From e6256e3a473327398e12933ebdedf059c2e0ba036d49e38c77fb8c5afb8ae1d7 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sun, 25 Feb 2007 22:22:54 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=2 --- dhcp-3.0.4-ldap-patch-nossl.dif | 32 -- dhcp-3.0.4-ldap-patch.gz | 3 - dhcp-3.0.5-ldap-patch-casa-fix.dif | 53 +++ dhcp-3.0.5-ldap-patch-dhcp-cn.dif | 66 +++ dhcp-3.0.5-ldap-patch-ldap_read.dif | 29 ++ dhcp-3.0.5-ldap-patch-nomd5.dif | 57 +++ dhcp-3.0.5-ldap-patch-referrals.dif | 107 +++++ dhcp-3.0.5-ldap-patch-schema.dif | 113 +++++ dhcp-3.0.5-ldap-patch-ssl-opts.dif | 433 ++++++++++++++++++ ....diff => dhcp-3.0.5-ldap-patch-strncat.dif | 115 ++++- dhcp-3.0.5-ldap-patch.gz | 3 + dhcp-3.0.5-pool_eof.dif | 15 + dhcp.changes | 48 ++ dhcp.spec | 77 +++- rc.dhcpd | 3 +- 15 files changed, 1090 insertions(+), 64 deletions(-) delete mode 100644 dhcp-3.0.4-ldap-patch-nossl.dif delete mode 100644 dhcp-3.0.4-ldap-patch.gz create mode 100644 dhcp-3.0.5-ldap-patch-casa-fix.dif create mode 100644 dhcp-3.0.5-ldap-patch-dhcp-cn.dif create mode 100644 dhcp-3.0.5-ldap-patch-ldap_read.dif create mode 100644 dhcp-3.0.5-ldap-patch-nomd5.dif create mode 100644 dhcp-3.0.5-ldap-patch-referrals.dif create mode 100644 dhcp-3.0.5-ldap-patch-schema.dif create mode 100644 dhcp-3.0.5-ldap-patch-ssl-opts.dif rename dhcp-3.0.4-ldap-patch-strncat.diff => dhcp-3.0.5-ldap-patch-strncat.dif (67%) create mode 100644 dhcp-3.0.5-ldap-patch.gz create mode 100644 dhcp-3.0.5-pool_eof.dif diff --git a/dhcp-3.0.4-ldap-patch-nossl.dif b/dhcp-3.0.4-ldap-patch-nossl.dif deleted file mode 100644 index fcf9668..0000000 --- a/dhcp-3.0.4-ldap-patch-nossl.dif +++ /dev/null @@ -1,32 +0,0 @@ -diff -u dhcp-3.0.4-ldap/dst/Makefile.dist dhcp-3.0.4-ldap/dst/Makefile.dist ---- dhcp-3.0.4-ldap/dst/Makefile.dist 2006-05-08 08:30:33.000000000 -0400 -+++ dhcp-3.0.4-ldap/dst/Makefile.dist 2006-05-08 08:30:33.000000000 -0400 -@@ -21,8 +21,8 @@ - # - # http://www.isc.org/ - --SRC = dst_support.c dst_api.c hmac_link.c base64.c prandom.c --OBJ = dst_support.o dst_api.o hmac_link.o base64.o prandom.o -+SRC = dst_support.c dst_api.c hmac_link.c md5_dgst.c base64.c prandom.c -+OBJ = dst_support.o dst_api.o hmac_link.o md5_dgst.o base64.o prandom.o - HDRS = dst_internal.h md5.h md5_locl.h - - INCLUDES = $(BINDINC) -I$(TOP)/includes -diff -u dhcp-3.0.4-ldap/site.conf dhcp-3.0.4-ldap/site.conf ---- dhcp-3.0.4-ldap/site.conf 2006-05-08 08:30:33.000000000 -0400 -+++ dhcp-3.0.4-ldap/site.conf 2006-05-08 08:30:33.000000000 -0400 -@@ -4 +4,2 @@ --LIBS=-lssl -lcrypto -lldap -llber -+#LIBS=-lssl -lcrypto -lldap -llber -+#LIBS=-lldap -llber ---- dhcp-3.0.4/configure 2004-09-10 17:02:30.000000000 -0400 -+++ dhcp-3.0.4-ldap/configure 2005-07-25 08:14:44.000000000 -0400 -@@ -269,4 +269,8 @@ - make links - fi - -+mv $workname/server/Makefile $workname/server/Makefile.noldap -+cat $workname/server/Makefile.noldap | sed 's/^LIBS =/LIBS=-lldap -llber/' > $workname/server/Makefile.ldap -+ln $workname/server/Makefile.ldap $workname/server/Makefile -+ - exit 0 diff --git a/dhcp-3.0.4-ldap-patch.gz b/dhcp-3.0.4-ldap-patch.gz deleted file mode 100644 index d62871e..0000000 --- a/dhcp-3.0.4-ldap-patch.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a05f121b66797a8e97a7695acf7c6f05b5e25b310a7d43d784915529de95f815 -size 62497 diff --git a/dhcp-3.0.5-ldap-patch-casa-fix.dif b/dhcp-3.0.5-ldap-patch-casa-fix.dif new file mode 100644 index 0000000..b3cd3de --- /dev/null +++ b/dhcp-3.0.5-ldap-patch-casa-fix.dif @@ -0,0 +1,53 @@ +--- server/ldap.c ++++ server/ldap.c 2007/01/24 12:43:12 +@@ -462,7 +462,7 @@ + { + ret = dmalloc (db.len + 1, MDL); + if (ret == NULL) +- log_fatal ("no memory for ldap username"); ++ log_fatal ("no memory for ldap option %d value", option_name); + + memcpy (ret, db.data, db.len); + ret[db.len] = 0; +@@ -562,7 +562,7 @@ + SV_LDAP_DEBUG_FILE); + + #if defined (LDAP_CASA_AUTH) +- if (!load_uname_pwd_from_miCASA(ldap_username,ldap_password)) ++ if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password)) + { + #if defined (DEBUG_LDAP) + log_info ("Authentication credential taken from file"); +--- server/ldap_casa.c ++++ server/ldap_casa.c 2007/01/24 12:43:12 +@@ -81,9 +81,9 @@ + load_uname_pwd_from_miCASA (char **ldap_username, char **ldap_password) + { + int result = 0; +- int32_t credentialtype = SSCS_CRED_TYPE_SERVER_F; +- SSCS_BASIC_CREDENTIAL credential = {0}; +- SSCS_SECRET_ID_T applicationSecretId = {0}; ++ uint32_t credentialtype = SSCS_CRED_TYPE_SERVER_F; ++ SSCS_BASIC_CREDENTIAL credential; ++ SSCS_SECRET_ID_T applicationSecretId; + char *tempVar = NULL; + + const char applicationName[10] = "dhcp-ldap"; +@@ -105,15 +105,15 @@ + if(credential.unLen) + { + tempVar = dmalloc (credential.unLen + 1, MDL); +- memcpy(tempVar , credential.username, credential.unLen); + if (!tempVar) + log_fatal ("no memory for ldap_username"); ++ memcpy(tempVar , credential.username, credential.unLen); + *ldap_username = tempVar; + + tempVar = dmalloc (credential.pwordLen + 1, MDL); +- memcpy(tempVar, credential.password, credential.pwordLen); + if (!tempVar) + log_fatal ("no memory for ldap_password"); ++ memcpy(tempVar, credential.password, credential.pwordLen); + *ldap_password = tempVar; + + #if defined (DEBUG_LDAP) diff --git a/dhcp-3.0.5-ldap-patch-dhcp-cn.dif b/dhcp-3.0.5-ldap-patch-dhcp-cn.dif new file mode 100644 index 0000000..958f3fd --- /dev/null +++ b/dhcp-3.0.5-ldap-patch-dhcp-cn.dif @@ -0,0 +1,66 @@ +--- includes/dhcpd.h ++++ includes/dhcpd.h 2007/01/24 12:44:24 +@@ -461,7 +461,7 @@ + # define SV_LDAP_BASE_DN 51 + # define SV_LDAP_METHOD 52 + # define SV_LDAP_DEBUG_FILE 53 +-# define SV_LDAP_SERVER_CN 54 ++# define SV_LDAP_DHCP_SERVER_CN 54 + #endif + + #if !defined (DEFAULT_DEFAULT_LEASE_TIME) +--- server/ldap.c ++++ server/ldap.c 2007/01/24 12:44:24 +@@ -51,7 +51,7 @@ + *ldap_username = NULL, + *ldap_password = NULL, + *ldap_base_dn = NULL, +- *ldap_server_cn = NULL, ++ *ldap_dhcp_server_cn = NULL, + *ldap_debug_file = NULL; + static int ldap_port = LDAP_PORT, + ldap_method = LDAP_METHOD_DYNAMIC, +@@ -553,8 +553,8 @@ + options, &global_scope, root_group, (struct group *) NULL); + + ldap_server = _do_lookup_dhcp_string_option (options, SV_LDAP_SERVER); +- ldap_server_cn = _do_lookup_dhcp_string_option (options, +- SV_LDAP_SERVER_CN); ++ ldap_dhcp_server_cn = _do_lookup_dhcp_string_option (options, ++ SV_LDAP_DHCP_SERVER_CN); + ldap_port = _do_lookup_dhcp_int_option (options, SV_LDAP_PORT); + ldap_base_dn = _do_lookup_dhcp_string_option (options, SV_LDAP_BASE_DN); + ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD); +@@ -1123,10 +1123,10 @@ + return (res); + + uname (&unme); +- if (ldap_server_cn != NULL) ++ if (ldap_dhcp_server_cn != NULL) + { + snprintf (hfilter, sizeof (hfilter), +- "(&(objectClass=dhcpServer)(cn=%s))", ldap_server_cn); ++ "(&(objectClass=dhcpServer)(cn=%s))", ldap_dhcp_server_cn); + } + else + { +@@ -1148,7 +1148,7 @@ + hfilter, NULL, 0, &hostres)) != LDAP_SUCCESS) + { + log_error ("Cannot find host LDAP entry %s %s", +- ((ldap_server_cn == NULL)?(unme.nodename):(ldap_server_cn)), hfilter); ++ ((ldap_dhcp_server_cn == NULL)?(unme.nodename):(ldap_dhcp_server_cn)), hfilter); + if(NULL != hostres) + ldap_msgfree (hostres); + ldap_stop(); +--- server/stables.c ++++ server/stables.c 2007/01/24 12:44:24 +@@ -491,7 +491,7 @@ + { "ldap-base-dn", "t", &server_universe, 51 }, + { "ldap-method", "Nldap-methods.", &server_universe, 52 }, + { "ldap-debug-file", "t", &server_universe, 53 }, +- { "ldap-server-cn", "t", &server_universe, 54 }, ++ { "ldap-dhcp-server-cn", "t", &server_universe, 54 }, + #else + { "unknown-47", "X", &server_universe, 47 }, + { "unknown-48", "X", &server_universe, 48 }, diff --git a/dhcp-3.0.5-ldap-patch-ldap_read.dif b/dhcp-3.0.5-ldap-patch-ldap_read.dif new file mode 100644 index 0000000..86743a8 --- /dev/null +++ b/dhcp-3.0.5-ldap-patch-ldap_read.dif @@ -0,0 +1,29 @@ +--- server/ldap.c ++++ server/ldap.c 2007/02/20 09:38:15 +@@ -1249,12 +1249,13 @@ + cfile->inbuf[0] = '\0'; + cfile->buflen = 0; + ++ while (ldap_stack != NULL && *cfile->inbuf == '\0') ++ ldap_generate_config_string (cfile); ++ + if (ldap_stack == NULL && *cfile->inbuf == '\0') + return (EOF); + +- if (ldap_stack != NULL && *cfile->inbuf == '\0') +- ldap_generate_config_string (cfile); +- ++ cfile->bufix = 1; + cfile->buflen = strlen (cfile->inbuf); + if (cfile->buflen > 0) + ldap_write_debug (cfile->inbuf, cfile->buflen); +@@ -1263,9 +1264,6 @@ + log_info ("Sending config line '%s'", cfile->inbuf); + #endif + +- cfile->buflen = strlen (cfile->inbuf); +- cfile->bufix = 1; +- + return (cfile->inbuf[0]); + } + diff --git a/dhcp-3.0.5-ldap-patch-nomd5.dif b/dhcp-3.0.5-ldap-patch-nomd5.dif new file mode 100644 index 0000000..8e88ba7 --- /dev/null +++ b/dhcp-3.0.5-ldap-patch-nomd5.dif @@ -0,0 +1,57 @@ +--- dst/Makefile.dist ++++ dst/Makefile.dist 2007/01/24 13:20:43 +@@ -21,14 +21,15 @@ + # + # http://www.isc.org/ + +-SRC = dst_support.c dst_api.c hmac_link.c base64.c prandom.c +-OBJ = dst_support.o dst_api.o hmac_link.o base64.o prandom.o ++SRC = dst_support.c dst_api.c hmac_link.c md5_dgst.c base64.c prandom.c ++OBJ = dst_support.o dst_api.o hmac_link.o md5_dgst.o base64.o prandom.o ++OBJ_NM5= dst_support.o dst_api.o hmac_link.o base64.o prandom.o + HDRS = dst_internal.h md5.h md5_locl.h + + INCLUDES = $(BINDINC) -I$(TOP)/includes + CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS) -DHMAC_MD5 -DMINIRES_LIB + +-all: libdst.a ++all: libdst.a libdst-nomd5.a + + install: + +@@ -37,11 +38,16 @@ + ar cruv libdst.a $(OBJ) + $(RANLIB) libdst.a + ++libdst-nomd5.a: $(OBJ_NM5) ++ rm -f libdst-nomd5.a ++ ar cruv libdst-nomd5.a $(OBJ_NM5) ++ $(RANLIB) libdst-nomd5.a ++ + depend: + $(MKDEP) $(INCLUDES) $(PREDEFINES) $(SRC) + + clean: +- -rm -f $(OBJ) libdst.a ++ -rm -f $(OBJ) libdst.a libdst-nomd5.a + + realclean: clean + -rm -f *~ $(CATMANPAGES) $(SEDMANPAGES) +--- server/Makefile.dist ++++ server/Makefile.dist 2007/01/24 13:15:15 +@@ -32,7 +32,7 @@ + MAN = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 + + INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes +-DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst.a ++DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst-nomd5.a -lssl -lcrypto -lldap -llber + CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS) + + all: $(PROG) $(CATMANPAGES) +--- site.conf ++++ site.conf 2007/01/24 13:18:36 +@@ -1,4 +1,3 @@ + # Put local site configuration stuff here to override the default + # settings in Makefile.conf + #COPTS = -DDEBUG_LDAP -DLDAP_CASA_AUTH -DDEBUG_CLASS_MATCHING -Wall -O -Wno-unused +-LIBS=-lssl -lcrypto -lldap -llber diff --git a/dhcp-3.0.5-ldap-patch-referrals.dif b/dhcp-3.0.5-ldap-patch-referrals.dif new file mode 100644 index 0000000..1e9b0e1 --- /dev/null +++ b/dhcp-3.0.5-ldap-patch-referrals.dif @@ -0,0 +1,107 @@ +--- includes/dhcpd.h ++++ includes/dhcpd.h 2007/01/24 13:50:54 +@@ -462,6 +462,7 @@ + # define SV_LDAP_METHOD 52 + # define SV_LDAP_DEBUG_FILE 53 + # define SV_LDAP_DHCP_SERVER_CN 54 ++# define SV_LDAP_REFERRALS 55 + #endif + + #if !defined (DEFAULT_DEFAULT_LEASE_TIME) +--- server/ldap.c ++++ server/ldap.c 2007/01/24 14:25:16 +@@ -55,6 +55,7 @@ + *ldap_debug_file = NULL; + static int ldap_port = LDAP_PORT, + ldap_method = LDAP_METHOD_DYNAMIC, ++ ldap_referrals = -1, + ldap_debug_fd = -1; + static struct ldap_config_stack *ldap_stack = NULL; + +@@ -532,6 +533,34 @@ + return (ret); + } + ++int ++ldap_rebind_cb (LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *parms) ++{ ++ int ret; ++ LDAPURLDesc *ldapurl = NULL; ++ char *who = NULL, *pwd = NULL; ++ ++ log_info("LDAP rebind to '%s'", url); ++ if ((ret = ldap_url_parse(url, &ldapurl)) != LDAP_SUCCESS) ++ { ++ log_error ("Error: Can not parse ldap rebind url '%s': %s", ++ url, ldap_err2string(ret)); ++ return ret; ++ } ++ ++ if (ldap_username != NULL || *ldap_username != '\0') ++ { ++ who = ldap_username; ++ pwd = ldap_password; ++ } ++ ++ if ((ret = ldap_simple_bind_s (ld, who, pwd)) != LDAP_SUCCESS) ++ { ++ log_error ("Error: Cannot login into ldap server %s:%d: %s", ++ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret)); ++ } ++ return ret; ++} + + static void + ldap_start (void) +@@ -560,6 +589,7 @@ + ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD); + ldap_debug_file = _do_lookup_dhcp_string_option (options, + SV_LDAP_DEBUG_FILE); ++ ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS); + + #if defined (LDAP_CASA_AUTH) + if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password)) +@@ -611,6 +641,23 @@ + ldap_err2string (ret)); + } + ++ if (ldap_referrals != -1) ++ { ++ if ((ret = ldap_set_option (ld, LDAP_OPT_REFERRALS, ldap_referrals ? ++ LDAP_OPT_ON : LDAP_OPT_OFF)) != LDAP_OPT_SUCCESS) ++ { ++ log_error ("Cannot %s LDAP referrals option: %s", ++ (ldap_referrals ? "enable" : "disable"), ++ ldap_err2string (ret)); ++ } ++ } ++ ++ if ((ret = ldap_set_rebind_proc(ld, ldap_rebind_cb, NULL)) != LDAP_SUCCESS) ++ { ++ log_error ("Warning: Cannot set ldap rebind procedure: %s", ++ ldap_err2string (ret)); ++ } ++ + #if defined (USE_SSL) + if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS) + log_error ("Warning: Cannot start TLS session to %s: %s", +--- server/stables.c ++++ server/stables.c 2007/01/24 13:52:54 +@@ -492,6 +492,7 @@ + { "ldap-method", "Nldap-methods.", &server_universe, 52 }, + { "ldap-debug-file", "t", &server_universe, 53 }, + { "ldap-dhcp-server-cn", "t", &server_universe, 54 }, ++ { "ldap-referrals", "f", &server_universe, 55 }, + #else + { "unknown-47", "X", &server_universe, 47 }, + { "unknown-48", "X", &server_universe, 48 }, +@@ -501,8 +502,8 @@ + { "unknown-52", "X", &server_universe, 52 }, + { "unknown-53", "X", &server_universe, 53 }, + { "unknown-54", "X", &server_universe, 54 }, +-#endif + { "unknown-55", "X", &server_universe, 55 }, ++#endif + { "unknown-56", "X", &server_universe, 56 }, + { "unknown-57", "X", &server_universe, 57 }, + { "unknown-58", "X", &server_universe, 58 }, diff --git a/dhcp-3.0.5-ldap-patch-schema.dif b/dhcp-3.0.5-ldap-patch-schema.dif new file mode 100644 index 0000000..3519b13 --- /dev/null +++ b/dhcp-3.0.5-ldap-patch-schema.dif @@ -0,0 +1,113 @@ +--- contrib/dhcp.schema ++++ contrib/dhcp.schema 2007/01/24 12:45:49 +@@ -268,73 +268,67 @@ + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) + + attributetype ( 2.16.840.1.113719.1.203.4.46 +- NAME 'dhcpFailOverRole' ++ NAME 'dhcpFailOverPrimaryServer' + EQUALITY caseIgnoreIA5Match +- DESC 'Role of the DHCP Server. Either primary or secondary' ++ DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 2.16.840.1.113719.1.203.4.47 +- NAME 'dhcpFailOverReceiveAddress' ++ NAME 'dhcpFailOverSecondaryServer' + EQUALITY caseIgnoreIA5Match +- DESC 'IP address or DNS name on which the server should listen for connections from its fail over peer' ++ DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +-attributetype ( 2.16.840.1.113719.1.203.4.48 +- NAME 'dhcpFailOverPeerAddress' +- EQUALITY caseIgnoreIA5Match +- DESC 'IP address or DNS name to which the server should connect to reach its fail over peer' +- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +- +-attributetype ( 2.16.840.1.113719.1.203.4.49 +- NAME 'dhcpFailOverPeerPort' ++attributetype ( 2.16.840.1.113719.1.203.4.48 ++ NAME 'dhcpFailOverPrimaryPort' + EQUALITY integerMatch +- DESC 'Port to which server should connect to reach its fail over peer' ++ DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +-attributetype ( 2.16.840.1.113719.1.203.4.50 +- NAME 'dhcpFailOverReceivePort' ++attributetype ( 2.16.840.1.113719.1.203.4.49 ++ NAME 'dhcpFailOverSecondaryPort' + EQUALITY integerMatch +- DESC 'Port on which server should listen for connections from its fail over peer' ++ DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +-attributetype ( 2.16.840.1.113719.1.203.4.51 ++attributetype ( 2.16.840.1.113719.1.203.4.50 + NAME 'dhcpFailOverResponseDelay' + EQUALITY integerMatch + DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +-attributetype ( 2.16.840.1.113719.1.203.4.52 +- NAME 'dhcpFailOverUnpackedUpdates' ++attributetype ( 2.16.840.1.113719.1.203.4.51 ++ NAME 'dhcpFailOverUnackedUpdates' + EQUALITY integerMatch + DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +-attributetype ( 2.16.840.1.113719.1.203.4.53 ++attributetype ( 2.16.840.1.113719.1.203.4.52 + NAME 'dhcpFailOverSplit' + EQUALITY integerMatch + DESC 'Split between the primary and secondary servers for fail over purpose' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +-attributetype ( 2.16.840.1.113719.1.203.4.54 ++attributetype ( 2.16.840.1.113719.1.203.4.53 + NAME 'dhcpFailOverLoadBalanceTime' + EQUALITY integerMatch + DESC 'Cutoff time in seconds, after which load balance is disabled' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +-attributetype ( 2.16.840.1.113719.1.203.4.55 ++attributetype ( 2.16.840.1.113719.1.203.4.54 + NAME 'dhcpFailOverPeerDN' + EQUALITY distinguishedNameMatch + DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + + #List of all servers in the tree +-attributetype ( 2.16.840.1.113719.1.203.4.56 ++attributetype ( 2.16.840.1.113719.1.203.4.55 + NAME 'dhcpServerDN' + EQUALITY distinguishedNameMatch + DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +-attributetype ( 2.16.840.1.113719.1.203.4.57 ++attributetype ( 2.16.840.1.113719.1.203.4.56 + NAME 'dhcpComments' + EQUALITY caseIgnoreIA5Match + DESC 'Generic attribute that allows coments within any DHCP object' +@@ -415,7 +409,7 @@ + DESC 'This class represents an IP Address, which may or may not have been leased.' + SUP top + MUST ( cn $ dhcpAddressState ) +- MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpOption ) ++ MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress ) + X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') ) + + objectclass ( 2.16.840.1.113719.1.203.6.11 +@@ -454,7 +448,8 @@ + NAME 'dhcpFailOverPeer' + DESC 'This class defines the Fail over peer' + SUP top +- MUST ( cn $ dhcpFailOverRole $ dhcpFailOverReceiveAddress $ dhcpFailOverPeerAddress $ dhcpFailoverReceivePort $ dhcpFailOverPeerPort ) MAY ( dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') ) ++ MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments ) ++ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') ) + + objectclass ( 2.16.840.1.113719.1.203.6.16 + NAME 'dhcpLocator' diff --git a/dhcp-3.0.5-ldap-patch-ssl-opts.dif b/dhcp-3.0.5-ldap-patch-ssl-opts.dif new file mode 100644 index 0000000..3e5642e --- /dev/null +++ b/dhcp-3.0.5-ldap-patch-ssl-opts.dif @@ -0,0 +1,433 @@ +--- includes/dhcpd.h ++++ includes/dhcpd.h 2007/01/24 14:28:48 +@@ -255,6 +255,12 @@ + # define LDAP_BUFFER_SIZE 8192 + # define LDAP_METHOD_STATIC 0 + # define LDAP_METHOD_DYNAMIC 1 ++#if defined (USE_SSL) ++# define LDAP_SSL_OFF 0 ++# define LDAP_SSL_ON 1 ++# define LDAP_SSL_TLS 2 ++# define LDAP_SSL_LDAPS 3 ++#endif + + /* This is a tree of the current configuration we are building from LDAP */ + +@@ -463,6 +469,17 @@ + # define SV_LDAP_DEBUG_FILE 53 + # define SV_LDAP_DHCP_SERVER_CN 54 + # define SV_LDAP_REFERRALS 55 ++#if defined (USE_SSL) ++# define SV_LDAP_SSL 56 ++# define SV_LDAP_TLS_REQCERT 57 ++# define SV_LDAP_TLS_CA_FILE 58 ++# define SV_LDAP_TLS_CA_DIR 59 ++# define SV_LDAP_TLS_CERT 60 ++# define SV_LDAP_TLS_KEY 61 ++# define SV_LDAP_TLS_CRLCHECK 62 ++# define SV_LDAP_TLS_CIPHERS 63 ++# define SV_LDAP_TLS_RANDFILE 64 ++#endif + #endif + + #if !defined (DEFAULT_DEFAULT_LEASE_TIME) +@@ -2682,6 +2699,11 @@ + /* ldap.c */ + #if defined(LDAP_CONFIGURATION) + extern struct enumeration ldap_methods; ++#if defined (USE_SSL) ++extern struct enumeration ldap_ssl_usage_enum; ++extern struct enumeration ldap_tls_reqcert_enum; ++extern struct enumeration ldap_tls_crlcheck_enum; ++#endif + isc_result_t ldap_read_config (void); + int find_haddr_in_ldap (struct host_decl **, int, unsigned, + const unsigned char *, const char *, int); +--- README.ldap ++++ README.ldap 2007/01/24 17:50:13 +@@ -43,6 +43,7 @@ + SSL, you will need to perform the following steps: + + * Edit the includes/site.h file and uncomment the USE_SSL line ++ or specify "-DUSE_SSL" via CFLAGS. + * Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o + from the SRC= and OBJ= lines (around line 24) + * Now run configure in the base source directory. If you chose to enable +@@ -64,6 +65,23 @@ + ldap-method dynamic; + ldap-debug-file "/var/log/dhcp-ldap-startup.log"; + ++If SSL has been enabled at compile time using the USE_SSL flag, the dhcp ++server trys to use TLS if possible, but continues without TLS if not. ++ ++You can modify this behaviour using following option in /etc/dhcpd.conf: ++ ++ldap-ssl ++ off: disables TLS/LDAPS. ++ ldaps: enables LDAPS -- don't forget to set ldap-port to 636. ++ start_tls: enables TLS using START_TLS command ++ on: enables LDAPS if ldap-port is set to 636 or TLS in ++ other cases. ++ ++See also "man 5 ldap.conf" for description the following TLS related ++options: ++ ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert ++ ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile ++ + All of these parameters should be self explanatory except for the ldap-method. + You can set this to static or dynamic. If you set it to static, the + configuration is read once on startup, and LDAP isn't used anymore. But, if you +--- server/dhcpd.c ++++ server/dhcpd.c 2007/01/24 14:28:48 +@@ -530,6 +530,11 @@ + add_enumeration (&syslog_enum); + #if defined (LDAP_CONFIGURATION) + add_enumeration (&ldap_methods); ++#if defined (USE_SSL) ++ add_enumeration (&ldap_ssl_usage_enum); ++ add_enumeration (&ldap_tls_reqcert_enum); ++ add_enumeration (&ldap_tls_crlcheck_enum); ++#endif + #endif + + if (!group_allocate (&root_group, MDL)) +--- server/ldap.c ++++ server/ldap.c 2007/01/24 14:41:26 +@@ -57,6 +57,17 @@ + ldap_method = LDAP_METHOD_DYNAMIC, + ldap_referrals = -1, + ldap_debug_fd = -1; ++#if defined (USE_SSL) ++static int ldap_use_ssl = -1, /* try TLS if possible */ ++ ldap_tls_reqcert = -1, ++ ldap_tls_crlcheck = -1; ++static char *ldap_tls_ca_file = NULL, ++ *ldap_tls_ca_dir = NULL, ++ *ldap_tls_cert = NULL, ++ *ldap_tls_key = NULL, ++ *ldap_tls_ciphers = NULL, ++ *ldap_tls_randfile = NULL; ++#endif + static struct ldap_config_stack *ldap_stack = NULL; + + typedef struct ldap_dn_node { +@@ -548,6 +559,41 @@ + return ret; + } + ++ ++#if defined (USE_SSL) ++ if (strcasecmp(ldapurl->lud_scheme, "ldaps") == 0) ++ { ++ int opt = LDAP_OPT_X_TLS_HARD; ++ if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS) ++ { ++ log_error ("Error: Cannot init LDAPS session to %s:%d: %s", ++ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret)); ++ return ret; ++ } ++ else ++ { ++ log_info ("LDAPS session successfully enabled to %s", ldap_server); ++ } ++ } ++ else ++ if (strcasecmp(ldapurl->lud_scheme, "ldap") == 0 && ++ ldap_use_ssl != LDAP_SSL_OFF) ++ { ++ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS) ++ { ++ log_error ("Error: Cannot start TLS session to %s:%d: %s", ++ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret)); ++ return ret; ++ } ++ else ++ { ++ log_info ("TLS session successfully started to %s:%d", ++ ldapurl->lud_host, ldapurl->lud_port); ++ } ++ } ++#endif ++ ++ + if (ldap_username != NULL || *ldap_username != '\0') + { + who = ldap_username; +@@ -591,6 +637,21 @@ + SV_LDAP_DEBUG_FILE); + ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS); + ++#if defined (USE_SSL) ++ ldap_use_ssl = _do_lookup_dhcp_enum_option (options, SV_LDAP_SSL); ++ if( ldap_use_ssl != LDAP_SSL_OFF) ++ { ++ ldap_tls_reqcert = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_REQCERT); ++ ldap_tls_ca_file = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_FILE); ++ ldap_tls_ca_dir = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_DIR); ++ ldap_tls_cert = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CERT); ++ ldap_tls_key = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_KEY); ++ ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK); ++ ldap_tls_ciphers = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CIPHERS); ++ ldap_tls_randfile = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_RANDFILE); ++ } ++#endif ++ + #if defined (LDAP_CASA_AUTH) + if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password)) + { +@@ -628,9 +689,105 @@ + log_info ("Connecting to LDAP server %s:%d", ldap_server, ldap_port); + #endif + ++#if defined (USE_SSL) ++ if (ldap_use_ssl == -1) ++ { ++ /* ++ ** There was no "ldap-ssl" option in dhcpd.conf (also not "off"). ++ ** Let's try, if we can use an anonymous TLS session without to ++ ** verify the server certificate -- if not continue without TLS. ++ */ ++ int opt = LDAP_OPT_X_TLS_ALLOW; ++ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, ++ &opt)) != LDAP_SUCCESS) ++ { ++ log_error ("Warning: Cannot set LDAP TLS require cert option to 'allow': %s", ++ ldap_err2string (ret)); ++ } ++ } ++ ++ if (ldap_use_ssl != LDAP_SSL_OFF) ++ { ++ if (ldap_tls_reqcert != -1) ++ { ++ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, ++ &ldap_tls_reqcert)) != LDAP_SUCCESS) ++ { ++ log_error ("Cannot set LDAP TLS require cert option: %s", ++ ldap_err2string (ret)); ++ } ++ } ++ ++ if( ldap_tls_ca_file != NULL) ++ { ++ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, ++ ldap_tls_ca_file)) != LDAP_SUCCESS) ++ { ++ log_error ("Cannot set LDAP TLS CA certificate file %s: %s", ++ ldap_tls_ca_file, ldap_err2string (ret)); ++ } ++ } ++ if( ldap_tls_ca_dir != NULL) ++ { ++ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, ++ ldap_tls_ca_dir)) != LDAP_SUCCESS) ++ { ++ log_error ("Cannot set LDAP TLS CA certificate dir %s: %s", ++ ldap_tls_ca_dir, ldap_err2string (ret)); ++ } ++ } ++ if( ldap_tls_cert != NULL) ++ { ++ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE, ++ ldap_tls_cert)) != LDAP_SUCCESS) ++ { ++ log_error ("Cannot set LDAP TLS client certificate file %s: %s", ++ ldap_tls_cert, ldap_err2string (ret)); ++ } ++ } ++ if( ldap_tls_key != NULL) ++ { ++ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE, ++ ldap_tls_key)) != LDAP_SUCCESS) ++ { ++ log_error ("Cannot set LDAP TLS certificate key file %s: %s", ++ ldap_tls_key, ldap_err2string (ret)); ++ } ++ } ++ if( ldap_tls_crlcheck != -1) ++ { ++ int opt = ldap_tls_crlcheck; ++ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK, ++ &opt)) != LDAP_SUCCESS) ++ { ++ log_error ("Cannot set LDAP TLS crl check option: %s", ++ ldap_err2string (ret)); ++ } ++ } ++ if( ldap_tls_ciphers != NULL) ++ { ++ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, ++ ldap_tls_ciphers)) != LDAP_SUCCESS) ++ { ++ log_error ("Cannot set LDAP TLS cipher suite %s: %s", ++ ldap_tls_ciphers, ldap_err2string (ret)); ++ } ++ } ++ if( ldap_tls_randfile != NULL) ++ { ++ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE, ++ ldap_tls_randfile)) != LDAP_SUCCESS) ++ { ++ log_error ("Cannot set LDAP TLS random file %s: %s", ++ ldap_tls_randfile, ldap_err2string (ret)); ++ } ++ } ++ } ++#endif ++ + if ((ld = ldap_init (ldap_server, ldap_port)) == NULL) + { +- log_error ("Cannot init ldap session to %s", ldap_server); ++ log_error ("Cannot init ldap session to %s:%d", ldap_server, ldap_port); + return; + } + +@@ -659,11 +816,38 @@ + } + + #if defined (USE_SSL) +- if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS) +- log_error ("Warning: Cannot start TLS session to %s: %s", +- ldap_server, ldap_err2string (ret)); +- else +- log_info ("TLS session successfully started to %s", ldap_server); ++ if (ldap_use_ssl == LDAP_SSL_LDAPS || ++ (ldap_use_ssl == LDAP_SSL_ON && ldap_port == LDAPS_PORT)) ++ { ++ int opt = LDAP_OPT_X_TLS_HARD; ++ if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS) ++ { ++ log_error ("Error: Cannot init LDAPS session to %s:%d: %s", ++ ldap_server, ldap_port, ldap_err2string (ret)); ++ ldap_stop(); ++ return; ++ } ++ else ++ { ++ log_info ("LDAPS session successfully enabled to %s:%d", ++ ldap_server, ldap_port); ++ } ++ } ++ else if (ldap_use_ssl != LDAP_SSL_OFF) ++ { ++ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS) ++ { ++ log_error ("Error: Cannot start TLS session to %s:%d: %s", ++ ldap_server, ldap_port, ldap_err2string (ret)); ++ ldap_stop(); ++ return; ++ } ++ else ++ { ++ log_info ("TLS session successfully started to %s:%d", ++ ldap_server, ldap_port); ++ } ++ } + #endif + + if (ldap_username != NULL && *ldap_username != '\0') +@@ -671,8 +855,8 @@ + if ((ret = ldap_simple_bind_s (ld, ldap_username, + ldap_password)) != LDAP_SUCCESS) + { +- log_error ("Error: Cannot login into ldap server %s: %s", ldap_server, +- ldap_err2string (ret)); ++ log_error ("Error: Cannot login into ldap server %s:%d: %s", ++ ldap_server, ldap_port, ldap_err2string (ret)); + ldap_stop(); + return; + } +--- server/stables.c ++++ server/stables.c 2007/01/24 14:28:48 +@@ -493,6 +493,27 @@ + { "ldap-debug-file", "t", &server_universe, 53 }, + { "ldap-dhcp-server-cn", "t", &server_universe, 54 }, + { "ldap-referrals", "f", &server_universe, 55 }, ++#if defined(USE_SSL) ++ { "ldap-ssl", "Nldap-ssl-usage.", &server_universe, 56 }, ++ { "ldap-tls-reqcert", "Nldap-tls-reqcert.", &server_universe, 57 }, ++ { "ldap-tls-ca-file", "t", &server_universe, 58 }, ++ { "ldap-tls-ca-dir", "t", &server_universe, 59 }, ++ { "ldap-tls-cert", "t", &server_universe, 60 }, ++ { "ldap-tls-key", "t", &server_universe, 61 }, ++ { "ldap-tls-crlcheck", "Nldap-tls-crlcheck.", &server_universe, 62 }, ++ { "ldap-tls-ciphers", "t", &server_universe, 63 }, ++ { "ldap-tls-randfile", "t", &server_universe, 64 }, ++#else ++ { "unknown-56", "X", &server_universe, 56 }, ++ { "unknown-57", "X", &server_universe, 57 }, ++ { "unknown-58", "X", &server_universe, 58 }, ++ { "unknown-59", "X", &server_universe, 59 }, ++ { "unknown-60", "X", &server_universe, 60 }, ++ { "unknown-61", "X", &server_universe, 61 }, ++ { "unknown-62", "X", &server_universe, 62 }, ++ { "unknown-63", "X", &server_universe, 63 }, ++ { "unknown-64", "X", &server_universe, 64 }, ++#endif + #else + { "unknown-47", "X", &server_universe, 47 }, + { "unknown-48", "X", &server_universe, 48 }, +@@ -503,7 +524,6 @@ + { "unknown-53", "X", &server_universe, 53 }, + { "unknown-54", "X", &server_universe, 54 }, + { "unknown-55", "X", &server_universe, 55 }, +-#endif + { "unknown-56", "X", &server_universe, 56 }, + { "unknown-57", "X", &server_universe, 57 }, + { "unknown-58", "X", &server_universe, 58 }, +@@ -513,6 +533,7 @@ + { "unknown-62", "X", &server_universe, 62 }, + { "unknown-63", "X", &server_universe, 63 }, + { "unknown-64", "X", &server_universe, 64 }, ++#endif + { "unknown-65", "X", &server_universe, 65 }, + { "unknown-66", "X", &server_universe, 66 }, + { "unknown-67", "X", &server_universe, 67 }, +@@ -718,6 +739,47 @@ + "ldap-methods", + ldap_values + }; ++ ++#if defined(USE_SSL) ++struct enumeration_value ldap_ssl_usage_values [] = { ++ { "off", LDAP_SSL_OFF }, ++ { "on", LDAP_SSL_ON }, ++ { "ldaps", LDAP_SSL_LDAPS}, ++ { "start_tls", LDAP_SSL_TLS }, ++ { (char *) 0, 0 } ++}; ++struct enumeration ldap_ssl_usage_enum = { ++ (struct enumeration *)0, ++ "ldap-ssl-usage", ++ ldap_ssl_usage_values ++}; ++ ++struct enumeration_value ldap_tls_reqcert_values [] = { ++ { "never", LDAP_OPT_X_TLS_NEVER }, ++ { "hard", LDAP_OPT_X_TLS_HARD }, ++ { "demand", LDAP_OPT_X_TLS_DEMAND}, ++ { "allow", LDAP_OPT_X_TLS_ALLOW }, ++ { "try", LDAP_OPT_X_TLS_TRY }, ++ { (char *) 0, 0 } ++}; ++struct enumeration ldap_tls_reqcert_enum = { ++ (struct enumeration *)0, ++ "ldap-tls-reqcert", ++ ldap_tls_reqcert_values ++}; ++ ++struct enumeration_value ldap_tls_crlcheck_values [] = { ++ { "none", LDAP_OPT_X_TLS_CRL_NONE}, ++ { "peer", LDAP_OPT_X_TLS_CRL_PEER}, ++ { "all", LDAP_OPT_X_TLS_CRL_ALL }, ++ { (char *) 0, 0 } ++}; ++struct enumeration ldap_tls_crlcheck_enum = { ++ (struct enumeration *)0, ++ "ldap-tls-crlcheck", ++ ldap_tls_crlcheck_values ++}; ++#endif + #endif + + struct enumeration_value ddns_styles_values [] = { diff --git a/dhcp-3.0.4-ldap-patch-strncat.diff b/dhcp-3.0.5-ldap-patch-strncat.dif similarity index 67% rename from dhcp-3.0.4-ldap-patch-strncat.diff rename to dhcp-3.0.5-ldap-patch-strncat.dif index c7f8418..9a74f34 100644 --- a/dhcp-3.0.4-ldap-patch-strncat.diff +++ b/dhcp-3.0.5-ldap-patch-strncat.dif @@ -1,20 +1,20 @@ --- server/ldap.c -+++ server/ldap.c 2006/08/28 16:12:55 -@@ -63,6 +63,13 @@ typedef struct ldap_dn_node { - static ldap_dn_node *ldap_service_dn_head = NULL; ++++ server/ldap.c 2007/01/24 12:40:58 +@@ -68,6 +68,13 @@ static ldap_dn_node *ldap_service_dn_tail = NULL; -+ + +static char * +x_strncat(char *dst, const char *src, size_t dst_size) +{ -+ size_t len = strlen(dst); -+ return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0); ++ size_t len = strlen(dst); ++ return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0); +} - ++ static void ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile) -@@ -78,9 +83,9 @@ ldap_parse_class (struct ldap_config_sta + { +@@ -82,9 +89,9 @@ return; } @@ -27,7 +27,7 @@ item->close_brace = 1; ldap_value_free (tempstr); -@@ -112,11 +117,11 @@ ldap_parse_subclass (struct ldap_config_ +@@ -116,11 +123,11 @@ return; } @@ -44,7 +44,7 @@ item->close_brace = 1; ldap_value_free (tempstr); -@@ -140,14 +145,14 @@ ldap_parse_host (struct ldap_config_stac +@@ -144,14 +151,14 @@ hwaddr = ldap_get_values (ld, item->ldent, "dhcpHWAddress"); @@ -64,7 +64,7 @@ ldap_value_free (hwaddr); } -@@ -171,9 +176,9 @@ ldap_parse_shared_network (struct ldap_c +@@ -174,9 +181,9 @@ return; } @@ -77,7 +77,7 @@ item->close_brace = 1; ldap_value_free (tempstr); -@@ -224,14 +229,14 @@ ldap_parse_subnet (struct ldap_config_st +@@ -228,14 +235,14 @@ return; } @@ -97,7 +97,7 @@ ldap_value_free (tempstr); ldap_value_free (netmaskstr); -@@ -240,10 +245,10 @@ ldap_parse_subnet (struct ldap_config_st +@@ -244,10 +251,10 @@ { for (i=0; tempstr[i] != NULL; i++) { @@ -112,7 +112,7 @@ } ldap_value_free (tempstr); } -@@ -258,17 +263,17 @@ ldap_parse_pool (struct ldap_config_stac +@@ -262,17 +269,17 @@ char **tempstr; int i; @@ -135,7 +135,7 @@ ldap_value_free (tempstr); } -@@ -276,8 +281,8 @@ ldap_parse_pool (struct ldap_config_stac +@@ -280,8 +287,8 @@ { for (i=0; tempstr[i] != NULL; i++) { @@ -146,7 +146,7 @@ } ldap_value_free (tempstr); } -@@ -289,7 +294,7 @@ ldap_parse_pool (struct ldap_config_stac +@@ -293,7 +300,7 @@ static void ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile) { @@ -155,7 +155,80 @@ item->close_brace = 1; } -@@ -625,7 +630,7 @@ next_ldap_entry (struct parse *cfile) +@@ -305,25 +312,25 @@ + + if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL) + { +- strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); + ldap_value_free (tempstr); + } + + if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeyAlgorithm")) != NULL) + { +- strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); + ldap_value_free (tempstr); + } + + if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeySecret")) != NULL) + { +- strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); + ldap_value_free (tempstr); + } + +@@ -341,18 +348,18 @@ + + if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL) + { +- strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); + ldap_value_free (tempstr); + } + + if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpDnsZoneServer")) != NULL) + { +- strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); + +- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); + ldap_value_free (tempstr); + } + +@@ -380,9 +387,9 @@ + strncpy (keyCn, cnFindStart, len); + keyCn[len] = '\0'; + +- strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE); +- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE); ++ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); + + dfree (keyCn, MDL); + } +@@ -731,7 +738,7 @@ if (ldap_stack != NULL && ldap_stack->close_brace) { @@ -164,7 +237,7 @@ ldap_stack->close_brace = 0; } -@@ -635,7 +640,7 @@ next_ldap_entry (struct parse *cfile) +@@ -741,7 +748,7 @@ { if (ldap_stack->close_brace) { @@ -173,7 +246,7 @@ ldap_stack->close_brace = 0; } -@@ -646,7 +651,7 @@ next_ldap_entry (struct parse *cfile) +@@ -752,7 +759,7 @@ if (ldap_stack != NULL && ldap_stack->close_brace) { @@ -182,7 +255,7 @@ ldap_stack->close_brace = 0; } } -@@ -722,16 +727,16 @@ ldap_parse_entry_options (LDAPMessage *e +@@ -828,16 +835,16 @@ continue; } @@ -202,7 +275,7 @@ break; } } -@@ -742,15 +747,15 @@ ldap_parse_entry_options (LDAPMessage *e +@@ -848,15 +855,15 @@ { for (i=0; tempstr[i] != NULL; i++) { diff --git a/dhcp-3.0.5-ldap-patch.gz b/dhcp-3.0.5-ldap-patch.gz new file mode 100644 index 0000000..fcbde8b --- /dev/null +++ b/dhcp-3.0.5-ldap-patch.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0bbc5c94d7d917f1dd2ae7daf7127ff75564faac21cfb1700f94f01772893197 +size 42290 diff --git a/dhcp-3.0.5-pool_eof.dif b/dhcp-3.0.5-pool_eof.dif new file mode 100644 index 0000000..a975f03 --- /dev/null +++ b/dhcp-3.0.5-pool_eof.dif @@ -0,0 +1,15 @@ +--- server/confpars.c ++++ server/confpars.c 2007/02/19 12:39:45 +@@ -1466,6 +1466,12 @@ + done = 1; + break; + ++ case END_OF_FILE: ++ parse_warn (cfile, "unexpected end of file"); ++ pool_dereference (&pool, MDL); ++ return; ++ break; ++ + default: + declaration = parse_statement (cfile, pool -> group, + POOL_DECL, diff --git a/dhcp.changes b/dhcp.changes index 2d521da..c5c9f4f 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Tue Feb 20 11:45:29 CET 2007 - mt@suse.de + +- Bug #162186: Added check for EOF in parse_pool_statement to + avoid endless recursion loop between parse_pool_statement + and parse_statement when a closing right brace "}" is missed + at the end of a pool declaration in /etc/dhcpd.conf. + New patch file: dhcp-3.0.5-pool_eof.dif +- Fixed ldap_read_function to avoid returning of empty strings + causing parsing errors in ldap-dynamic mode. + New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif + +------------------------------------------------------------------- +Thu Jan 25 11:15:57 CET 2007 - mt@suse.de + +- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes: + * unbind from the LDAP server after the config file has been ran + if the server is being ran in static mode + * fixed ldap_read_function bug where the entire configuration + was not being processed + and extensions / enhancements: + * added functions for reading config values from the config + file to clean up the ldap_start() function. + * new ldap-server-cn option that will be used to locate the + data in ldap; defaults to the hostname as before (FATE #227). + * while host is added in the ldap-method dynamic mode, try to + find if it belongs to a group and apply the group options too. + * modifies the dhcpHWAddress attribute to case-insensitive, adds + several new objectclasses, e.g. dhcpLocator, dhcpTsigKey, + dhcpDnsZone,dhcpFailOver to the dhcp.schema. + * implements support for dhcpTsigKey, dhcpDnsZone and related. + * implements auth password query via casa. +- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by + ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif +- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server + with md5 functions from openssl library instead of own copy. +- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support +- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf + ldap-server-cn option to more clear ldap-dhcp-server-cn. +- dhcp-3.0.5-ldap-patch-schema.dif +- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support + for LDAP referrals, introducing new "ldap-referrals " + option in dhcpd.conf. +- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing + TLS/LDAPS support. Adds new "ldap-ssl " + and several "ldap-tls-*" options for dhcpd.conf. By default, the + server trys to use TLS if possible, but continues without if not. + ------------------------------------------------------------------- Tue