> ++ ++#include <ac/socket.h> ++#include <ac/string.h> ++#include <ac/time.h> ++#include <ac/errno.h> ++ ++#include "ldap-int.h" ++ ++int ++ldap_ntlm_bind( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp ) ++{ ++ BerElement *ber; ++ int rc; ++ ber_int_t id; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( msgidp != NULL ); ++ ++ if( msgidp == NULL ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ /* create a message to send */ ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ assert( LBER_VALID( ber ) ); ++ ++ LDAP_NEXT_MSGID( ld, id ); ++ rc = ber_printf( ber, "{it{istON}" /*}*/, ++ id, LDAP_REQ_BIND, ++ ld->ld_version, dn, tag, ++ cred ); ++ ++ /* Put Server Controls */ ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ++ ld->ld_errno = LDAP_ENCODING_ERROR; ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ /* send the message */ ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); ++ ++ if(*msgidp < 0) ++ return ld->ld_errno; ++ ++ return LDAP_SUCCESS; ++} ++ ++int ++ldap_parse_ntlm_bind_result( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge) ++{ ++ ber_int_t errcode; ++ ber_tag_t tag; ++ BerElement *ber; ++ ber_len_t len; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( res != NULL ); ++ ++ if ( ld == NULL || res == NULL ) { ++ return LDAP_PARAM_ERROR; ++ } ++ ++ if( res->lm_msgtype != LDAP_RES_BIND ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ if ( ld->ld_error ) { ++ LDAP_FREE( ld->ld_error ); ++ ld->ld_error = NULL; ++ } ++ if ( ld->ld_matched ) { ++ LDAP_FREE( ld->ld_matched ); ++ ld->ld_matched = NULL; ++ } ++ ++ /* parse results */ ++ ++ ber = ber_dup( res->lm_ber ); ++ ++ if( ber == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ tag = ber_scanf( ber, "{ioa" /*}*/, ++ &errcode, challenge, &ld->ld_error ); ++ ber_free( ber, 0 ); ++ ++ if( tag == LBER_ERROR ) { ++ ld->ld_errno = LDAP_DECODING_ERROR; ++ return ld->ld_errno; ++ } ++ ++ ld->ld_errno = errcode; ++ ++ return( ld->ld_errno ); ++} ++ +Index: trunk/libraries/libldap/Makefile.in +=================================================================== +--- trunk.orig/libraries/libldap/Makefile.in ++++ trunk/libraries/libldap/Makefile.in +@@ -27,7 +27,7 @@ + init.c options.c print.c string.c util-int.c schema.c \ + charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ + tls2.c tls_o.c tls_g.c tls_m.c \ +- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ ++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \ + assertion.c deref.c ldif.c fetch.c + + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ +@@ -40,7 +40,7 @@ + init.lo options.lo print.lo string.lo util-int.lo schema.lo \ + charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ + tls2.lo tls_o.lo tls_g.lo tls_m.lo \ +- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ ++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \ + assertion.lo deref.lo ldif.lo fetch.lo + + LDAP_INCDIR= ../../include +Index: trunk/libraries/libldap_r/Makefile.in +=================================================================== +--- trunk.orig/libraries/libldap_r/Makefile.in ++++ trunk/libraries/libldap_r/Makefile.in +@@ -29,7 +29,7 @@ + init.c options.c print.c string.c util-int.c schema.c \ + charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ + tls2.c tls_o.c tls_g.c tls_m.c \ +- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ ++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \ + assertion.c deref.c ldif.c fetch.c + SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \ + thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \ +@@ -47,7 +47,7 @@ + init.lo options.lo print.lo string.lo util-int.lo schema.lo \ + charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ + tls2.lo tls_o.lo tls_g.lo tls_m.lo \ +- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ ++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \ + assertion.lo deref.lo ldif.lo fetch.lo + + LDAP_INCDIR= ../../include diff --git a/testing/openldap/openldap.install b/testing/openldap/openldap.install new file mode 100644 index 000000000..cf3cb9f25 --- /dev/null +++ b/testing/openldap/openldap.install @@ -0,0 +1,20 @@ +post_install(){ + groupadd -g 439 ldap &>/dev/null + useradd -u 439 -g ldap -d /var/lib/openldap -s /bin/false ldap &>/dev/null + chown -R ldap:ldap var/lib/openldap &>/dev/null +} + +post_upgrade(){ + getent group ldap >/dev/null 2>&1 || groupadd -g 439 ldap &>/dev/null + getent passwd ldap >/dev/null 2>&1 || useradd -u 439 -g ldap -d /var/lib/openldap -s /bin/false ldap &>/dev/null + chown -R ldap:ldap var/lib/openldap &>/dev/null +} + +post_remove(){ + if getent passwd ldap >/dev/null 2>&1; then + userdel ldap + fi + if getent group ldap >/dev/null 2>&1; then + groupdel ldap + fi +} diff --git a/testing/openldap/slapd b/testing/openldap/slapd new file mode 100755 index 000000000..4f212da66 --- /dev/null +++ b/testing/openldap/slapd @@ -0,0 +1,49 @@ +#!/bin/bash + +. /etc/rc.conf +. /etc/rc.d/functions + +[ -f "/etc/conf.d/slapd" ] && . /etc/conf.d/slapd + +PID=`pidof -o %PPID /usr/sbin/slapd` +case "$1" in + start) + stat_busy "Starting OpenLDAP" + [ ! -d /run/openldap ] && install -d -m755 -o ldap -g ldap /run/openldap + if [ -z "$PID" ]; then + if [ -z "$SLAPD_SERVICES" ]; then + /usr/sbin/slapd -u ldap -g ldap $SLAPD_OPTIONS + else + /usr/sbin/slapd -u ldap -g ldap -h "$SLAPD_SERVICES" $SLAPD_OPTIONS + fi + if [ $? -gt 0 ]; then + stat_fail + else + stat_done + fi + add_daemon slapd + else + stat_fail + fi + ;; + stop) + stat_busy "Stopping OpenLDAP" + [ ! -z "$PID" ] && kill $PID &> /dev/null + if [ $? -gt 0 ]; then + stat_fail + else + rm -f /run/openldap/slapd.pid + rm -f /run/openldap/slapd.args + rm_daemon slapd + stat_done + fi + ;; + restart) + $0 stop + sleep 3 + $0 start + ;; + *) + echo "usage: $0 {start|stop|restart}" +esac +exit 0 diff --git a/testing/openldap/slapd.default b/testing/openldap/slapd.default new file mode 100644 index 000000000..72ae2a6a7 --- /dev/null +++ b/testing/openldap/slapd.default @@ -0,0 +1,6 @@ +# slapd normally serves ldap only on all TCP-ports 389. slapd can also +# service requests on TCP-port 636 (ldaps) and requests via unix +# sockets. +# Example usage: +#SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" +SLAPD_OPTIONS="" |