rpm/dhcp
SHA256
1
0
Fork 0
forked from pool/dhcp
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=2

Browse Source
This commit is contained in:
OBS User unknown 2007-02-25 22:22:54 +00:00 committed by Git OBS Bridge
parent cfcbc0cde3
commit e6256e3a47
15 changed files with 1090 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
dhcp-3.0.4-ldap-patch-nossl.dif
View File

@ -1,32 +0,0 @@
diff -u dhcp-3.0.4-ldap/dst/Makefile.dist dhcp-3.0.4-ldap/dst/Makefile.dist
--- dhcp-3.0.4-ldap/dst/Makefile.dist 2006-05-08 08:30:33.000000000 -0400
+++ dhcp-3.0.4-ldap/dst/Makefile.dist 2006-05-08 08:30:33.000000000 -0400
@@ -21,8 +21,8 @@
# <info@isc.org>
# http://www.isc.org/
-SRC = dst_support.c dst_api.c hmac_link.c base64.c prandom.c
-OBJ = dst_support.o dst_api.o hmac_link.o base64.o prandom.o
+SRC = dst_support.c dst_api.c hmac_link.c md5_dgst.c base64.c prandom.c
+OBJ = dst_support.o dst_api.o hmac_link.o md5_dgst.o base64.o prandom.o
HDRS = dst_internal.h md5.h md5_locl.h
INCLUDES = $(BINDINC) -I$(TOP)/includes
diff -u dhcp-3.0.4-ldap/site.conf dhcp-3.0.4-ldap/site.conf
--- dhcp-3.0.4-ldap/site.conf 2006-05-08 08:30:33.000000000 -0400
+++ dhcp-3.0.4-ldap/site.conf 2006-05-08 08:30:33.000000000 -0400
@@ -4 +4,2 @@
-LIBS=-lssl -lcrypto -lldap -llber
+#LIBS=-lssl -lcrypto -lldap -llber
+#LIBS=-lldap -llber
--- dhcp-3.0.4/configure 2004-09-10 17:02:30.000000000 -0400
+++ dhcp-3.0.4-ldap/configure 2005-07-25 08:14:44.000000000 -0400
@@ -269,4 +269,8 @@
make links
fi
+mv $workname/server/Makefile $workname/server/Makefile.noldap
+cat $workname/server/Makefile.noldap | sed 's/^LIBS =/LIBS=-lldap -llber/' > $workname/server/Makefile.ldap
+ln $workname/server/Makefile.ldap $workname/server/Makefile
+
exit 0

3
dhcp-3.0.4-ldap-patch.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a05f121b66797a8e97a7695acf7c6f05b5e25b310a7d43d784915529de95f815
size 62497

53
dhcp-3.0.5-ldap-patch-casa-fix.dif Normal file
View File

@ -0,0 +1,53 @@
--- server/ldap.c
+++ server/ldap.c 2007/01/24 12:43:12
@@ -462,7 +462,7 @@
{
ret = dmalloc (db.len + 1, MDL);
if (ret == NULL)
- log_fatal ("no memory for ldap username");
+ log_fatal ("no memory for ldap option %d value", option_name);
memcpy (ret, db.data, db.len);
ret[db.len] = 0;
@@ -562,7 +562,7 @@
SV_LDAP_DEBUG_FILE);
#if defined (LDAP_CASA_AUTH)
- if (!load_uname_pwd_from_miCASA(ldap_username,ldap_password))
+ if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
{
#if defined (DEBUG_LDAP)
log_info ("Authentication credential taken from file");
--- server/ldap_casa.c
+++ server/ldap_casa.c 2007/01/24 12:43:12
@@ -81,9 +81,9 @@
load_uname_pwd_from_miCASA (char **ldap_username, char **ldap_password)
{
int result = 0;
- int32_t credentialtype = SSCS_CRED_TYPE_SERVER_F;
- SSCS_BASIC_CREDENTIAL credential = {0};
- SSCS_SECRET_ID_T applicationSecretId = {0};
+ uint32_t credentialtype = SSCS_CRED_TYPE_SERVER_F;
+ SSCS_BASIC_CREDENTIAL credential;
+ SSCS_SECRET_ID_T applicationSecretId;
char *tempVar = NULL;
const char applicationName[10] = "dhcp-ldap";
@@ -105,15 +105,15 @@
if(credential.unLen)
{
tempVar = dmalloc (credential.unLen + 1, MDL);
- memcpy(tempVar , credential.username, credential.unLen);
if (!tempVar)
log_fatal ("no memory for ldap_username");
+ memcpy(tempVar , credential.username, credential.unLen);
*ldap_username = tempVar;
tempVar = dmalloc (credential.pwordLen + 1, MDL);
- memcpy(tempVar, credential.password, credential.pwordLen);
if (!tempVar)
log_fatal ("no memory for ldap_password");
+ memcpy(tempVar, credential.password, credential.pwordLen);
*ldap_password = tempVar;
#if defined (DEBUG_LDAP)

