This commit is contained in:
parent
cfcbc0cde3
commit
e6256e3a47
@ -1,32 +0,0 @@
|
||||
diff -u dhcp-3.0.4-ldap/dst/Makefile.dist dhcp-3.0.4-ldap/dst/Makefile.dist
|
||||
--- dhcp-3.0.4-ldap/dst/Makefile.dist 2006-05-08 08:30:33.000000000 -0400
|
||||
+++ dhcp-3.0.4-ldap/dst/Makefile.dist 2006-05-08 08:30:33.000000000 -0400
|
||||
@@ -21,8 +21,8 @@
|
||||
# <info@isc.org>
|
||||
# http://www.isc.org/
|
||||
|
||||
-SRC = dst_support.c dst_api.c hmac_link.c base64.c prandom.c
|
||||
-OBJ = dst_support.o dst_api.o hmac_link.o base64.o prandom.o
|
||||
+SRC = dst_support.c dst_api.c hmac_link.c md5_dgst.c base64.c prandom.c
|
||||
+OBJ = dst_support.o dst_api.o hmac_link.o md5_dgst.o base64.o prandom.o
|
||||
HDRS = dst_internal.h md5.h md5_locl.h
|
||||
|
||||
INCLUDES = $(BINDINC) -I$(TOP)/includes
|
||||
diff -u dhcp-3.0.4-ldap/site.conf dhcp-3.0.4-ldap/site.conf
|
||||
--- dhcp-3.0.4-ldap/site.conf 2006-05-08 08:30:33.000000000 -0400
|
||||
+++ dhcp-3.0.4-ldap/site.conf 2006-05-08 08:30:33.000000000 -0400
|
||||
@@ -4 +4,2 @@
|
||||
-LIBS=-lssl -lcrypto -lldap -llber
|
||||
+#LIBS=-lssl -lcrypto -lldap -llber
|
||||
+#LIBS=-lldap -llber
|
||||
--- dhcp-3.0.4/configure 2004-09-10 17:02:30.000000000 -0400
|
||||
+++ dhcp-3.0.4-ldap/configure 2005-07-25 08:14:44.000000000 -0400
|
||||
@@ -269,4 +269,8 @@
|
||||
make links
|
||||
fi
|
||||
|
||||
+mv $workname/server/Makefile $workname/server/Makefile.noldap
|
||||
+cat $workname/server/Makefile.noldap | sed 's/^LIBS =/LIBS=-lldap -llber/' > $workname/server/Makefile.ldap
|
||||
+ln $workname/server/Makefile.ldap $workname/server/Makefile
|
||||
+
|
||||
exit 0
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a05f121b66797a8e97a7695acf7c6f05b5e25b310a7d43d784915529de95f815
|
||||
size 62497
|
53
dhcp-3.0.5-ldap-patch-casa-fix.dif
Normal file
53
dhcp-3.0.5-ldap-patch-casa-fix.dif
Normal file
@ -0,0 +1,53 @@
|
||||
--- server/ldap.c
|
||||
+++ server/ldap.c 2007/01/24 12:43:12
|
||||
@@ -462,7 +462,7 @@
|
||||
{
|
||||
ret = dmalloc (db.len + 1, MDL);
|
||||
if (ret == NULL)
|
||||
- log_fatal ("no memory for ldap username");
|
||||
+ log_fatal ("no memory for ldap option %d value", option_name);
|
||||
|
||||
memcpy (ret, db.data, db.len);
|
||||
ret[db.len] = 0;
|
||||
@@ -562,7 +562,7 @@
|
||||
SV_LDAP_DEBUG_FILE);
|
||||
|
||||
#if defined (LDAP_CASA_AUTH)
|
||||
- if (!load_uname_pwd_from_miCASA(ldap_username,ldap_password))
|
||||
+ if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
|
||||
{
|
||||
#if defined (DEBUG_LDAP)
|
||||
log_info ("Authentication credential taken from file");
|
||||
--- server/ldap_casa.c
|
||||
+++ server/ldap_casa.c 2007/01/24 12:43:12
|
||||
@@ -81,9 +81,9 @@
|
||||
load_uname_pwd_from_miCASA (char **ldap_username, char **ldap_password)
|
||||
{
|
||||
int result = 0;
|
||||
