pool/dhcp
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=3

Browse Source
This commit is contained in:
OBS User unknown 2007-03-15 00:23:11 +00:00 committed by Git OBS Bridge
parent e6256e3a47
commit d3351598a0
13 changed files with 190 additions and 1173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
SuSEfirewall2.dhcp-server Normal file
View File

@ -0,0 +1,22 @@
## Name: DHCP Server
## Description: Opens ports for ISC DHCP Server.
#
# For a more detailed description of the individual variables see
# the comments for FW_SERVICES_*_EXT in /etc/sysconfig/SuSEfirewall2
#
# space separated list of allowed TCP ports
TCP=""
# space separated list of allowed UDP ports
UDP="bootps"
# space separated list of allowed RPC services
RPC=""
# space separated list of allowed IP protocols
IP=""
# space separated list of allowed UDP broadcast ports
BROADCAST="bootps"

53
dhcp-3.0.5-ldap-patch-casa-fix.dif
View File

@ -1,53 +0,0 @@
--- server/ldap.c
+++ server/ldap.c 2007/01/24 12:43:12
@@ -462,7 +462,7 @@
{
ret = dmalloc (db.len + 1, MDL);
if (ret == NULL)
- log_fatal ("no memory for ldap username");
+ log_fatal ("no memory for ldap option %d value", option_name);
memcpy (ret, db.data, db.len);
ret[db.len] = 0;
@@ -562,7 +562,7 @@
SV_LDAP_DEBUG_FILE);
#if defined (LDAP_CASA_AUTH)
- if (!load_uname_pwd_from_miCASA(ldap_username,ldap_password))
+ if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
{
#if defined (DEBUG_LDAP)
log_info ("Authentication credential taken from file");
--- server/ldap_casa.c
+++ server/ldap_casa.c 2007/01/24 12:43:12
@@ -81,9 +81,9 @@
load_uname_pwd_from_miCASA (char **ldap_username, char **ldap_password)
{
int result = 0;
- int32_t credentialtype = SSCS_CRED_TYPE_SERVER_F;
- SSCS_BASIC_CREDENTIAL credential = {0};
- SSCS_SECRET_ID_T applicationSecretId = {0};
+ uint32_t credentialtype = SSCS_CRED_TYPE_SERVER_F;
+ SSCS_BASIC_CREDENTIAL credential;
+ SSCS_SECRET_ID_T applicationSecretId;
char *tempVar = NULL;
const char applicationName[10] = "dhcp-ldap";
@@ -105,15 +105,15 @@
if(credential.unLen)
{
tempVar = dmalloc (credential.unLen + 1, MDL);
- memcpy(tempVar , credential.username, credential.unLen);
if (!tempVar)
log_fatal ("no memory for ldap_username");
+ memcpy(tempVar , credential.username, credential.unLen);
*ldap_username = tempVar;
tempVar = dmalloc (credential.pwordLen + 1, MDL);
- memcpy(tempVar, credential.password, credential.pwordLen);
if (!tempVar)
log_fatal ("no memory for ldap_password");
+ memcpy(tempVar, credential.password, credential.pwordLen);
*ldap_password = tempVar;
#if defined (DEBUG_LDAP)

66
dhcp-3.0.5-ldap-patch-dhcp-cn.dif
View File

@ -1,66 +0,0 @@
--- includes/dhcpd.h
+++ includes/dhcpd.h 2007/01/24 12:44:24
@@ -461,7 +461,7 @@
# define SV_LDAP_BASE_DN 51
# define SV_LDAP_METHOD 52
# define SV_LDAP_DEBUG_FILE 53
-# define SV_LDAP_SERVER_CN 54
+# define SV_LDAP_DHCP_SERVER_CN 54
#endif
#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
--- server/ldap.c
+++ server/ldap.c 2007/01/24 12:44:24
@@ -51,7 +51,7 @@
*ldap_username = NULL,
*ldap_password = NULL,
*ldap_base_dn = NULL,
- *ldap_server_cn = NULL,
+ *ldap_dhcp_server_cn = NULL,
*ldap_debug_file = NULL;
static int ldap_port = LDAP_PORT,
ldap_method = LDAP_METHOD_DYNAMIC,
@@ -553,8 +553,8 @@
options, &global_scope, root_group, (struct group *) NULL);
ldap_server = _do_lookup_dhcp_string_option (options, SV_LDAP_SERVER);
- ldap_server_cn = _do_lookup_dhcp_string_option (options,
- SV_LDAP_SERVER_CN);
+ ldap_dhcp_server_cn = _do_lookup_dhcp_string_option (options,
+ SV_LDAP_DHCP_SERVER_CN);
ldap_port = _do_lookup_dhcp_int_option (options, SV_LDAP_PORT);
ldap_base_dn = _do_lookup_dhcp_string_option (options, SV_LDAP_BASE_DN);
ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD);
@@ -1123,10 +1123,10 @@
return (res);
uname (&unme);
- if (ldap_server_cn != NULL)
+ if (ldap_dhcp_server_cn != NULL)
{
snprintf (hfilter, sizeof (hfilter),
- "(&(objectClass=dhcpServer)(cn=%s))", ldap_server_cn);
+ "(&(objectClass=dhcpServer)(cn=%s))", ldap_dhcp_server_cn);
}
else
{
@@ -1148,7 +1148,7 @@
hfilter, NULL, 0, &hostres)) != LDAP_SUCCESS)
{
log_error ("Cannot find host LDAP entry %s %s",
- ((ldap_server_cn == NULL)?(unme.nodename):(ldap_server_cn)), hfilter);
+ ((ldap_dhcp_server_cn == NULL)?(unme.nodename):(ldap_dhcp_server_cn)), hfilter);
if(NULL != hostres)
ldap_msgfree (hostres);
ldap_stop();
--- server/stables.c
+++ server/stables.c 2007/01/24 12:44:24
@@ -491,7 +491,7 @@
{ "ldap-base-dn", "t", &server_universe, 51 },
{ "ldap-method", "Nldap-methods.", &server_universe, 52 },
{ "ldap-debug-file", "t", &server_universe, 53 },
- { "ldap-server-cn", "t", &server_universe, 54 },
+ { "ldap-dhcp-server-cn", "t", &server_universe, 54 },
#else
{ "unknown-47", "X", &server_universe, 47 },
{ "unknown-48", "X", &server_universe, 48 },