66
dhcp-3.0.5-ldap-patch-dhcp-cn.dif Normal file
View File

@ -0,0 +1,66 @@
--- includes/dhcpd.h
+++ includes/dhcpd.h 2007/01/24 12:44:24
@@ -461,7 +461,7 @@
# define SV_LDAP_BASE_DN 51
# define SV_LDAP_METHOD 52
# define SV_LDAP_DEBUG_FILE 53
-# define SV_LDAP_SERVER_CN 54
+# define SV_LDAP_DHCP_SERVER_CN 54
#endif
#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
--- server/ldap.c
+++ server/ldap.c 2007/01/24 12:44:24
@@ -51,7 +51,7 @@
*ldap_username = NULL,
*ldap_password = NULL,
*ldap_base_dn = NULL,
- *ldap_server_cn = NULL,
+ *ldap_dhcp_server_cn = NULL,
*ldap_debug_file = NULL;
static int ldap_port = LDAP_PORT,
ldap_method = LDAP_METHOD_DYNAMIC,
@@ -553,8 +553,8 @@
options, &global_scope, root_group, (struct group *) NULL);
ldap_server = _do_lookup_dhcp_string_option (options, SV_LDAP_SERVER);
- ldap_server_cn = _do_lookup_dhcp_string_option (options,
- SV_LDAP_SERVER_CN);
+ ldap_dhcp_server_cn = _do_lookup_dhcp_string_option (options,
+ SV_LDAP_DHCP_SERVER_CN);
ldap_port = _do_lookup_dhcp_int_option (options, SV_LDAP_PORT);
ldap_base_dn = _do_lookup_dhcp_string_option (options, SV_LDAP_BASE_DN);
ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD);
@@ -1123,10 +1123,10 @@
return (res);
uname (&unme);
- if (ldap_server_cn != NULL)
+ if (ldap_dhcp_server_cn != NULL)
{
snprintf (hfilter, sizeof (hfilter),
- "(&(objectClass=dhcpServer)(cn=%s))", ldap_server_cn);
+ "(&(objectClass=dhcpServer)(cn=%s))", ldap_dhcp_server_cn);
}
else
{
@@ -1148,7 +1148,7 @@
hfilter, NULL, 0, &hostres)) != LDAP_SUCCESS)
{
log_error ("Cannot find host LDAP entry %s %s",
- ((ldap_server_cn == NULL)?(unme.nodename):(ldap_server_cn)), hfilter);
+ ((ldap_dhcp_server_cn == NULL)?(unme.nodename):(ldap_dhcp_server_cn)), hfilter);
if(NULL != hostres)
ldap_msgfree (hostres);
ldap_stop();
--- server/stables.c
+++ server/stables.c 2007/01/24 12:44:24
@@ -491,7 +491,7 @@
{ "ldap-base-dn", "t", &server_universe, 51 },
{ "ldap-method", "Nldap-methods.", &server_universe, 52 },
{ "ldap-debug-file", "t", &server_universe, 53 },
- { "ldap-server-cn", "t", &server_universe, 54 },
+ { "ldap-dhcp-server-cn", "t", &server_universe, 54 },
#else
{ "unknown-47", "X", &server_universe, 47 },
{ "unknown-48", "X", &server_universe, 48 },

29
dhcp-3.0.5-ldap-patch-ldap_read.dif Normal file
View File

@ -0,0 +1,29 @@
--- server/ldap.c
+++ server/ldap.c 2007/02/20 09:38:15
@@ -1249,12 +1249,13 @@
cfile->inbuf[0] = '\0';
cfile->buflen = 0;
+ while (ldap_stack != NULL && *cfile->inbuf == '\0')
+ ldap_generate_config_string (cfile);
+
if (ldap_stack == NULL && *cfile->inbuf == '\0')
return (EOF);
- if (ldap_stack != NULL && *cfile->inbuf == '\0')
- ldap_generate_config_string (cfile);
-
+ cfile->bufix = 1;
cfile->buflen = strlen (cfile->inbuf);
if (cfile->buflen > 0)
ldap_write_debug (cfile->inbuf, cfile->buflen);
@@ -1263,9 +1264,6 @@
log_info ("Sending config line '%s'", cfile->inbuf);
#endif
- cfile->buflen = strlen (cfile->inbuf);
- cfile->bufix = 1;
-
return (cfile->inbuf[0]);
}

57
dhcp-3.0.5-ldap-patch-nomd5.dif Normal file
View File

@ -0,0 +1,57 @@
--- dst/Makefile.dist
+++ dst/Makefile.dist 2007/01/24 13:20:43
@@ -21,14 +21,15 @@
# <info@isc.org>
# http://www.isc.org/
-SRC = dst_support.c dst_api.c hmac_link.c base64.c prandom.c
-OBJ = dst_support.o dst_api.o hmac_link.o base64.o prandom.o
+SRC = dst_support.c dst_api.c hmac_link.c md5_dgst.c base64.c prandom.c
+OBJ = dst_support.o dst_api.o hmac_link.o md5_dgst.o base64.o prandom.o
+OBJ_NM5= dst_support.o dst_api.o hmac_link.o base64.o prandom.o
HDRS = dst_internal.h md5.h md5_locl.h
INCLUDES = $(BINDINC) -I$(TOP)/includes
CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS) -DHMAC_MD5 -DMINIRES_LIB
-all: libdst.a
+all: libdst.a libdst-nomd5.a
install:
@@ -37,11 +38,16 @@
ar cruv libdst.a $(OBJ)
$(RANLIB) libdst.a
+libdst-nomd5.a: $(OBJ_NM5)
+ rm -f libdst-nomd5.a
+ ar cruv libdst-nomd5.a $(OBJ_NM5)
+ $(RANLIB) libdst-nomd5.a
+
depend:
$(MKDEP) $(INCLUDES) $(PREDEFINES) $(SRC)
clean:
- -rm -f $(OBJ) libdst.a
+ -rm -f $(OBJ) libdst.a libdst-nomd5.a
realclean: clean
-rm -f *~ $(CATMANPAGES) $(SEDMANPAGES)
--- server/Makefile.dist
+++ server/Makefile.dist 2007/01/24 13:15:15
@@ -32,7 +32,7 @@
MAN = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes
-DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst.a
+DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst-nomd5.a -lssl -lcrypto -lldap -llber
CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS)
all: $(PROG) $(CATMANPAGES)
--- site.conf
+++ site.conf 2007/01/24 13:18:36
@@ -1,4 +1,3 @@
# Put local site configuration stuff here to override the default
# settings in Makefile.conf
#COPTS = -DDEBUG_LDAP -DLDAP_CASA_AUTH -DDEBUG_CLASS_MATCHING -Wall -O -Wno-unused
-LIBS=-lssl -lcrypto -lldap -llber

