[PATCH 2.2.7a] was: Samba & Referrals
C.Lee Taylor
leet at leenx.co.za
Sat Jan 11 15:52:01 GMT 2003
Buchan Milne wrote:
> On Sat, 11 Jan 2003, C.Lee Taylor wrote:
> We already run autoconf, just BuildRequires: autoconf, then:
>
> %build
> (cd source
> autoconf
> %configure
> etc ...
Okay, here is by patch for all three files ... should be able to use in
packaging ... with autoconf, configure ... still working on getting a
source patch, so that you patch without autoconf.
>> Maybe after successful testing, we could get Jerry ( I am sorry if I
>>get this wrong ... I always seem too ) to include this in Samba 2.2 as
>>production code.
>
> I am sure the patches will get into SAMBA_2_2 if the samba team thinks
> there will be another 2.2.x release, but it would be nice to have them in
> sooner so we can use official patches.
Agreed ...
Mailed
Lee
-------------- next part --------------
diff -uNr samba-2.2.7a.org/source/configure.in samba-2.2.7a/source/configure.in
--- samba-2.2.7a.org/source/configure.in 2002-12-10 03:01:00.000000000 +0200
+++ samba-2.2.7a/source/configure.in 2003-01-11 14:26:49.000000000 +0200
@@ -2114,6 +2114,15 @@
LDFLAGS="$old_LDFLAGS"
with_smbpasswd_sam=no
AC_SUBST(LDAPLIBS)
+AC_CACHE_CHECK(checking if ldap_set_rebind_proc takes 3 arguments, samba_cv_ldap_set_rebind_proc, [
+AC_TRY_COMPILE([
+#include <lber.h>
+#include <ldap.h>], [ldap_set_rebind_proc(0, 0, 0);], [samba_cv_ldap_set_rebind_proc=3], [samba_cv_ldap_set_rebind_proc=2]) ])
+if test x"$samba_cv_ldap_set_rebind_proc" = x"3"; then
+ AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS,3)
+else
+ AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS,2)
+fi
;;
*)
AC_MSG_RESULT(no)
@@ -2122,6 +2131,7 @@
AC_MSG_RESULT(no)
)
+
#################################################
# check for a NISPLUS password database
AC_MSG_CHECKING(whether to use NISPLUS SAM database)
diff -uNr samba-2.2.7a.org/source/include/config.h.in samba-2.2.7a/source/include/config.h.in
--- samba-2.2.7a.org/source/include/config.h.in 2002-12-10 16:58:14.000000000 +0200
+++ samba-2.2.7a/source/include/config.h.in 2003-01-11 14:26:11.000000000 +0200
@@ -231,6 +231,7 @@
#undef MMAP_BLACKLIST
#undef HAVE_CUPS
#undef WITH_LDAP_SAM
+#undef LDAP_SET_REBIND_PROC_ARGS
#undef WITH_NISPLUS_SAM
#undef WITH_SMBPASSWD_SAM
#undef WITH_TDB_SAM
diff -uNr samba-2.2.7a.org/source/passdb/pdb_ldap.c samba-2.2.7a/source/passdb/pdb_ldap.c
--- samba-2.2.7a.org/source/passdb/pdb_ldap.c 2002-12-10 16:58:15.000000000 +0200
+++ samba-2.2.7a/source/passdb/pdb_ldap.c 2003-01-11 14:22:26.000000000 +0200
@@ -64,6 +64,7 @@
};
static struct ldap_enum_info global_ldap_ent;
+static pstring ldap_secret;
extern pstring samlogon_user;
@@ -217,6 +218,110 @@
return True;
}
+
+/*******************************************************************
+ ldap rebind proc to rebind w/ the admin dn when following referrals
+*******************************************************************/
+
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+# if LDAP_SET_REBIND_PROC_ARGS == 3
+static int rebindproc_with_state (LDAP *ldap_struct,
+ LDAP_CONST char *url,
+ ber_tag_t request,
+ ber_int_t msgid, void *arg)
+{
+ int rc = 0;
+
+ DEBUG(2,("ldap_connect_system +2000/3: Rebinding as \"%s\"\n",
+ lp_ldap_admin_dn()));
+
+ /** @TODO Should we be doing something to check what servers we rebind to?