29
dhcp-3.0.5-ldap-patch-ldap_read.dif
View File

@ -1,29 +0,0 @@
--- server/ldap.c
+++ server/ldap.c 2007/02/20 09:38:15
@@ -1249,12 +1249,13 @@
cfile->inbuf[0] = '\0';
cfile->buflen = 0;
+ while (ldap_stack != NULL && *cfile->inbuf == '\0')
+ ldap_generate_config_string (cfile);
+
if (ldap_stack == NULL && *cfile->inbuf == '\0')
return (EOF);
- if (ldap_stack != NULL && *cfile->inbuf == '\0')
- ldap_generate_config_string (cfile);
-
+ cfile->bufix = 1;
cfile->buflen = strlen (cfile->inbuf);
if (cfile->buflen > 0)
ldap_write_debug (cfile->inbuf, cfile->buflen);
@@ -1263,9 +1264,6 @@
log_info ("Sending config line '%s'", cfile->inbuf);
#endif
- cfile->buflen = strlen (cfile->inbuf);
- cfile->bufix = 1;
-
return (cfile->inbuf[0]);
}

57
dhcp-3.0.5-ldap-patch-nomd5.dif
View File

@ -1,57 +0,0 @@
--- dst/Makefile.dist
+++ dst/Makefile.dist 2007/01/24 13:20:43
@@ -21,14 +21,15 @@
# <info@isc.org>
# http://www.isc.org/
-SRC = dst_support.c dst_api.c hmac_link.c base64.c prandom.c
-OBJ = dst_support.o dst_api.o hmac_link.o base64.o prandom.o
+SRC = dst_support.c dst_api.c hmac_link.c md5_dgst.c base64.c prandom.c
+OBJ = dst_support.o dst_api.o hmac_link.o md5_dgst.o base64.o prandom.o
+OBJ_NM5= dst_support.o dst_api.o hmac_link.o base64.o prandom.o
HDRS = dst_internal.h md5.h md5_locl.h
INCLUDES = $(BINDINC) -I$(TOP)/includes
CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS) -DHMAC_MD5 -DMINIRES_LIB
-all: libdst.a
+all: libdst.a libdst-nomd5.a
install:
@@ -37,11 +38,16 @@
ar cruv libdst.a $(OBJ)
$(RANLIB) libdst.a
+libdst-nomd5.a: $(OBJ_NM5)
+ rm -f libdst-nomd5.a
+ ar cruv libdst-nomd5.a $(OBJ_NM5)
+ $(RANLIB) libdst-nomd5.a
+
depend:
$(MKDEP) $(INCLUDES) $(PREDEFINES) $(SRC)
clean:
- -rm -f $(OBJ) libdst.a
+ -rm -f $(OBJ) libdst.a libdst-nomd5.a
realclean: clean
-rm -f *~ $(CATMANPAGES) $(SEDMANPAGES)
--- server/Makefile.dist
+++ server/Makefile.dist 2007/01/24 13:15:15
@@ -32,7 +32,7 @@
MAN = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes
-DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst.a
+DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst-nomd5.a -lssl -lcrypto -lldap -llber
CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS)
all: $(PROG) $(CATMANPAGES)
--- site.conf
+++ site.conf 2007/01/24 13:18:36
@@ -1,4 +1,3 @@
# Put local site configuration stuff here to override the default
# settings in Makefile.conf
#COPTS = -DDEBUG_LDAP -DLDAP_CASA_AUTH -DDEBUG_CLASS_MATCHING -Wall -O -Wno-unused
-LIBS=-lssl -lcrypto -lldap -llber

107
dhcp-3.0.5-ldap-patch-referrals.dif
View File

@ -1,107 +0,0 @@
--- includes/dhcpd.h
+++ includes/dhcpd.h 2007/01/24 13:50:54
@@ -462,6 +462,7 @@
# define SV_LDAP_METHOD 52
# define SV_LDAP_DEBUG_FILE 53
# define SV_LDAP_DHCP_SERVER_CN 54
+# define SV_LDAP_REFERRALS 55
#endif
#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
--- server/ldap.c
+++ server/ldap.c 2007/01/24 14:25:16
@@ -55,6 +55,7 @@
*ldap_debug_file = NULL;
static int ldap_port = LDAP_PORT,
ldap_method = LDAP_METHOD_DYNAMIC,
+ ldap_referrals = -1,
ldap_debug_fd = -1;
static struct ldap_config_stack *ldap_stack = NULL;
@@ -532,6 +533,34 @@
return (ret);
}
+int
+ldap_rebind_cb (LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *parms)
+{
+ int ret;
+ LDAPURLDesc *ldapurl = NULL;
+ char *who = NULL, *pwd = NULL;
+
+ log_info("LDAP rebind to '%s'", url);
+ if ((ret = ldap_url_parse(url, &ldapurl)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Can not parse ldap rebind url '%s': %s",
+ url, ldap_err2string(ret));
+ return ret;
+ }
+
+ if (ldap_username != NULL || *ldap_username != '\0')
+ {
+ who = ldap_username;
+ pwd = ldap_password;
+ }
+
+ if ((ret = ldap_simple_bind_s (ld, who, pwd)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot login into ldap server %s:%d: %s",
+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
+ }
+ return ret;
+}
static void
ldap_start (void)
@@ -560,6 +589,7 @@
ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD);
ldap_debug_file = _do_lookup_dhcp_string_option (options,
SV_LDAP_DEBUG_FILE);
+ ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS);
#if defined (LDAP_CASA_AUTH)
if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
@@ -611,6 +641,23 @@
ldap_err2string (ret));
}
+ if (ldap_referrals != -1)
+ {
+ if ((ret = ldap_set_option (ld, LDAP_OPT_REFERRALS, ldap_referrals ?
+ LDAP_OPT_ON : LDAP_OPT_OFF)) != LDAP_OPT_SUCCESS)
+ {
+ log_error ("Cannot %s LDAP referrals option: %s",
+ (ldap_referrals ? "enable" : "disable"),
+ ldap_err2string (ret));
+ }
+ }
+
+ if ((ret = ldap_set_rebind_proc(ld, ldap_rebind_cb, NULL)) != LDAP_SUCCESS)
+ {
+ log_error ("Warning: Cannot set ldap rebind procedure: %s",
+ ldap_err2string (ret));
+ }
+
#if defined (USE_SSL)
if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
log_error ("Warning: Cannot start TLS session to %s: %s",
--- server/stables.c
+++ server/stables.c 2007/01/24 13:52:54
@@ -492,6 +492,7 @@
{ "ldap-method", "Nldap-methods.", &server_universe, 52 },
{ "ldap-debug-file", "t", &server_universe, 53 },
{ "ldap-dhcp-server-cn", "t", &server_universe, 54 },
+ { "ldap-referrals", "f", &server_universe, 55 },
#else
{ "unknown-47", "X", &server_universe, 47 },
{ "unknown-48", "X", &server_universe, 48 },
@@ -501,8 +502,8 @@
{ "unknown-52", "X", &server_universe, 52 },
{ "unknown-53", "X", &server_universe, 53 },
{ "unknown-54", "X", &server_universe, 54 },
-#endif
{ "unknown-55", "X", &server_universe, 55 },
+#endif
{ "unknown-56", "X", &server_universe, 56 },
{ "unknown-57", "X", &server_universe, 57 },
{ "unknown-58", "X", &server_universe, 58 },