- int32_t credentialtype = SSCS_CRED_TYPE_SERVER_F;
|
||||
- SSCS_BASIC_CREDENTIAL credential = {0};
|
||||
- SSCS_SECRET_ID_T applicationSecretId = {0};
|
||||
+ uint32_t credentialtype = SSCS_CRED_TYPE_SERVER_F;
|
||||
+ SSCS_BASIC_CREDENTIAL credential;
|
||||
+ SSCS_SECRET_ID_T applicationSecretId;
|
||||
char *tempVar = NULL;
|
||||
|
||||
const char applicationName[10] = "dhcp-ldap";
|
||||
@@ -105,15 +105,15 @@
|
||||
if(credential.unLen)
|
||||
{
|
||||
tempVar = dmalloc (credential.unLen + 1, MDL);
|
||||
- memcpy(tempVar , credential.username, credential.unLen);
|
||||
if (!tempVar)
|
||||
log_fatal ("no memory for ldap_username");
|
||||
+ memcpy(tempVar , credential.username, credential.unLen);
|
||||
*ldap_username = tempVar;
|
||||
|
||||
tempVar = dmalloc (credential.pwordLen + 1, MDL);
|
||||
- memcpy(tempVar, credential.password, credential.pwordLen);
|
||||
if (!tempVar)
|
||||
log_fatal ("no memory for ldap_password");
|
||||
+ memcpy(tempVar, credential.password, credential.pwordLen);
|
||||
*ldap_password = tempVar;
|
||||
|
||||
#if defined (DEBUG_LDAP)
|
66
dhcp-3.0.5-ldap-patch-dhcp-cn.dif
Normal file
66
dhcp-3.0.5-ldap-patch-dhcp-cn.dif
Normal file
@ -0,0 +1,66 @@
|
||||
--- includes/dhcpd.h
|
||||
+++ includes/dhcpd.h 2007/01/24 12:44:24
|
||||
@@ -461,7 +461,7 @@
|
||||
# define SV_LDAP_BASE_DN 51
|
||||
# define SV_LDAP_METHOD 52
|
||||
# define SV_LDAP_DEBUG_FILE 53
|
||||
-# define SV_LDAP_SERVER_CN 54
|
||||
+# define SV_LDAP_DHCP_SERVER_CN 54
|
||||
#endif
|
||||
|
||||
#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
|
||||
--- server/ldap.c
|
||||
+++ server/ldap.c 2007/01/24 12:44:24
|
||||
@@ -51,7 +51,7 @@
|
||||
*ldap_username = NULL,
|
||||
*ldap_password = NULL,
|
||||
*ldap_base_dn = NULL,
|
||||
- *ldap_server_cn = NULL,
|
||||
+ *ldap_dhcp_server_cn = NULL,
|
||||
*ldap_debug_file = NULL;
|
||||
static int ldap_port = LDAP_PORT,
|
||||
ldap_method = LDAP_METHOD_DYNAMIC,
|
||||
@@ -553,8 +553,8 @@
|
||||
options, &global_scope, root_group, (struct group *) NULL);
|
||||
|
||||
ldap_server = _do_lookup_dhcp_string_option (options, SV_LDAP_SERVER);
|
||||
- ldap_server_cn = _do_lookup_dhcp_string_option (options,
|
||||
- SV_LDAP_SERVER_CN);
|
||||
+ ldap_dhcp_server_cn = _do_lookup_dhcp_string_option (options,
|
||||
+ SV_LDAP_DHCP_SERVER_CN);
|
||||
ldap_port = _do_lookup_dhcp_int_option (options, SV_LDAP_PORT);
|
||||
ldap_base_dn = _do_lookup_dhcp_string_option (options, SV_LDAP_BASE_DN);
|
||||
ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD);
|
||||
@@ -1123,10 +1123,10 @@
|
||||
return (res);
|
||||
|
||||
uname (&unme);
|
||||
- if (ldap_server_cn != NULL)
|
||||
+ if (ldap_dhcp_server_cn != NULL)
|
||||
{
|
||||
snprintf (hfilter, sizeof (hfilter),
|
||||
- "(&(objectClass=dhcpServer)(cn=%s))", ldap_server_cn);
|