+ Could we get a referral to a machine that we don't want to give our
+ username and password to? */
+
+ if ( ( rc = ldap_simple_bind_s( ldap_struct, lp_ldap_admin_dn(), ldap_secret ) ) == LDAP_SUCCESS )
+ {
+ DEBUG( 2, ( "Rebind successful\n" ) );
+ }
+ else {
+ DEBUG( 2, ( "Rebind failed: %s\n", ldap_err2string( rc ) ) );
+ }
+ return rc;
+}
+# else
+static int rebindproc (LDAP *ldap_struct,
+ LDAP_CONST char *url,
+ ber_tag_t request,
+ ber_int_t msgid)
+{
+ int rc = 0;
+
+ DEBUG(2,("ldap_connect_system +2000/2: Rebinding as \"%s\"\n",
+ lp_ldap_admin_dn()));
+
+ /** @TODO Should we be doing something to check what servers we rebind to?
+ Could we get a referral to a machine that we don't want to give our
+ username and password to? */
+
+ if ( ( rc = ldap_simple_bind_s( ldap_struct, lp_ldap_admin_dn(), ldap_secret ) ) == LDAP_SUCCESS )
+ {
+ DEBUG( 2, ( "Rebind successful\n" ) );
+ }
+ else {
+ DEBUG( 2, ( "Rebind failed: %s\n", ldap_err2string( rc ) ) );
+ }
+ return rc;
+}
+# endif
+#endif
+
+
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+# else
+static int rebindproc_with_state (LDAP * ld, char **whop, char **credp,
+ int *methodp, int freeit, void *arg)
+{
+ register char *to_clear = *credp;
+
+
+ if (freeit) {
+ SAFE_FREE(*whop);
+ memset(*credp, '\0', strlen(*credp));
+ SAFE_FREE(*credp);
+ } else {
+ *whop = strdup(ldap_state->bind_dn);
+ if (!*whop) {
+ return LDAP_NO_MEMORY;
+ }
+ DEBUG(5,("ldap_connect_system: Rebinding as \"%s\"\n",
+ whop));
+
+ *credp = strdup(ldap_secret);
+ if (!*credp) {
+ SAFE_FREE(*whop);
+ return LDAP_NO_MEMORY;
+ }
+ *methodp = LDAP_AUTH_SIMPLE;
+ }
+ return LDAP_SUCCESS;
+}
+#endif
+
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+#else
+# if LDAP_SET_REBIND_PROC_ARGS == 2
+static int rebindproc (LDAP *ldap_struct, char **whop, char **credp,
+ int *method, int freeit )
+{
+ return rebindproc_with_state(ldap_struct, whop, credp,
+ method, freeit, NULL);
+
+}
+# endif
+#endif
+
+
+
/*******************************************************************
connect to the ldap server under system privilege.
******************************************************************/
@@ -224,7 +329,6 @@
{
int rc;
static BOOL got_pw = False;
- static pstring ldap_secret;
/* get the password if we don't have it already */
if (!got_pw && !(got_pw=fetch_ldap_pw(lp_ldap_admin_dn(), ldap_secret, sizeof(pstring))))
@@ -236,10 +340,18 @@
/* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
(OpenLDAP) doesnt' seem to support it */
-
- DEBUG(10,("ldap_connect_system: Binding to ldap server as \"%s\"\n",
+
+ DEBUG(0,("ldap_connect_system: Binding to ldap server as \"%s\"\n",
lp_ldap_admin_dn()));
-
+
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+# if LDAP_SET_REBIND_PROC_ARGS == 2
+ ldap_set_rebind_proc(ldap_struct, rebindproc);
+# else
+ ldap_set_rebind_proc(ldap_struct, rebindproc_with_state, NULL);
+# endif
+#endif
+
if ((rc = ldap_simple_bind_s(ldap_struct, lp_ldap_admin_dn(),
ldap_secret)) != LDAP_SUCCESS)
{
More information about the samba-technical
mailing list