113
dhcp-3.0.5-ldap-patch-schema.dif
View File

@ -1,113 +0,0 @@
--- contrib/dhcp.schema
+++ contrib/dhcp.schema 2007/01/24 12:45:49
@@ -268,73 +268,67 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 2.16.840.1.113719.1.203.4.46
- NAME 'dhcpFailOverRole'
+ NAME 'dhcpFailOverPrimaryServer'
EQUALITY caseIgnoreIA5Match
- DESC 'Role of the DHCP Server. Either primary or secondary'
+ DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.47
- NAME 'dhcpFailOverReceiveAddress'
+ NAME 'dhcpFailOverSecondaryServer'
EQUALITY caseIgnoreIA5Match
- DESC 'IP address or DNS name on which the server should listen for connections from its fail over peer'
+ DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-attributetype ( 2.16.840.1.113719.1.203.4.48
- NAME 'dhcpFailOverPeerAddress'
- EQUALITY caseIgnoreIA5Match
- DESC 'IP address or DNS name to which the server should connect to reach its fail over peer'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.49
- NAME 'dhcpFailOverPeerPort'
+attributetype ( 2.16.840.1.113719.1.203.4.48
+ NAME 'dhcpFailOverPrimaryPort'
EQUALITY integerMatch
- DESC 'Port to which server should connect to reach its fail over peer'
+ DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.50
- NAME 'dhcpFailOverReceivePort'
+attributetype ( 2.16.840.1.113719.1.203.4.49
+ NAME 'dhcpFailOverSecondaryPort'
EQUALITY integerMatch
- DESC 'Port on which server should listen for connections from its fail over peer'
+ DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.51
+attributetype ( 2.16.840.1.113719.1.203.4.50
NAME 'dhcpFailOverResponseDelay'
EQUALITY integerMatch
DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.52
- NAME 'dhcpFailOverUnpackedUpdates'
+attributetype ( 2.16.840.1.113719.1.203.4.51
+ NAME 'dhcpFailOverUnackedUpdates'
EQUALITY integerMatch
DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.53
+attributetype ( 2.16.840.1.113719.1.203.4.52
NAME 'dhcpFailOverSplit'
EQUALITY integerMatch
DESC 'Split between the primary and secondary servers for fail over purpose'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.54
+attributetype ( 2.16.840.1.113719.1.203.4.53
NAME 'dhcpFailOverLoadBalanceTime'
EQUALITY integerMatch
DESC 'Cutoff time in seconds, after which load balance is disabled'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.55
+attributetype ( 2.16.840.1.113719.1.203.4.54
NAME 'dhcpFailOverPeerDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
#List of all servers in the tree
-attributetype ( 2.16.840.1.113719.1.203.4.56
+attributetype ( 2.16.840.1.113719.1.203.4.55
NAME 'dhcpServerDN'
EQUALITY distinguishedNameMatch
DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-attributetype ( 2.16.840.1.113719.1.203.4.57
+attributetype ( 2.16.840.1.113719.1.203.4.56
NAME 'dhcpComments'
EQUALITY caseIgnoreIA5Match
DESC 'Generic attribute that allows coments within any DHCP object'
@@ -415,7 +409,7 @@
DESC 'This class represents an IP Address, which may or may not have been leased.'
SUP top
MUST ( cn $ dhcpAddressState )
- MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpOption )
+ MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress )
X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
objectclass ( 2.16.840.1.113719.1.203.6.11
@@ -454,7 +448,8 @@
NAME 'dhcpFailOverPeer'
DESC 'This class defines the Fail over peer'
SUP top
- MUST ( cn $ dhcpFailOverRole $ dhcpFailOverReceiveAddress $ dhcpFailOverPeerAddress $ dhcpFailoverReceivePort $ dhcpFailOverPeerPort ) MAY ( dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+ MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments )
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.16
NAME 'dhcpLocator'