107
dhcp-3.0.5-ldap-patch-referrals.dif Normal file
View File

@ -0,0 +1,107 @@
--- includes/dhcpd.h
+++ includes/dhcpd.h 2007/01/24 13:50:54
@@ -462,6 +462,7 @@
# define SV_LDAP_METHOD 52
# define SV_LDAP_DEBUG_FILE 53
# define SV_LDAP_DHCP_SERVER_CN 54
+# define SV_LDAP_REFERRALS 55
#endif
#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
--- server/ldap.c
+++ server/ldap.c 2007/01/24 14:25:16
@@ -55,6 +55,7 @@
*ldap_debug_file = NULL;
static int ldap_port = LDAP_PORT,
ldap_method = LDAP_METHOD_DYNAMIC,
+ ldap_referrals = -1,
ldap_debug_fd = -1;
static struct ldap_config_stack *ldap_stack = NULL;
@@ -532,6 +533,34 @@
return (ret);
}
+int
+ldap_rebind_cb (LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *parms)
+{
+ int ret;
+ LDAPURLDesc *ldapurl = NULL;
+ char *who = NULL, *pwd = NULL;
+
+ log_info("LDAP rebind to '%s'", url);
+ if ((ret = ldap_url_parse(url, &ldapurl)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Can not parse ldap rebind url '%s': %s",
+ url, ldap_err2string(ret));
+ return ret;
+ }
+
+ if (ldap_username != NULL || *ldap_username != '\0')
+ {
+ who = ldap_username;
+ pwd = ldap_password;
+ }
+
+ if ((ret = ldap_simple_bind_s (ld, who, pwd)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot login into ldap server %s:%d: %s",
+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
+ }
+ return ret;
+}
static void
ldap_start (void)
@@ -560,6 +589,7 @@
ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD);
ldap_debug_file = _do_lookup_dhcp_string_option (options,
SV_LDAP_DEBUG_FILE);
+ ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS);
#if defined (LDAP_CASA_AUTH)
if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
@@ -611,6 +641,23 @@
ldap_err2string (ret));
}
+ if (ldap_referrals != -1)
+ {
+ if ((ret = ldap_set_option (ld, LDAP_OPT_REFERRALS, ldap_referrals ?
+ LDAP_OPT_ON : LDAP_OPT_OFF)) != LDAP_OPT_SUCCESS)
+ {
+ log_error ("Cannot %s LDAP referrals option: %s",
+ (ldap_referrals ? "enable" : "disable"),
+ ldap_err2string (ret));
+ }
+ }
+
+ if ((ret = ldap_set_rebind_proc(ld, ldap_rebind_cb, NULL)) != LDAP_SUCCESS)
+ {
+ log_error ("Warning: Cannot set ldap rebind procedure: %s",
+ ldap_err2string (ret));
+ }
+
#if defined (USE_SSL)
if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
log_error ("Warning: Cannot start TLS session to %s: %s",
--- server/stables.c
+++ server/stables.c 2007/01/24 13:52:54
@@ -492,6 +492,7 @@
{ "ldap-method", "Nldap-methods.", &server_universe, 52 },
{ "ldap-debug-file", "t", &server_universe, 53 },
{ "ldap-dhcp-server-cn", "t", &server_universe, 54 },
+ { "ldap-referrals", "f", &server_universe, 55 },
#else
{ "unknown-47", "X", &server_universe, 47 },
{ "unknown-48", "X", &server_universe, 48 },
@@ -501,8 +502,8 @@
{ "unknown-52", "X", &server_universe, 52 },
{ "unknown-53", "X", &server_universe, 53 },
{ "unknown-54", "X", &server_universe, 54 },
-#endif
{ "unknown-55", "X", &server_universe, 55 },
+#endif
{ "unknown-56", "X", &server_universe, 56 },
{ "unknown-57", "X", &server_universe, 57 },
{ "unknown-58", "X", &server_universe, 58 },

113
dhcp-3.0.5-ldap-patch-schema.dif Normal file
View File

@ -0,0 +1,113 @@
--- contrib/dhcp.schema
+++ contrib/dhcp.schema 2007/01/24 12:45:49
@@ -268,73 +268,67 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 2.16.840.1.113719.1.203.4.46
- NAME 'dhcpFailOverRole'
+ NAME 'dhcpFailOverPrimaryServer'
EQUALITY caseIgnoreIA5Match
- DESC 'Role of the DHCP Server. Either primary or secondary'
+ DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.47
- NAME 'dhcpFailOverReceiveAddress'
+ NAME 'dhcpFailOverSecondaryServer'
EQUALITY caseIgnoreIA5Match
- DESC 'IP address or DNS name on which the server should listen for connections from its fail over peer'
+ DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-attributetype ( 2.16.840.1.113719.1.203.4.48
- NAME 'dhcpFailOverPeerAddress'
- EQUALITY caseIgnoreIA5Match
- DESC 'IP address or DNS name to which the server should connect to reach its fail over peer'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.49
- NAME 'dhcpFailOverPeerPort'
+attributetype ( 2.16.840.1.113719.1.203.4.48
+ NAME 'dhcpFailOverPrimaryPort'
EQUALITY integerMatch
- DESC 'Port to which server should connect to reach its fail over peer'
+ DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.50
- NAME 'dhcpFailOverReceivePort'
+attributetype ( 2.16.840.1.113719.1.203.4.49
+ NAME 'dhcpFailOverSecondaryPort'
EQUALITY integerMatch
- DESC 'Port on which server should listen for connections from its fail over peer'
+ DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.51
+attributetype ( 2.16.840.1.113719.1.203.4.50
NAME 'dhcpFailOverResponseDelay'
EQUALITY integerMatch
DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.52
- NAME 'dhcpFailOverUnpackedUpdates'
+attributetype ( 2.16.840.1.113719.1.203.4.51
+ NAME 'dhcpFailOverUnackedUpdates'
EQUALITY integerMatch
DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.53
+attributetype ( 2.16.840.1.113719.1.203.4.52
NAME 'dhcpFailOverSplit'
EQUALITY integerMatch
DESC 'Split between the primary and secondary servers for fail over purpose'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.54
+attributetype ( 2.16.840.1.113719.1.203.4.53
NAME 'dhcpFailOverLoadBalanceTime'
EQUALITY integerMatch
DESC 'Cutoff time in seconds, after which load balance is disabled'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-attributetype ( 2.16.840.1.113719.1.203.4.55
+attributetype ( 2.16.840.1.113719.1.203.4.54
NAME 'dhcpFailOverPeerDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
#List of all servers in the tree
-attributetype ( 2.16.840.1.113719.1.203.4.56
+attributetype ( 2.16.840.1.113719.1.203.4.55
NAME 'dhcpServerDN'
EQUALITY distinguishedNameMatch
DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-attributetype ( 2.16.840.1.113719.1.203.4.57
+attributetype ( 2.16.840.1.113719.1.203.4.56
NAME 'dhcpComments'
EQUALITY caseIgnoreIA5Match
DESC 'Generic attribute that allows coments within any DHCP object'
@@ -415,7 +409,7 @@
DESC 'This class represents an IP Address, which may or may not have been leased.'
SUP top
MUST ( cn $ dhcpAddressState )
- MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpOption )
+ MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress )
X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
objectclass ( 2.16.840.1.113719.1.203.6.11
@@ -454,7 +448,8 @@
NAME 'dhcpFailOverPeer'
DESC 'This class defines the Fail over peer'
SUP top
- MUST ( cn $ dhcpFailOverRole $ dhcpFailOverReceiveAddress $ dhcpFailOverPeerAddress $ dhcpFailoverReceivePort $ dhcpFailOverPeerPort ) MAY ( dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+ MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments )
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.16
NAME 'dhcpLocator'