||||
+ "(&(objectClass=dhcpServer)(cn=%s))", ldap_dhcp_server_cn);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -1148,7 +1148,7 @@
|
||||
hfilter, NULL, 0, &hostres)) != LDAP_SUCCESS)
|
||||
{
|
||||
log_error ("Cannot find host LDAP entry %s %s",
|
||||
- ((ldap_server_cn == NULL)?(unme.nodename):(ldap_server_cn)), hfilter);
|
||||
+ ((ldap_dhcp_server_cn == NULL)?(unme.nodename):(ldap_dhcp_server_cn)), hfilter);
|
||||
if(NULL != hostres)
|
||||
ldap_msgfree (hostres);
|
||||
ldap_stop();
|
||||
--- server/stables.c
|
||||
+++ server/stables.c 2007/01/24 12:44:24
|
||||
@@ -491,7 +491,7 @@
|
||||
{ "ldap-base-dn", "t", &server_universe, 51 },
|
||||
{ "ldap-method", "Nldap-methods.", &server_universe, 52 },
|
||||
{ "ldap-debug-file", "t", &server_universe, 53 },
|
||||
- { "ldap-server-cn", "t", &server_universe, 54 },
|
||||
+ { "ldap-dhcp-server-cn", "t", &server_universe, 54 },
|
||||
#else
|
||||
{ "unknown-47", "X", &server_universe, 47 },
|
||||
{ "unknown-48", "X", &server_universe, 48 },
|
29
dhcp-3.0.5-ldap-patch-ldap_read.dif
Normal file
29
dhcp-3.0.5-ldap-patch-ldap_read.dif
Normal file
@ -0,0 +1,29 @@
|
||||
--- server/ldap.c
|
||||
+++ server/ldap.c 2007/02/20 09:38:15
|
||||
@@ -1249,12 +1249,13 @@
|
||||
cfile->inbuf[0] = '\0';
|
||||
cfile->buflen = 0;
|
||||
|
||||
+ while (ldap_stack != NULL && *cfile->inbuf == '\0')
|
||||
+ ldap_generate_config_string (cfile);
|
||||
+
|
||||
if (ldap_stack == NULL && *cfile->inbuf == '\0')
|
||||
return (EOF);
|
||||
|
||||
- if (ldap_stack != NULL && *cfile->inbuf == '\0')
|
||||
- ldap_generate_config_string (cfile);
|
||||
-
|
||||
+ cfile->bufix = 1;
|
||||
cfile->buflen = strlen (cfile->inbuf);
|
||||
if (cfile->buflen > 0)
|
||||
ldap_write_debug (cfile->inbuf, cfile->buflen);
|
||||
@@ -1263,9 +1264,6 @@
|
||||
log_info ("Sending config line '%s'", cfile->inbuf);
|
||||
#endif
|
||||
|
||||
- cfile->buflen = strlen (cfile->inbuf);
|
||||
- cfile->bufix = 1;
|
||||
-
|
||||
return (cfile->inbuf[0]);
|
||||
}
|
||||
|
57
dhcp-3.0.5-ldap-patch-nomd5.dif
Normal file
57
dhcp-3.0.5-ldap-patch-nomd5.dif
Normal file
@ -0,0 +1,57 @@
|
||||
--- dst/Makefile.dist
|
||||
+++ dst/Makefile.dist 2007/01/24 13:20:43
|
||||
@@ -21,14 +21,15 @@
|
||||
# <info@isc.org>
|
||||
# http://www.isc.org/
|
||||
|
||||
-SRC = dst_support.c dst_api.c hmac_link.c base64.c prandom.c
|
||||
-OBJ = dst_support.o dst_api.o hmac_link.o base64.o prandom.o
|
||||
+SRC = dst_support.c dst_api.c hmac_link.c md5_dgst.c base64.c prandom.c
|
||||
+OBJ = dst_support.o dst_api.o hmac_link.o md5_dgst.o base64.o prandom.o
|
||||
+OBJ_NM5= dst_support.o dst_api.o hmac_link.o base64.o prandom.o
|
||||
HDRS = dst_internal.h md5.h md5_locl.h
|
||||
|
||||
INCLUDES = $(BINDINC) -I$(TOP)/includes
|
||||
CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS) -DHMAC_MD5 -DMINIRES_LIB