433
dhcp-3.0.5-ldap-patch-ssl-opts.dif
View File

@ -1,433 +0,0 @@
--- includes/dhcpd.h
+++ includes/dhcpd.h 2007/01/24 14:28:48
@@ -255,6 +255,12 @@
# define LDAP_BUFFER_SIZE 8192
# define LDAP_METHOD_STATIC 0
# define LDAP_METHOD_DYNAMIC 1
+#if defined (USE_SSL)
+# define LDAP_SSL_OFF 0
+# define LDAP_SSL_ON 1
+# define LDAP_SSL_TLS 2
+# define LDAP_SSL_LDAPS 3
+#endif
/* This is a tree of the current configuration we are building from LDAP */
@@ -463,6 +469,17 @@
# define SV_LDAP_DEBUG_FILE 53
# define SV_LDAP_DHCP_SERVER_CN 54
# define SV_LDAP_REFERRALS 55
+#if defined (USE_SSL)
+# define SV_LDAP_SSL 56
+# define SV_LDAP_TLS_REQCERT 57
+# define SV_LDAP_TLS_CA_FILE 58
+# define SV_LDAP_TLS_CA_DIR 59
+# define SV_LDAP_TLS_CERT 60
+# define SV_LDAP_TLS_KEY 61
+# define SV_LDAP_TLS_CRLCHECK 62
+# define SV_LDAP_TLS_CIPHERS 63
+# define SV_LDAP_TLS_RANDFILE 64
+#endif
#endif
#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
@@ -2682,6 +2699,11 @@
/* ldap.c */
#if defined(LDAP_CONFIGURATION)
extern struct enumeration ldap_methods;
+#if defined (USE_SSL)
+extern struct enumeration ldap_ssl_usage_enum;
+extern struct enumeration ldap_tls_reqcert_enum;
+extern struct enumeration ldap_tls_crlcheck_enum;
+#endif
isc_result_t ldap_read_config (void);
int find_haddr_in_ldap (struct host_decl **, int, unsigned,
const unsigned char *, const char *, int);
--- README.ldap
+++ README.ldap 2007/01/24 17:50:13
@@ -43,6 +43,7 @@
SSL, you will need to perform the following steps:
* Edit the includes/site.h file and uncomment the USE_SSL line
+ or specify "-DUSE_SSL" via CFLAGS.
* Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o
from the SRC= and OBJ= lines (around line 24)
* Now run configure in the base source directory. If you chose to enable
@@ -64,6 +65,23 @@
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";
+If SSL has been enabled at compile time using the USE_SSL flag, the dhcp
+server trys to use TLS if possible, but continues without TLS if not.
+
+You can modify this behaviour using following option in /etc/dhcpd.conf:
+
+ldap-ssl <off | ldaps | start_tls | on>
+ off: disables TLS/LDAPS.
+ ldaps: enables LDAPS -- don't forget to set ldap-port to 636.
+ start_tls: enables TLS using START_TLS command
+ on: enables LDAPS if ldap-port is set to 636 or TLS in
+ other cases.
+
+See also "man 5 ldap.conf" for description the following TLS related
+options:
+ ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert
+ ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile
+
All of these parameters should be self explanatory except for the ldap-method.
You can set this to static or dynamic. If you set it to static, the
configuration is read once on startup, and LDAP isn't used anymore. But, if you
--- server/dhcpd.c
+++ server/dhcpd.c 2007/01/24 14:28:48
@@ -530,6 +530,11 @@
add_enumeration (&syslog_enum);
#if defined (LDAP_CONFIGURATION)
add_enumeration (&ldap_methods);
+#if defined (USE_SSL)
+ add_enumeration (&ldap_ssl_usage_enum);
+ add_enumeration (&ldap_tls_reqcert_enum);
+ add_enumeration (&ldap_tls_crlcheck_enum);
+#endif
#endif
if (!group_allocate (&root_group, MDL))
--- server/ldap.c
+++ server/ldap.c 2007/01/24 14:41:26
@@ -57,6 +57,17 @@
ldap_method = LDAP_METHOD_DYNAMIC,
ldap_referrals = -1,
ldap_debug_fd = -1;
+#if defined (USE_SSL)
+static int ldap_use_ssl = -1, /* try TLS if possible */
+ ldap_tls_reqcert = -1,
+ ldap_tls_crlcheck = -1;
+static char *ldap_tls_ca_file = NULL,
+ *ldap_tls_ca_dir = NULL,
+ *ldap_tls_cert = NULL,
+ *ldap_tls_key = NULL,
+ *ldap_tls_ciphers = NULL,
+ *ldap_tls_randfile = NULL;
+#endif
static struct ldap_config_stack *ldap_stack = NULL;
typedef struct ldap_dn_node {
@@ -548,6 +559,41 @@
return ret;
}
+
+#if defined (USE_SSL)
+ if (strcasecmp(ldapurl->lud_scheme, "ldaps") == 0)
+ {
+ int opt = LDAP_OPT_X_TLS_HARD;
+ if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot init LDAPS session to %s:%d: %s",
+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
+ return ret;
+ }
+ else
+ {
+ log_info ("LDAPS session successfully enabled to %s", ldap_server);
+ }
+ }
+ else
+ if (strcasecmp(ldapurl->lud_scheme, "ldap") == 0 &&
+ ldap_use_ssl != LDAP_SSL_OFF)
+ {
+ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot start TLS session to %s:%d: %s",
+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
+ return ret;
+ }
+ else
+ {
+ log_info ("TLS session successfully started to %s:%d",
+ ldapurl->lud_host, ldapurl->lud_port);
+ }
+ }
+#endif
+
+
if (ldap_username != NULL || *ldap_username != '\0')
{
who = ldap_username;
@@ -591,6 +637,21 @@
SV_LDAP_DEBUG_FILE);
ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS);
+#if defined (USE_SSL)
+ ldap_use_ssl = _do_lookup_dhcp_enum_option (options, SV_LDAP_SSL);
+ if( ldap_use_ssl != LDAP_SSL_OFF)
+ {
+ ldap_tls_reqcert = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_REQCERT);
+ ldap_tls_ca_file = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_FILE);
+ ldap_tls_ca_dir = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_DIR);
+ ldap_tls_cert = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CERT);
+ ldap_tls_key = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_KEY);
+ ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
+ ldap_tls_ciphers = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CIPHERS);
+ ldap_tls_randfile = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_RANDFILE);
+ }
+#endif
+
#if defined (LDAP_CASA_AUTH)
if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
{
@@ -628,9 +689,105 @@
log_info ("Connecting to LDAP server %s:%d", ldap_server, ldap_port);
#endif
+#if defined (USE_SSL)
+ if (ldap_use_ssl == -1)
+ {
+ /*
+ ** There was no "ldap-ssl" option in dhcpd.conf (also not "off").
+ ** Let's try, if we can use an anonymous TLS session without to
+ ** verify the server certificate -- if not continue without TLS.
+ */
+ int opt = LDAP_OPT_X_TLS_ALLOW;
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
+ &opt)) != LDAP_SUCCESS)
+ {
+ log_error ("Warning: Cannot set LDAP TLS require cert option to 'allow': %s",
+ ldap_err2string (ret));
+ }
+ }
+
+ if (ldap_use_ssl != LDAP_SSL_OFF)
+ {
+ if (ldap_tls_reqcert != -1)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
+ &ldap_tls_reqcert)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS require cert option: %s",
+ ldap_err2string (ret));
+ }
+ }
+