433
dhcp-3.0.5-ldap-patch-ssl-opts.dif Normal file
View File

@ -0,0 +1,433 @@
--- includes/dhcpd.h
+++ includes/dhcpd.h 2007/01/24 14:28:48
@@ -255,6 +255,12 @@
# define LDAP_BUFFER_SIZE 8192
# define LDAP_METHOD_STATIC 0
# define LDAP_METHOD_DYNAMIC 1
+#if defined (USE_SSL)
+# define LDAP_SSL_OFF 0
+# define LDAP_SSL_ON 1
+# define LDAP_SSL_TLS 2
+# define LDAP_SSL_LDAPS 3
+#endif
/* This is a tree of the current configuration we are building from LDAP */
@@ -463,6 +469,17 @@
# define SV_LDAP_DEBUG_FILE 53
# define SV_LDAP_DHCP_SERVER_CN 54
# define SV_LDAP_REFERRALS 55
+#if defined (USE_SSL)
+# define SV_LDAP_SSL 56
+# define SV_LDAP_TLS_REQCERT 57
+# define SV_LDAP_TLS_CA_FILE 58
+# define SV_LDAP_TLS_CA_DIR 59
+# define SV_LDAP_TLS_CERT 60
+# define SV_LDAP_TLS_KEY 61
+# define SV_LDAP_TLS_CRLCHECK 62
+# define SV_LDAP_TLS_CIPHERS 63
+# define SV_LDAP_TLS_RANDFILE 64
+#endif
#endif
#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
@@ -2682,6 +2699,11 @@
/* ldap.c */
#if defined(LDAP_CONFIGURATION)
extern struct enumeration ldap_methods;
+#if defined (USE_SSL)
+extern struct enumeration ldap_ssl_usage_enum;
+extern struct enumeration ldap_tls_reqcert_enum;
+extern struct enumeration ldap_tls_crlcheck_enum;
+#endif
isc_result_t ldap_read_config (void);
int find_haddr_in_ldap (struct host_decl **, int, unsigned,
const unsigned char *, const char *, int);
--- README.ldap
+++ README.ldap 2007/01/24 17:50:13
@@ -43,6 +43,7 @@
SSL, you will need to perform the following steps:
* Edit the includes/site.h file and uncomment the USE_SSL line
+ or specify "-DUSE_SSL" via CFLAGS.
* Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o
from the SRC= and OBJ= lines (around line 24)
* Now run configure in the base source directory. If you chose to enable
@@ -64,6 +65,23 @@
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";
+If SSL has been enabled at compile time using the USE_SSL flag, the dhcp
+server trys to use TLS if possible, but continues without TLS if not.
+
+You can modify this behaviour using following option in /etc/dhcpd.conf:
+
+ldap-ssl <off | ldaps | start_tls | on>
+ off: disables TLS/LDAPS.
+ ldaps: enables LDAPS -- don't forget to set ldap-port to 636.
+ start_tls: enables TLS using START_TLS command
+ on: enables LDAPS if ldap-port is set to 636 or TLS in
+ other cases.
+
+See also "man 5 ldap.conf" for description the following TLS related
+options:
+ ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert
+ ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile
+
All of these parameters should be self explanatory except for the ldap-method.
You can set this to static or dynamic. If you set it to static, the
configuration is read once on startup, and LDAP isn't used anymore. But, if you
--- server/dhcpd.c
+++ server/dhcpd.c 2007/01/24 14:28:48
@@ -530,6 +530,11 @@
add_enumeration (&syslog_enum);
#if defined (LDAP_CONFIGURATION)
add_enumeration (&ldap_methods);
+#if defined (USE_SSL)
+ add_enumeration (&ldap_ssl_usage_enum);
+ add_enumeration (&ldap_tls_reqcert_enum);
+ add_enumeration (&ldap_tls_crlcheck_enum);
+#endif
#endif
if (!group_allocate (&root_group, MDL))
--- server/ldap.c
+++ server/ldap.c 2007/01/24 14:41:26
@@ -57,6 +57,17 @@
ldap_method = LDAP_METHOD_DYNAMIC,
ldap_referrals = -1,
ldap_debug_fd = -1;
+#if defined (USE_SSL)
+static int ldap_use_ssl = -1, /* try TLS if possible */
+ ldap_tls_reqcert = -1,
+ ldap_tls_crlcheck = -1;
+static char *ldap_tls_ca_file = NULL,
+ *ldap_tls_ca_dir = NULL,
+ *ldap_tls_cert = NULL,
+ *ldap_tls_key = NULL,
+ *ldap_tls_ciphers = NULL,
+ *ldap_tls_randfile = NULL;
+#endif
static struct ldap_config_stack *ldap_stack = NULL;
typedef struct ldap_dn_node {
@@ -548,6 +559,41 @@
return ret;
}
+
+#if defined (USE_SSL)
+ if (strcasecmp(ldapurl->lud_scheme, "ldaps") == 0)
+ {
+ int opt = LDAP_OPT_X_TLS_HARD;
+ if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot init LDAPS session to %s:%d: %s",
+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
+ return ret;
+ }
+ else
+ {
+ log_info ("LDAPS session successfully enabled to %s", ldap_server);
+ }
+ }
+ else
+ if (strcasecmp(ldapurl->lud_scheme, "ldap") == 0 &&
+ ldap_use_ssl != LDAP_SSL_OFF)
+ {
+ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot start TLS session to %s:%d: %s",