Jan 9 13:48:07 CET 2007 - mt@suse.de diff --git a/dhcp.spec b/dhcp.spec index e51f26b..34eb304 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -13,12 +13,16 @@ Name: dhcp %define omc_prefix /usr/share/omc %define omc_svcdir %{omc_prefix}/svcinfo.d +%define with_casa 0 +%if %{?with_casa:%with_casa} +BuildRequires: CASA-devel +%endif BuildRequires: openldap2-devel License: BSD License and BSD-like Group: Productivity/Networking/Boot/Servers Autoreqprov: on Version: 3.0.5 -Release: 12 +Release: 17 Summary: Common Files Used by ISC DHCP Software URL: http://www.isc.org/isc/dhcp.html Source0: http://ftp.isc.org/isc/dhcp/dhcp-%{version}.tar.gz @@ -58,13 +62,20 @@ Patch40: dhcp-3.0rc10.filedes.dif Patch41: makefile.diff Patch51: dhcp-3.0.5-tmpfile.dif Patch52: dhcp-3.0.3-man.dif +Patch53: dhcp-3.0.5-pool_eof.dif ## LDAP support for DHCP server ## patch lives here: http://home.ntelos.net/~masneyb/ %define DHCPD_LDAP 1 %if %DHCPD_LDAP -Patch60: dhcp-3.0.4-ldap-patch.gz -Patch61: dhcp-3.0.4-ldap-patch-nossl.dif -Patch62: dhcp-3.0.4-ldap-patch-strncat.diff +Patch60: dhcp-3.0.5-ldap-patch.gz +Patch61: dhcp-3.0.5-ldap-patch-strncat.dif +Patch62: dhcp-3.0.5-ldap-patch-casa-fix.dif +Patch63: dhcp-3.0.5-ldap-patch-dhcp-cn.dif +Patch64: dhcp-3.0.5-ldap-patch-schema.dif +Patch65: dhcp-3.0.5-ldap-patch-nomd5.dif +Patch66: dhcp-3.0.5-ldap-patch-referrals.dif +Patch67: dhcp-3.0.5-ldap-patch-ssl-opts.dif +Patch68: dhcp-3.0.5-ldap-patch-ldap_read.dif %endif %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 Patch70: dhcp-3.0.3b1-pie.dif @@ -197,10 +208,17 @@ Authors: %patch41 %patch51 -p1 %patch52 -p1 +%patch53 -p0 %if %DHCPD_LDAP %patch60 -p1 -%patch61 -p1 +%patch61 -p0 %patch62 -p0 +%patch63 -p0 +%patch64 -p0 +%patch65 -p0 +%patch66 -p0 +%patch67 -p0 +%patch68 -p0 %endif %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 %patch70 @@ -221,7 +239,10 @@ tar xzf $RPM_SOURCE_DIR/examples.tar.gz %build export CFLAGS -CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused -DEXTENDED_NEW_OPTION_INFO -DLDAP_DEPRECATED -DPARANOIA" +CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused -DEXTENDED_NEW_OPTION_INFO -DLDAP_DEPRECATED -DUSE_SSL -DPARANOIA" +%if %{?with_casa:%with_casa} + CFLAGS="$CFLAGS -DLDAP_CASA_AUTH" +%endif %ifarch ia64 sparc64 alpha s390x ppc64 x86_64 CFLAGS="$CFLAGS -DPTRSIZE_64BIT" %endif @@ -501,7 +522,49 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %doc %{_mandir}/man3/omapi.3.gz %doc %{_mandir}/man3/dhcpctl.3.gz -%changelog -n dhcp +%changelog +* Tue Feb 20 2007 - mt@suse.de +- Bug #162186: Added check for EOF in parse_pool_statement to + avoid endless recursion loop between parse_pool_statement + and parse_statement when a closing right brace "}" is missed + at the end of a pool declaration in /etc/dhcpd.conf. + New patch file: dhcp-3.0.5-pool_eof.dif +- Fixed ldap_read_function to avoid returning of empty strings + causing parsing errors in ldap-dynamic mode. + New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif +* Thu Jan 25 2007 - mt@suse.de +- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes: + * unbind from the LDAP server after the config file has been ran + if the server is being ran in static mode + * fixed ldap_read_function bug where the entire configuration + was not being processed + and extensions / enhancements: + * added functions for reading config values from the config + file to clean up the ldap_start() function. + * new ldap-server-cn option that will be used to locate the + data in ldap; defaults to the hostname as before (FATE #227). + * while host is added in the ldap-method dynamic mode, try to + find if it belongs to a group and apply the group options too. + * modifies the dhcpHWAddress attribute to case-insensitive, adds + several new objectclasses, e.g. dhcpLocator, dhcpTsigKey, + dhcpDnsZone,dhcpFailOver to the dhcp.schema. + * implements support for dhcpTsigKey, dhcpDnsZone and related. + * implements auth password query via casa. +- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by + ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif +- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server + with md5 functions from openssl library instead of own copy. +- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support +- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf + ldap-server-cn option to more clear ldap-dhcp-server-cn. +- dhcp-3.0.5-ldap-patch-schema.dif +- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support + for LDAP referrals, introducing new "ldap-referrals " + option in dhcpd.conf. +- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing + TLS/LDAPS support. Adds new "ldap-ssl " + and several "ldap-tls-*" options for dhcpd.conf. By default, the + server trys to use TLS if possible, but continues without if not. * Tue Jan 09 2007 - mt@suse.de - Added installation of dhcpd.xml, dhcpd service description for omc xml-service-provider, fate #301710. diff --git a/rc.dhcpd b/rc.dhcpd index 8a2343e..8e9f21f 100644 --- a/rc.dhcpd +++ b/rc.dhcpd @@ -162,7 +162,8 @@ case "$1" in for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do test -d $CHROOT_PREFIX/${i%/*} || mkdir -p $CHROOT_PREFIX/${i%/*} done - for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES /etc/{resolv.conf,host.conf,hosts,localtime}; do + rm -f $CHROOT_PREFIX/dev/urandom + for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES /etc/{resolv.conf,host.conf,hosts,localtime} /dev/urandom; do if ! test -e $i; then continue; fi # neither of them is absolutely necessary cp -aL $i $CHROOT_PREFIX/$i &>/dev/null \ || { echo "...$0:$LINENO: could not copy $i to chroot jail"; rc_failed; rc_status -v1; exit 6; }