+ if( ldap_tls_ca_file != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE,
+ ldap_tls_ca_file)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS CA certificate file %s: %s",
+ ldap_tls_ca_file, ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_ca_dir != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR,
+ ldap_tls_ca_dir)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS CA certificate dir %s: %s",
+ ldap_tls_ca_dir, ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_cert != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE,
+ ldap_tls_cert)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS client certificate file %s: %s",
+ ldap_tls_cert, ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_key != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE,
+ ldap_tls_key)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS certificate key file %s: %s",
+ ldap_tls_key, ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_crlcheck != -1)
+ {
+ int opt = ldap_tls_crlcheck;
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
+ &opt)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS crl check option: %s",
+ ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_ciphers != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
+ ldap_tls_ciphers)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS cipher suite %s: %s",
+ ldap_tls_ciphers, ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_randfile != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE,
+ ldap_tls_randfile)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS random file %s: %s",
+ ldap_tls_randfile, ldap_err2string (ret));
+ }
+ }
+ }
+#endif
+
if ((ld = ldap_init (ldap_server, ldap_port)) == NULL)
{
- log_error ("Cannot init ldap session to %s", ldap_server);
+ log_error ("Cannot init ldap session to %s:%d", ldap_server, ldap_port);
return;
}
@@ -659,11 +816,38 @@
}
#if defined (USE_SSL)
- if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
- log_error ("Warning: Cannot start TLS session to %s: %s",
- ldap_server, ldap_err2string (ret));
- else
- log_info ("TLS session successfully started to %s", ldap_server);
+ if (ldap_use_ssl == LDAP_SSL_LDAPS ||
+ (ldap_use_ssl == LDAP_SSL_ON && ldap_port == LDAPS_PORT))
+ {
+ int opt = LDAP_OPT_X_TLS_HARD;
+ if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot init LDAPS session to %s:%d: %s",
+ ldap_server, ldap_port, ldap_err2string (ret));
+ ldap_stop();
+ return;
+ }
+ else
+ {
+ log_info ("LDAPS session successfully enabled to %s:%d",
+ ldap_server, ldap_port);
+ }
+ }
+ else if (ldap_use_ssl != LDAP_SSL_OFF)
+ {
+ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot start TLS session to %s:%d: %s",
+ ldap_server, ldap_port, ldap_err2string (ret));
+ ldap_stop();
+ return;
+ }
+ else
+ {
+ log_info ("TLS session successfully started to %s:%d",
+ ldap_server, ldap_port);
+ }
+ }
#endif
if (ldap_username != NULL && *ldap_username != '\0')
@@ -671,8 +855,8 @@
if ((ret = ldap_simple_bind_s (ld, ldap_username,
ldap_password)) != LDAP_SUCCESS)
{
- log_error ("Error: Cannot login into ldap server %s: %s", ldap_server,
- ldap_err2string (ret));
+ log_error ("Error: Cannot login into ldap server %s:%d: %s",
+ ldap_server, ldap_port, ldap_err2string (ret));
ldap_stop();
return;
}
--- server/stables.c
+++ server/stables.c 2007/01/24 14:28:48
@@ -493,6 +493,27 @@
{ "ldap-debug-file", "t", &server_universe, 53 },
{ "ldap-dhcp-server-cn", "t", &server_universe, 54 },
{ "ldap-referrals", "f", &server_universe, 55 },
+#if defined(USE_SSL)
+ { "ldap-ssl", "Nldap-ssl-usage.", &server_universe, 56 },
+ { "ldap-tls-reqcert", "Nldap-tls-reqcert.", &server_universe, 57 },
+ { "ldap-tls-ca-file", "t", &server_universe, 58 },
+ { "ldap-tls-ca-dir", "t", &server_universe, 59 },
+ { "ldap-tls-cert", "t", &server_universe, 60 },
+ { "ldap-tls-key", "t", &server_universe, 61 },
+ { "ldap-tls-crlcheck", "Nldap-tls-crlcheck.", &server_universe, 62 },
+ { "ldap-tls-ciphers", "t", &server_universe, 63 },
+ { "ldap-tls-randfile", "t", &server_universe, 64 },
+#else
+ { "unknown-56", "X", &server_universe, 56 },
+ { "unknown-57", "X", &server_universe, 57 },
+ { "unknown-58", "X", &server_universe, 58 },
+ { "unknown-59", "X", &server_universe, 59 },
+ { "unknown-60", "X", &server_universe, 60 },
+ { "unknown-61", "X", &server_universe, 61 },
+ { "unknown-62", "X", &server_universe, 62 },
+ { "unknown-63", "X", &server_universe, 63 },
+ { "unknown-64", "X", &server_universe, 64 },
+#endif
#else
{ "unknown-47", "X", &server_universe, 47 },
{ "unknown-48", "X", &server_universe, 48 },
@@ -503,7 +524,6 @@
{ "unknown-53", "X", &server_universe, 53 },
{ "unknown-54", "X", &server_universe, 54 },
{ "unknown-55", "X", &server_universe, 55 },
-#endif
{ "unknown-56", "X", &server_universe, 56 },
{ "unknown-57", "X", &server_universe, 57 },
{ "unknown-58", "X", &server_universe, 58 },
@@ -513,6 +533,7 @@
{ "unknown-62", "X", &server_universe, 62 },
{ "unknown-63", "X", &server_universe, 63 },
{ "unknown-64", "X", &server_universe, 64 },
+#endif
{ "unknown-65", "X", &server_universe, 65 },
{ "unknown-66", "X", &server_universe, 66 },
{ "unknown-67", "X", &server_universe, 67 },
@@ -718,6 +739,47 @@
"ldap-methods",
ldap_values
};
+
+#if defined(USE_SSL)
+struct enumeration_value ldap_ssl_usage_values [] = {
+ { "off", LDAP_SSL_OFF },
+ { "on", LDAP_SSL_ON },
+ { "ldaps", LDAP_SSL_LDAPS},
+ { "start_tls", LDAP_SSL_TLS },
+ { (char *) 0, 0 }
+};
+struct enumeration ldap_ssl_usage_enum = {
+ (struct enumeration *)0,
+ "ldap-ssl-usage",
+ ldap_ssl_usage_values
+};
+
+struct enumeration_value ldap_tls_reqcert_values [] = {
+ { "never", LDAP_OPT_X_TLS_NEVER },
+ { "hard", LDAP_OPT_X_TLS_HARD },
+ { "demand", LDAP_OPT_X_TLS_DEMAND},
+ { "allow", LDAP_OPT_X_TLS_ALLOW },
+ { "try", LDAP_OPT_X_TLS_TRY },
+ { (char *) 0, 0 }
+};
+struct enumeration ldap_tls_reqcert_enum = {
+ (struct enumeration *)0,
+ "ldap-tls-reqcert",
+ ldap_tls_reqcert_values
+};
+
+struct enumeration_value ldap_tls_crlcheck_values [] = {
+ { "none", LDAP_OPT_X_TLS_CRL_NONE},
+ { "peer", LDAP_OPT_X_TLS_CRL_PEER},
+ { "all", LDAP_OPT_X_TLS_CRL_ALL },
+ { (char *) 0, 0 }
+};
+struct enumeration ldap_tls_crlcheck_enum = {
+ (struct enumeration *)0,
+ "ldap-tls-crlcheck",
+ ldap_tls_crlcheck_values
+};
+#endif
#endif
struct enumeration_value ddns_styles_values [] = {