+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
+ return ret;
+ }
+ else
+ {
+ log_info ("TLS session successfully started to %s:%d",
+ ldapurl->lud_host, ldapurl->lud_port);
+ }
+ }
+#endif
+
+
if (ldap_username != NULL || *ldap_username != '\0')
{
who = ldap_username;
@@ -591,6 +637,21 @@
SV_LDAP_DEBUG_FILE);
ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS);
+#if defined (USE_SSL)
+ ldap_use_ssl = _do_lookup_dhcp_enum_option (options, SV_LDAP_SSL);
+ if( ldap_use_ssl != LDAP_SSL_OFF)
+ {
+ ldap_tls_reqcert = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_REQCERT);
+ ldap_tls_ca_file = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_FILE);
+ ldap_tls_ca_dir = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_DIR);
+ ldap_tls_cert = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CERT);
+ ldap_tls_key = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_KEY);
+ ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
+ ldap_tls_ciphers = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CIPHERS);
+ ldap_tls_randfile = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_RANDFILE);
+ }
+#endif
+
#if defined (LDAP_CASA_AUTH)
if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
{
@@ -628,9 +689,105 @@
log_info ("Connecting to LDAP server %s:%d", ldap_server, ldap_port);
#endif
+#if defined (USE_SSL)
+ if (ldap_use_ssl == -1)
+ {
+ /*
+ ** There was no "ldap-ssl" option in dhcpd.conf (also not "off").
+ ** Let's try, if we can use an anonymous TLS session without to
+ ** verify the server certificate -- if not continue without TLS.
+ */
+ int opt = LDAP_OPT_X_TLS_ALLOW;
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
+ &opt)) != LDAP_SUCCESS)
+ {
+ log_error ("Warning: Cannot set LDAP TLS require cert option to 'allow': %s",
+ ldap_err2string (ret));
+ }
+ }
+
+ if (ldap_use_ssl != LDAP_SSL_OFF)
+ {
+ if (ldap_tls_reqcert != -1)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
+ &ldap_tls_reqcert)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS require cert option: %s",
+ ldap_err2string (ret));
+ }
+ }
+
+ if( ldap_tls_ca_file != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE,
+ ldap_tls_ca_file)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS CA certificate file %s: %s",
+ ldap_tls_ca_file, ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_ca_dir != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR,
+ ldap_tls_ca_dir)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS CA certificate dir %s: %s",
+ ldap_tls_ca_dir, ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_cert != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE,
+ ldap_tls_cert)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS client certificate file %s: %s",
+ ldap_tls_cert, ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_key != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE,
+ ldap_tls_key)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS certificate key file %s: %s",
+ ldap_tls_key, ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_crlcheck != -1)
+ {
+ int opt = ldap_tls_crlcheck;
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
+ &opt)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS crl check option: %s",
+ ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_ciphers != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
+ ldap_tls_ciphers)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS cipher suite %s: %s",
+ ldap_tls_ciphers, ldap_err2string (ret));
+ }
+ }
+ if( ldap_tls_randfile != NULL)
+ {
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE,
+ ldap_tls_randfile)) != LDAP_SUCCESS)
+ {
+ log_error ("Cannot set LDAP TLS random file %s: %s",
+ ldap_tls_randfile, ldap_err2string (ret));
+ }
+ }
+ }
+#endif
+
if ((ld = ldap_init (ldap_server, ldap_port)) == NULL)
{
- log_error ("Cannot init ldap session to %s", ldap_server);
+ log_error ("Cannot init ldap session to %s:%d", ldap_server, ldap_port);
return;
}
@@ -659,11 +816,38 @@
}
#if defined (USE_SSL)
- if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
- log_error ("Warning: Cannot start TLS session to %s: %s",
- ldap_server, ldap_err2string (ret));
- else
- log_info ("TLS session successfully started to %s", ldap_server);