|
||||
|
||||
-all: libdst.a
|
||||
+all: libdst.a libdst-nomd5.a
|
||||
|
||||
install:
|
||||
|
||||
@@ -37,11 +38,16 @@
|
||||
ar cruv libdst.a $(OBJ)
|
||||
$(RANLIB) libdst.a
|
||||
|
||||
+libdst-nomd5.a: $(OBJ_NM5)
|
||||
+ rm -f libdst-nomd5.a
|
||||
+ ar cruv libdst-nomd5.a $(OBJ_NM5)
|
||||
+ $(RANLIB) libdst-nomd5.a
|
||||
+
|
||||
depend:
|
||||
$(MKDEP) $(INCLUDES) $(PREDEFINES) $(SRC)
|
||||
|
||||
clean:
|
||||
- -rm -f $(OBJ) libdst.a
|
||||
+ -rm -f $(OBJ) libdst.a libdst-nomd5.a
|
||||
|
||||
realclean: clean
|
||||
-rm -f *~ $(CATMANPAGES) $(SEDMANPAGES)
|
||||
--- server/Makefile.dist
|
||||
+++ server/Makefile.dist 2007/01/24 13:15:15
|
||||
@@ -32,7 +32,7 @@
|
||||
MAN = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
|
||||
|
||||
INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes
|
||||
-DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst.a
|
||||
+DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst-nomd5.a -lssl -lcrypto -lldap -llber
|
||||
CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS)
|
||||
|
||||
all: $(PROG) $(CATMANPAGES)
|
||||
--- site.conf
|
||||
+++ site.conf 2007/01/24 13:18:36
|
||||
@@ -1,4 +1,3 @@
|
||||
# Put local site configuration stuff here to override the default
|
||||
# settings in Makefile.conf
|
||||
#COPTS = -DDEBUG_LDAP -DLDAP_CASA_AUTH -DDEBUG_CLASS_MATCHING -Wall -O -Wno-unused
|
||||
-LIBS=-lssl -lcrypto -lldap -llber
|
107
dhcp-3.0.5-ldap-patch-referrals.dif
Normal file
107
dhcp-3.0.5-ldap-patch-referrals.dif
Normal file
@ -0,0 +1,107 @@
|
||||
--- includes/dhcpd.h
|
||||
+++ includes/dhcpd.h 2007/01/24 13:50:54
|
||||
@@ -462,6 +462,7 @@
|
||||
# define SV_LDAP_METHOD 52
|
||||
# define SV_LDAP_DEBUG_FILE 53
|
||||
# define SV_LDAP_DHCP_SERVER_CN 54
|
||||
+# define SV_LDAP_REFERRALS 55
|
||||
#endif
|
||||
|
||||
#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
|
||||
--- server/ldap.c
|
||||
+++ server/ldap.c 2007/01/24 14:25:16
|
||||
@@ -55,6 +55,7 @@
|
||||
*ldap_debug_file = NULL;
|
||||
static int ldap_port = LDAP_PORT,
|
||||
ldap_method = LDAP_METHOD_DYNAMIC,
|
||||
+ ldap_referrals = -1,
|
||||
ldap_debug_fd = -1;
|
||||
static struct ldap_config_stack *ldap_stack = NULL;
|
||||
|
||||
@@ -532,6 +533,34 @@
|
||||
return (ret);
|
||||
}
|
||||
|
||||
+int
|
||||
+ldap_rebind_cb (LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *parms)
|
||||
+{
|
||||
+ int ret;
|
||||
+ LDAPURLDesc *ldapurl = NULL;
|
||||
+ char *who = NULL, *pwd = NULL;
|
||||
+
|
||||
+ log_info("LDAP rebind to '%s'", url);
|
||||
+ if ((ret = ldap_url_parse(url, &ldapurl)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Error: Can not parse ldap rebind url '%s': %s",
|
||||
+ url, ldap_err2string(ret));