297
dhcp-3.0.5-ldap-patch-strncat.dif
View File

@ -1,297 +0,0 @@
--- server/ldap.c
+++ server/ldap.c 2007/01/24 12:40:58
@@ -68,6 +68,13 @@
static ldap_dn_node *ldap_service_dn_tail = NULL;
+static char *
+x_strncat(char *dst, const char *src, size_t dst_size)
+{
+ size_t len = strlen(dst);
+ return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0);
+}
+
static void
ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile)
{
@@ -82,9 +89,9 @@
return;
}
- strncat (cfile->inbuf, "class \"", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "class \"", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);
item->close_brace = 1;
ldap_value_free (tempstr);
@@ -116,11 +123,11 @@
return;
}
- strncat (cfile->inbuf, "subclass ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, classdata[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "subclass ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, classdata[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
item->close_brace = 1;
ldap_value_free (tempstr);
@@ -144,14 +151,14 @@
hwaddr = ldap_get_values (ld, item->ldent, "dhcpHWAddress");
- strncat (cfile->inbuf, "host ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "host ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
if (hwaddr != NULL && hwaddr[0] != NULL)
{
- strncat (cfile->inbuf, " {\nhardware ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, hwaddr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " {\nhardware ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, hwaddr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
ldap_value_free (hwaddr);
}
@@ -174,9 +181,9 @@
return;
}
- strncat (cfile->inbuf, "shared-network \"", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "shared-network \"", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);
item->close_brace = 1;
ldap_value_free (tempstr);
@@ -228,14 +235,14 @@
return;
}
- strncat (cfile->inbuf, "subnet ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "subnet ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, " netmask ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " netmask ", LDAP_BUFFER_SIZE);
parse_netmask (strtol (netmaskstr[0], NULL, 10), netmaskbuf);
- strncat (cfile->inbuf, netmaskbuf, LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, netmaskbuf, LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
ldap_value_free (netmaskstr);
@@ -244,10 +251,10 @@
{
for (i=0; tempstr[i] != NULL; i++)
{
- strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
}
ldap_value_free (tempstr);
}
@@ -262,17 +269,17 @@
char **tempstr;
int i;
- strncat (cfile->inbuf, "pool {\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "pool {\n", LDAP_BUFFER_SIZE);
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpRange")) != NULL)
{
- strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE);
for (i=0; tempstr[i] != NULL; i++)
{
- strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
}
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
@@ -280,8 +287,8 @@
{
for (i=0; tempstr[i] != NULL; i++)
{
- strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[i], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
}
ldap_value_free (tempstr);
}
@@ -293,7 +300,7 @@
static void
ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile)
{
- strncat (cfile->inbuf, "group {\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "group {\n", LDAP_BUFFER_SIZE);
item->close_brace = 1;
}
@@ -305,25 +312,25 @@
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL)
{
- strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeyAlgorithm")) != NULL)
{
- strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeySecret")) != NULL)
{
- strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
@@ -341,18 +348,18 @@
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL)
{
- strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpDnsZoneServer")) != NULL)
{
- strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
@@ -380,9 +387,9 @@
strncpy (keyCn, cnFindStart, len);
keyCn[len] = '\0';
- strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
dfree (keyCn, MDL);
}
@@ -731,7 +738,7 @@
if (ldap_stack != NULL && ldap_stack->close_brace)
{
- strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
ldap_stack->close_brace = 0;
}
@@ -741,7 +748,7 @@
{
if (ldap_stack->close_brace)
{
- strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
ldap_stack->close_brace = 0;
}
@@ -752,7 +759,7 @@
if (ldap_stack != NULL && ldap_stack->close_brace)
{
- strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE);
ldap_stack->close_brace = 0;
}
}
@@ -828,16 +835,16 @@
continue;
}
- strncat (buffer, tempstr[i], size);
+ x_strncat (buffer, tempstr[i], size);
switch((int) check_statement_end (tempstr[i]))
{
case '}':
case ';':
- strncat (buffer, "\n", size);
+ x_strncat (buffer, "\n", size);
break;
default:
- strncat (buffer, ";\n", size);
+ x_strncat (buffer, ";\n", size);
break;
}
}
@@ -848,15 +855,15 @@
{
for (i=0; tempstr[i] != NULL; i++)
{
- strncat (buffer, "option ", size);
- strncat (buffer, tempstr[i], size);
+ x_strncat (buffer, "option ", size);
+ x_strncat (buffer, tempstr[i], size);
switch ((int) check_statement_end (tempstr[i]))
{
case ';':
- strncat (buffer, "\n", size);
+ x_strncat (buffer, "\n", size);
break;
default:
- strncat (buffer, ";\n", size);
+ x_strncat (buffer, ";\n", size);
break;
}
}