+ if (ldap_use_ssl == LDAP_SSL_LDAPS ||
+ (ldap_use_ssl == LDAP_SSL_ON && ldap_port == LDAPS_PORT))
+ {
+ int opt = LDAP_OPT_X_TLS_HARD;
+ if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot init LDAPS session to %s:%d: %s",
+ ldap_server, ldap_port, ldap_err2string (ret));
+ ldap_stop();
+ return;
+ }
+ else
+ {
+ log_info ("LDAPS session successfully enabled to %s:%d",
+ ldap_server, ldap_port);
+ }
+ }
+ else if (ldap_use_ssl != LDAP_SSL_OFF)
+ {
+ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ log_error ("Error: Cannot start TLS session to %s:%d: %s",
+ ldap_server, ldap_port, ldap_err2string (ret));
+ ldap_stop();
+ return;
+ }
+ else
+ {
+ log_info ("TLS session successfully started to %s:%d",
+ ldap_server, ldap_port);
+ }
+ }
#endif
if (ldap_username != NULL && *ldap_username != '\0')
@@ -671,8 +855,8 @@
if ((ret = ldap_simple_bind_s (ld, ldap_username,
ldap_password)) != LDAP_SUCCESS)
{
- log_error ("Error: Cannot login into ldap server %s: %s", ldap_server,
- ldap_err2string (ret));
+ log_error ("Error: Cannot login into ldap server %s:%d: %s",
+ ldap_server, ldap_port, ldap_err2string (ret));
ldap_stop();
return;
}
--- server/stables.c
+++ server/stables.c 2007/01/24 14:28:48
@@ -493,6 +493,27 @@
{ "ldap-debug-file", "t", &server_universe, 53 },
{ "ldap-dhcp-server-cn", "t", &server_universe, 54 },
{ "ldap-referrals", "f", &server_universe, 55 },
+#if defined(USE_SSL)
+ { "ldap-ssl", "Nldap-ssl-usage.", &server_universe, 56 },
+ { "ldap-tls-reqcert", "Nldap-tls-reqcert.", &server_universe, 57 },
+ { "ldap-tls-ca-file", "t", &server_universe, 58 },
+ { "ldap-tls-ca-dir", "t", &server_universe, 59 },
+ { "ldap-tls-cert", "t", &server_universe, 60 },
+ { "ldap-tls-key", "t", &server_universe, 61 },
+ { "ldap-tls-crlcheck", "Nldap-tls-crlcheck.", &server_universe, 62 },
+ { "ldap-tls-ciphers", "t", &server_universe, 63 },
+ { "ldap-tls-randfile", "t", &server_universe, 64 },
+#else
+ { "unknown-56", "X", &server_universe, 56 },
+ { "unknown-57", "X", &server_universe, 57 },
+ { "unknown-58", "X", &server_universe, 58 },
+ { "unknown-59", "X", &server_universe, 59 },
+ { "unknown-60", "X", &server_universe, 60 },
+ { "unknown-61", "X", &server_universe, 61 },
+ { "unknown-62", "X", &server_universe, 62 },
+ { "unknown-63", "X", &server_universe, 63 },
+ { "unknown-64", "X", &server_universe, 64 },
+#endif
#else
{ "unknown-47", "X", &server_universe, 47 },
{ "unknown-48", "X", &server_universe, 48 },
@@ -503,7 +524,6 @@
{ "unknown-53", "X", &server_universe, 53 },
{ "unknown-54", "X", &server_universe, 54 },
{ "unknown-55", "X", &server_universe, 55 },
-#endif
{ "unknown-56", "X", &server_universe, 56 },
{ "unknown-57", "X", &server_universe, 57 },
{ "unknown-58", "X", &server_universe, 58 },
@@ -513,6 +533,7 @@
{ "unknown-62", "X", &server_universe, 62 },
{ "unknown-63", "X", &server_universe, 63 },
{ "unknown-64", "X", &server_universe, 64 },
+#endif
{ "unknown-65", "X", &server_universe, 65 },
{ "unknown-66", "X", &server_universe, 66 },
{ "unknown-67", "X", &server_universe, 67 },
@@ -718,6 +739,47 @@
"ldap-methods",
ldap_values
};
+
+#if defined(USE_SSL)
+struct enumeration_value ldap_ssl_usage_values [] = {
+ { "off", LDAP_SSL_OFF },
+ { "on", LDAP_SSL_ON },
+ { "ldaps", LDAP_SSL_LDAPS},
+ { "start_tls", LDAP_SSL_TLS },
+ { (char *) 0, 0 }
+};
+struct enumeration ldap_ssl_usage_enum = {
+ (struct enumeration *)0,
+ "ldap-ssl-usage",
+ ldap_ssl_usage_values
+};
+
+struct enumeration_value ldap_tls_reqcert_values [] = {
+ { "never", LDAP_OPT_X_TLS_NEVER },
+ { "hard", LDAP_OPT_X_TLS_HARD },
+ { "demand", LDAP_OPT_X_TLS_DEMAND},
+ { "allow", LDAP_OPT_X_TLS_ALLOW },
+ { "try", LDAP_OPT_X_TLS_TRY },
+ { (char *) 0, 0 }
+};
+struct enumeration ldap_tls_reqcert_enum = {
+ (struct enumeration *)0,
+ "ldap-tls-reqcert",
+ ldap_tls_reqcert_values
+};
+
+struct enumeration_value ldap_tls_crlcheck_values [] = {
+ { "none", LDAP_OPT_X_TLS_CRL_NONE},
+ { "peer", LDAP_OPT_X_TLS_CRL_PEER},
+ { "all", LDAP_OPT_X_TLS_CRL_ALL },
+ { (char *) 0, 0 }
+};
+struct enumeration ldap_tls_crlcheck_enum = {
+ (struct enumeration *)0,
+ "ldap-tls-crlcheck",
+ ldap_tls_crlcheck_values
+};
+#endif
#endif
struct enumeration_value ddns_styles_values [] = {