4
dhcp-3.0.5-ldap-patch.gz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0bbc5c94d7d917f1dd2ae7daf7127ff75564faac21cfb1700f94f01772893197
size 42290
oid sha256:07534f18dc314f2bcf4084688898ddf2abf5bd98c46d62a165eefa9d005dcc0c
size 45256

110
dhcp-3.0.5-ldap-patch_object-order.dif Normal file
View File

@ -0,0 +1,110 @@
--- server/ldap.c
+++ server/ldap.c 2007/03/13 14:58:28
@@ -974,8 +974,8 @@ next_ldap_entry (struct parse *cfile)
}
while (ldap_stack != NULL &&
- (ldap_stack->ldent == NULL ||
- (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL))
+ (ldap_stack->ldent == NULL || ( ldap_stack->processed &&
+ (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL)))
{
if (ldap_stack->close_brace)
{
@@ -1110,9 +1110,9 @@ ldap_generate_config_string (struct pars
{
char **objectClass, *dn;
struct ldap_config_stack *entry;
- LDAPMessage * ent, * res;
+ LDAPMessage *ent, *res, *entfirst, *resfirst;
int i, j, ignore, found;
- int ret;
+ int ret, parsedn = 1;
if (ld == NULL)
ldap_start ();
@@ -1124,6 +1124,7 @@ ldap_generate_config_string (struct pars
"objectClass")) == NULL)
return;
+ entry->processed = 1;
ignore = 0;
found = 1;
for (i=0; objectClass[i] != NULL; i++)
@@ -1184,18 +1185,32 @@ ldap_generate_config_string (struct pars
LDAP_BUFFER_SIZE-1, NULL);
dn = ldap_get_dn (ld, entry->ldent);
-
+ if (dn == NULL)
+ {
+ ldap_stop();
+ return;
+ }
#if defined(DEBUG_LDAP)
- if (dn != NULL)
- log_info ("Found LDAP entry '%s'", dn);
+ else
+ {
+ log_info ("Found LDAP entry '%s'", dn);
+ }
#endif
- if (dn == NULL ||
- (ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "objectClass=*",
+ if ((ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "(!(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass)) (objectClass=dhcpFailOverPeer)))",
NULL, 0, &res)) != LDAP_SUCCESS)
{
- if (dn)
- ldap_memfree (dn);
+ ldap_memfree (dn);
+
+ ldap_stop();
+ return;
+ }
+
+ if ((ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass)) (objectClass=dhcpFailOverPeer))",
+ NULL, 0, &resfirst)) != LDAP_SUCCESS)
+ {
+ ldap_memfree (dn);
+ ldap_msgfree (res);
ldap_stop();
return;
@@ -1203,17 +1218,32 @@ ldap_generate_config_string (struct pars
ldap_memfree (dn);
- if ((ent = ldap_first_entry (ld, res)) != NULL)
+ ent = ldap_first_entry(ld, res);
+ entfirst = ldap_first_entry(ld, resfirst);
+
+ if (ent == NULL && entfirst == NULL)
+ {
+ parse_external_dns (entry->ldent);
+ next_ldap_entry (cfile);
+ }
+
+ if (ent != NULL)
{
add_to_config_stack (res, ent);
parse_external_dns (entry->ldent);
+ parsedn = 0;
}
else
+ ldap_msgfree (res);
+
+ if (entfirst != NULL)
{
- ldap_msgfree (res);
- parse_external_dns (entry->ldent);
- next_ldap_entry (cfile);
+ add_to_config_stack (resfirst, entfirst);
+ if(parsedn)
+ parse_external_dns (entry->ldent);
}
+ else
+ ldap_msgfree (resfirst);
}

27
dhcp.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Wed Mar 14 12:15:11 CET 2007 - mt@suse.de
- Bug #247365: Added installation of dhcp-server SuSEfirewall2
service definition file.
-------------------------------------------------------------------
Tue Mar 13 18:16:48 CET 2007 - mt@suse.de
- Updated to dhcp-3.0.5-ldap-patch.gz, released on 2007-02-23
fixing a parsing bug in dhcpd-conf-to-ldap.pl script to handle
correctly quoted string containing spaces.
Further, it includes our fixes and obsoletes following patches:
* dhcp-3.0.5-ldap-patch-strncat.dif
* dhcp-3.0.5-ldap-patch-casa-fix.dif
* dhcp-3.0.5-ldap-patch-dhcp-cn.dif
* dhcp-3.0.5-ldap-patch-schema.dif
* dhcp-3.0.5-ldap-patch-nomd5.dif
* dhcp-3.0.5-ldap-patch-referrals.dif
* dhcp-3.0.5-ldap-patch-ssl-opts.dif
* dhcp-3.0.5-ldap-patch-ldap_read.dif
- Bug #250153: Fix for object order related parse error, that
occured in case an dhcp-ldap object referencing a dhcp-tsigkey,
class or failoverpeer object was parsed before the declaration
of the referenced objects, because of the order in ldap result.
New patch file: dhcp-3.0.5-ldap-patch_object-order.dif
-------------------------------------------------------------------
Tue Feb 20 11:45:29 CET 2007 - mt@suse.de

45
dhcp.spec
View File

@ -11,6 +11,7 @@
# norootforbuild
Name: dhcp
%define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define omc_prefix /usr/share/omc
%define omc_svcdir %{omc_prefix}/svcinfo.d
%define with_casa 0
@ -22,7 +23,7 @@ License: BSD License and BSD-like
Group: Productivity/Networking/Boot/Servers
Autoreqprov: on
Version: 3.0.5
Release: 17
Release: 20
Summary: Common Files Used by ISC DHCP Software
URL: http://www.isc.org/isc/dhcp.html
Source0: http://ftp.isc.org/isc/dhcp/dhcp-%{version}.tar.gz
@ -46,6 +47,7 @@ Source33: http://www.andrew.cmu.edu/~kevinm/dhcp/reset-ip
Source40: http://www3.baylor.edu/~Jeff_Wilson/GiveAway/leases.awk
Source41: http://www.suse.de/~poeml/dnscompr.py
Source42: dhcpd.xml
Source43: SuSEfirewall2.dhcp-server
## adjust some paths
Patch: dhcp-3.0rc10.dif
## chroot patch by Ari Edelkind (see readme)
@ -68,14 +70,7 @@ Patch53: dhcp-3.0.5-pool_eof.dif
%define DHCPD_LDAP 1
%if %DHCPD_LDAP
Patch60: dhcp-3.0.5-ldap-patch.gz
Patch61: dhcp-3.0.5-ldap-patch-strncat.dif
Patch62: dhcp-3.0.5-ldap-patch-casa-fix.dif
Patch63: dhcp-3.0.5-ldap-patch-dhcp-cn.dif
Patch64: dhcp-3.0.5-ldap-patch-schema.dif
Patch65: dhcp-3.0.5-ldap-patch-nomd5.dif
Patch66: dhcp-3.0.5-ldap-patch-referrals.dif
Patch67: dhcp-3.0.5-ldap-patch-ssl-opts.dif
Patch68: dhcp-3.0.5-ldap-patch-ldap_read.dif
Patch61: dhcp-3.0.5-ldap-patch_object-order.dif
%endif
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
Patch70: dhcp-3.0.3b1-pie.dif
@ -212,13 +207,6 @@ Authors:
%if %DHCPD_LDAP
%patch60 -p1
%patch61 -p0
%patch62 -p0
%patch63 -p0
%patch64 -p0
%patch65 -p0
%patch66 -p0
%patch67 -p0
%patch68 -p0
%endif
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
%patch70
@ -280,6 +268,7 @@ install -m 644 work.linux-2.2/dst/libdst.a $RPM_BUILD_ROOT/%{_libdir}
# install the saved bsd flavor binary
install -m 755 work.linux-2.2/server/dhcpd.bsd $RPM_BUILD_ROOT/usr/sbin/dhcpd.bsd
mkdir -p $RPM_BUILD_ROOT/etc/init.d
mkdir -p $RPM_BUILD_ROOT/%{susefw2dir}
mkdir -p $RPM_BUILD_ROOT/%{omc_svcdir}
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
mkdir -p $RPM_BUILD_ROOT/var/run
@ -322,6 +311,8 @@ ddns-update-style none; ddns-updates off;\
mv contrib/3.0b1-lease-convert .
find $RPM_BUILD_ROOT/%{_mandir} -type f | xargs chmod 644
install -m 644 $RPM_SOURCE_DIR/dhcpd.xml $RPM_BUILD_ROOT/%{omc_svcdir}/
install -m 644 $RPM_SOURCE_DIR/SuSEfirewall2.dhcp-server \
$RPM_BUILD_ROOT/%{susefw2dir}/dhcp-server
%pre
# In the past, the name of the source package was "dhcp" but the subpackage
@ -454,6 +445,7 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%dir /var/lib/dhcp
%doc %{_mandir}/man1/omshell.1.gz
%doc %{_mandir}/man5/dhcp-eval.5.gz
%{susefw2dir}/dhcp-server
%files server
%defattr(-,root,root)
@ -523,6 +515,27 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%doc %{_mandir}/man3/dhcpctl.3.gz
%changelog
* Wed Mar 14 2007 - mt@suse.de
- Bug #247365: Added installation of dhcp-server SuSEfirewall2
service definition file.
* Tue Mar 13 2007 - mt@suse.de
- Updated to dhcp-3.0.5-ldap-patch.gz, released on 2007-02-23
fixing a parsing bug in dhcpd-conf-to-ldap.pl script to handle
correctly quoted string containing spaces.
Further, it includes our fixes and obsoletes following patches:
* dhcp-3.0.5-ldap-patch-strncat.dif
* dhcp-3.0.5-ldap-patch-casa-fix.dif
* dhcp-3.0.5-ldap-patch-dhcp-cn.dif
* dhcp-3.0.5-ldap-patch-schema.dif
* dhcp-3.0.5-ldap-patch-nomd5.dif
* dhcp-3.0.5-ldap-patch-referrals.dif
* dhcp-3.0.5-ldap-patch-ssl-opts.dif
* dhcp-3.0.5-ldap-patch-ldap_read.dif
- Bug #250153: Fix for object order related parse error, that
occured in case an dhcp-ldap object referencing a dhcp-tsigkey,
class or failoverpeer object was parsed before the declaration
of the referenced objects, because of the order in ldap result.
New patch file: dhcp-3.0.5-ldap-patch_object-order.dif
* Tue Feb 20 2007 - mt@suse.de
- Bug #162186: Added check for EOF in parse_pool_statement to
avoid endless recursion loop between parse_pool_statement