111
dhcp-3.0.4-ldap-patch-strncat.diff → dhcp-3.0.5-ldap-patch-strncat.dif
View File

@ -1,20 +1,20 @@
--- server/ldap.c
+++ server/ldap.c 2006/08/28 16:12:55
@@ -63,6 +63,13 @@ typedef struct ldap_dn_node {
static ldap_dn_node *ldap_service_dn_head = NULL;
+++ server/ldap.c 2007/01/24 12:40:58
@@ -68,6 +68,13 @@
static ldap_dn_node *ldap_service_dn_tail = NULL;
+
+static char *
+x_strncat(char *dst, const char *src, size_t dst_size)
+{
+ size_t len = strlen(dst);
+ return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0);
+}
+
static void
ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile)
@@ -78,9 +83,9 @@ ldap_parse_class (struct ldap_config_sta
{
@@ -82,9 +89,9 @@
return;
}
@ -27,7 +27,7 @@
item->close_brace = 1;
ldap_value_free (tempstr);
@@ -112,11 +117,11 @@ ldap_parse_subclass (struct ldap_config_
@@ -116,11 +123,11 @@
return;
}
@ -44,7 +44,7 @@
item->close_brace = 1;
ldap_value_free (tempstr);
@@ -140,14 +145,14 @@ ldap_parse_host (struct ldap_config_stac
@@ -144,14 +151,14 @@
hwaddr = ldap_get_values (ld, item->ldent, "dhcpHWAddress");
@ -64,7 +64,7 @@
ldap_value_free (hwaddr);
}
@@ -171,9 +176,9 @@ ldap_parse_shared_network (struct ldap_c
@@ -174,9 +181,9 @@
return;
}
@ -77,7 +77,7 @@
item->close_brace = 1;
ldap_value_free (tempstr);
@@ -224,14 +229,14 @@ ldap_parse_subnet (struct ldap_config_st
@@ -228,14 +235,14 @@
return;
}
@ -97,7 +97,7 @@
ldap_value_free (tempstr);
ldap_value_free (netmaskstr);
@@ -240,10 +245,10 @@ ldap_parse_subnet (struct ldap_config_st
@@ -244,10 +251,10 @@
{
for (i=0; tempstr[i] != NULL; i++)
{
@ -112,7 +112,7 @@
}
ldap_value_free (tempstr);
}
@@ -258,17 +263,17 @@ ldap_parse_pool (struct ldap_config_stac
@@ -262,17 +269,17 @@
char **tempstr;
int i;
@ -135,7 +135,7 @@
ldap_value_free (tempstr);
}
@@ -276,8 +281,8 @@ ldap_parse_pool (struct ldap_config_stac
@@ -280,8 +287,8 @@
{
for (i=0; tempstr[i] != NULL; i++)
{
@ -146,7 +146,7 @@
}
ldap_value_free (tempstr);
}
@@ -289,7 +294,7 @@ ldap_parse_pool (struct ldap_config_stac
@@ -293,7 +300,7 @@
static void
ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile)
{
@ -155,7 +155,80 @@
item->close_brace = 1;
}
@@ -625,7 +630,7 @@ next_ldap_entry (struct parse *cfile)
@@ -305,25 +312,25 @@
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL)
{
- strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeyAlgorithm")) != NULL)
{
- strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeySecret")) != NULL)
{
- strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
@@ -341,18 +348,18 @@
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL)
{
- strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpDnsZoneServer")) != NULL)
{
- strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
ldap_value_free (tempstr);
}
@@ -380,9 +387,9 @@
strncpy (keyCn, cnFindStart, len);
keyCn[len] = '\0';
- strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE);
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
dfree (keyCn, MDL);
}
@@ -731,7 +738,7 @@
if (ldap_stack != NULL && ldap_stack->close_brace)
{
@ -164,7 +237,7 @@
ldap_stack->close_brace = 0;
}
@@ -635,7 +640,7 @@ next_ldap_entry (struct parse *cfile)
@@ -741,7 +748,7 @@
{
if (ldap_stack->close_brace)
{
@ -173,7 +246,7 @@
ldap_stack->close_brace = 0;
}
@@ -646,7 +651,7 @@ next_ldap_entry (struct parse *cfile)
@@ -752,7 +759,7 @@
if (ldap_stack != NULL && ldap_stack->close_brace)
{
@ -182,7 +255,7 @@
ldap_stack->close_brace = 0;
}
}
@@ -722,16 +727,16 @@ ldap_parse_entry_options (LDAPMessage *e
@@ -828,16 +835,16 @@
continue;
}
@ -202,7 +275,7 @@
break;
}
}
@@ -742,15 +747,15 @@ ldap_parse_entry_options (LDAPMessage *e
@@ -848,15 +855,15 @@
{
for (i=0; tempstr[i] != NULL; i++)
{

3
dhcp-3.0.5-ldap-patch.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0bbc5c94d7d917f1dd2ae7daf7127ff75564faac21cfb1700f94f01772893197
size 42290

15
dhcp-3.0.5-pool_eof.dif Normal file
View File

@ -0,0 +1,15 @@
--- server/confpars.c
+++ server/confpars.c 2007/02/19 12:39:45
@@ -1466,6 +1466,12 @@
done = 1;
break;
+ case END_OF_FILE:
+ parse_warn (cfile, "unexpected end of file");
+ pool_dereference (&pool, MDL);
+ return;
+ break;
+
default:
declaration = parse_statement (cfile, pool -> group,
POOL_DECL,

48
dhcp.changes
View File

@ -1,3 +1,51 @@
-------------------------------------------------------------------
Tue Feb 20 11:45:29 CET 2007 - mt@suse.de
- Bug #162186: Added check for EOF in parse_pool_statement to
avoid endless recursion loop between parse_pool_statement
and parse_statement when a closing right brace "}" is missed
at the end of a pool declaration in /etc/dhcpd.conf.
New patch file: dhcp-3.0.5-pool_eof.dif
- Fixed ldap_read_function to avoid returning of empty strings
causing parsing errors in ldap-dynamic mode.
New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif
-------------------------------------------------------------------
Thu Jan 25 11:15:57 CET 2007 - mt@suse.de
- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes:
* unbind from the LDAP server after the config file has been ran
if the server is being ran in static mode
* fixed ldap_read_function bug where the entire configuration
was not being processed
and extensions / enhancements:
* added functions for reading config values from the config
file to clean up the ldap_start() function.
* new ldap-server-cn option that will be used to locate the
data in ldap; defaults to the hostname as before (FATE #227).
* while host is added in the ldap-method dynamic mode, try to
find if it belongs to a group and apply the group options too.
* modifies the dhcpHWAddress attribute to case-insensitive, adds
several new objectclasses, e.g. dhcpLocator, dhcpTsigKey,
dhcpDnsZone,dhcpFailOver to the dhcp.schema.
* implements support for dhcpTsigKey, dhcpDnsZone and related.
* implements auth password query via casa.
- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by
ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif
- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server
with md5 functions from openssl library instead of own copy.
- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support
- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf
ldap-server-cn option to more clear ldap-dhcp-server-cn.
- dhcp-3.0.5-ldap-patch-schema.dif
- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support
for LDAP referrals, introducing new "ldap-referrals <on|off>"
option in dhcpd.conf.
- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing
TLS/LDAPS support. Adds new "ldap-ssl <on|off|ldaps|start_tls>"
and several "ldap-tls-*" options for dhcpd.conf. By default, the
server trys to use TLS if possible, but continues without if not.
-------------------------------------------------------------------
Tue Jan 9 13:48:07 CET 2007 - mt@suse.de

77
dhcp.spec
View File

@ -13,12 +13,16 @@
Name: dhcp
%define omc_prefix /usr/share/omc
%define omc_svcdir %{omc_prefix}/svcinfo.d
%define with_casa 0
%if %{?with_casa:%with_casa}
BuildRequires: CASA-devel
%endif
BuildRequires: openldap2-devel
License: BSD License and BSD-like
Group: Productivity/Networking/Boot/Servers
Autoreqprov: on
Version: 3.0.5
Release: 12
Release: 17
Summary: Common Files Used by ISC DHCP Software
URL: http://www.isc.org/isc/dhcp.html
Source0: http://ftp.isc.org/isc/dhcp/dhcp-%{version}.tar.gz
@ -58,13 +62,20 @@ Patch40: dhcp-3.0rc10.filedes.dif
Patch41: makefile.diff
Patch51: dhcp-3.0.5-tmpfile.dif
Patch52: dhcp-3.0.3-man.dif
Patch53: dhcp-3.0.5-pool_eof.dif
## LDAP support for DHCP server
## patch lives here: http://home.ntelos.net/~masneyb/
%define DHCPD_LDAP 1
%if %DHCPD_LDAP
Patch60: dhcp-3.0.4-ldap-patch.gz
Patch61: dhcp-3.0.4-ldap-patch-nossl.dif
Patch62: dhcp-3.0.4-ldap-patch-strncat.diff
Patch60: dhcp-3.0.5-ldap-patch.gz
Patch61: dhcp-3.0.5-ldap-patch-strncat.dif
Patch62: dhcp-3.0.5-ldap-patch-casa-fix.dif
Patch63: dhcp-3.0.5-ldap-patch-dhcp-cn.dif
Patch64: dhcp-3.0.5-ldap-patch-schema.dif
Patch65: dhcp-3.0.5-ldap-patch-nomd5.dif
Patch66: dhcp-3.0.5-ldap-patch-referrals.dif
Patch67: dhcp-3.0.5-ldap-patch-ssl-opts.dif
Patch68: dhcp-3.0.5-ldap-patch-ldap_read.dif
%endif
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
Patch70: dhcp-3.0.3b1-pie.dif
@ -197,10 +208,17 @@ Authors:
%patch41
%patch51 -p1
%patch52 -p1
%patch53 -p0
%if %DHCPD_LDAP
%patch60 -p1
%patch61 -p1
%patch61 -p0
%patch62 -p0
%patch63 -p0
%patch64 -p0
%patch65 -p0
%patch66 -p0
%patch67 -p0
%patch68 -p0
%endif
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
%patch70
@ -221,7 +239,10 @@ tar xzf $RPM_SOURCE_DIR/examples.tar.gz
%build
export CFLAGS
CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused -DEXTENDED_NEW_OPTION_INFO -DLDAP_DEPRECATED -DPARANOIA"
CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused -DEXTENDED_NEW_OPTION_INFO -DLDAP_DEPRECATED -DUSE_SSL -DPARANOIA"
%if %{?with_casa:%with_casa}
CFLAGS="$CFLAGS -DLDAP_CASA_AUTH"
%endif
%ifarch ia64 sparc64 alpha s390x ppc64 x86_64
CFLAGS="$CFLAGS -DPTRSIZE_64BIT"
%endif
@ -501,7 +522,49 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%doc %{_mandir}/man3/omapi.3.gz
%doc %{_mandir}/man3/dhcpctl.3.gz
%changelog -n dhcp
%changelog
* Tue Feb 20 2007 - mt@suse.de
- Bug #162186: Added check for EOF in parse_pool_statement to
avoid endless recursion loop between parse_pool_statement
and parse_statement when a closing right brace "}" is missed
at the end of a pool declaration in /etc/dhcpd.conf.
New patch file: dhcp-3.0.5-pool_eof.dif
- Fixed ldap_read_function to avoid returning of empty strings
causing parsing errors in ldap-dynamic mode.
New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif
* Thu Jan 25 2007 - mt@suse.de
- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes:
* unbind from the LDAP server after the config file has been ran
if the server is being ran in static mode
* fixed ldap_read_function bug where the entire configuration
was not being processed
and extensions / enhancements:
* added functions for reading config values from the config
file to clean up the ldap_start() function.
* new ldap-server-cn option that will be used to locate the
data in ldap; defaults to the hostname as before (FATE #227).
* while host is added in the ldap-method dynamic mode, try to
find if it belongs to a group and apply the group options too.
* modifies the dhcpHWAddress attribute to case-insensitive, adds
several new objectclasses, e.g. dhcpLocator, dhcpTsigKey,
dhcpDnsZone,dhcpFailOver to the dhcp.schema.
* implements support for dhcpTsigKey, dhcpDnsZone and related.
* implements auth password query via casa.
- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by
ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif
- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server
with md5 functions from openssl library instead of own copy.
- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support
- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf
ldap-server-cn option to more clear ldap-dhcp-server-cn.
- dhcp-3.0.5-ldap-patch-schema.dif
- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support
for LDAP referrals, introducing new "ldap-referrals <on|off>"
option in dhcpd.conf.
- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing
TLS/LDAPS support. Adds new "ldap-ssl <on|off|ldaps|start_tls>"
and several "ldap-tls-*" options for dhcpd.conf. By default, the
server trys to use TLS if possible, but continues without if not.
* Tue Jan 09 2007 - mt@suse.de
- Added installation of dhcpd.xml, dhcpd service description
for omc xml-service-provider, fate #301710.

3
rc.dhcpd
View File

@ -162,7 +162,8 @@ case "$1" in
for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do
test -d $CHROOT_PREFIX/${i%/*} || mkdir -p $CHROOT_PREFIX/${i%/*}
done
for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES /etc/{resolv.conf,host.conf,hosts,localtime}; do
rm -f $CHROOT_PREFIX/dev/urandom
for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES /etc/{resolv.conf,host.conf,hosts,localtime} /dev/urandom; do
if ! test -e $i; then continue; fi # neither of them is absolutely necessary
cp -aL $i $CHROOT_PREFIX/$i &>/dev/null \
|| { echo "...$0:$LINENO: could not copy $i to chroot jail"; rc_failed; rc_status -v1; exit 6; }