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+ if (ldap_username != NULL || *ldap_username != '\0')
|
||||
+ {
|
||||
+ who = ldap_username;
|
||||
+ pwd = ldap_password;
|
||||
+ }
|
||||
+
|
||||
+ if ((ret = ldap_simple_bind_s (ld, who, pwd)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Error: Cannot login into ldap server %s:%d: %s",
|
||||
+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
|
||||
static void
|
||||
ldap_start (void)
|
||||
@@ -560,6 +589,7 @@
|
||||
ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD);
|
||||
ldap_debug_file = _do_lookup_dhcp_string_option (options,
|
||||
SV_LDAP_DEBUG_FILE);
|
||||
+ ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS);
|
||||
|
||||
#if defined (LDAP_CASA_AUTH)
|
||||
if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
|
||||
@@ -611,6 +641,23 @@
|
||||
ldap_err2string (ret));
|
||||
}
|
||||
|
||||
+ if (ldap_referrals != -1)
|
||||
+ {
|
||||
+ if ((ret = ldap_set_option (ld, LDAP_OPT_REFERRALS, ldap_referrals ?
|
||||
+ LDAP_OPT_ON : LDAP_OPT_OFF)) != LDAP_OPT_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Cannot %s LDAP referrals option: %s",
|
||||
+ (ldap_referrals ? "enable" : "disable"),
|
||||
+ ldap_err2string (ret));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if ((ret = ldap_set_rebind_proc(ld, ldap_rebind_cb, NULL)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Warning: Cannot set ldap rebind procedure: %s",
|
||||
+ ldap_err2string (ret));
|
||||
+ }
|
||||
+
|
||||
#if defined (USE_SSL)
|
||||
if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
|
||||
log_error ("Warning: Cannot start TLS session to %s: %s",
|
||||
--- server/stables.c
|
||||
+++ server/stables.c 2007/01/24 13:52:54
|
||||
@@ -492,6 +492,7 @@
|
||||
{ "ldap-method", "Nldap-methods.", &server_universe, 52 },
|
||||
{ "ldap-debug-file", "t", &server_universe, 53 },
|
||||
{ "ldap-dhcp-server-cn", "t", &server_universe, 54 },
|
||||
+ { "ldap-referrals", "f", &server_universe, 55 },
|
||||
#else
|
||||
{ "unknown-47", "X", &server_universe, 47 },
|
||||
{ "unknown-48", "X", &server_universe, 48 },
|
||||
@@ -501,8 +502,8 @@
|
||||
{ "unknown-52", "X", &server_universe, 52 },
|
||||
{ "unknown-53", "X", &server_universe, 53 },
|
||||
{ "unknown-54", "X", &server_universe, 54 },
|
||||
-#endif
|
||||
{ "unknown-55", "X", &server_universe, 55 },
|
||||
+#endif
|
||||
{ "unknown-56", "X", &server_universe, 56 },
|
||||
{ "unknown-57", "X", &server_universe, 57 },
|
||||
{ "unknown-58", "X", &server_universe, 58 },
|
113
dhcp-3.0.5-ldap-patch-schema.dif
Normal file
113
dhcp-3.0.5-ldap-patch-schema.dif
Normal file
@ -0,0 +1,113 @@
|
||||
--- contrib/dhcp.schema
|
||||
+++ contrib/dhcp.schema 2007/01/24 12:45:49
|
||||
@@ -268,73 +268,67 @@
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
|
||||
|
||||
attributetype ( 2.16.840.1.113719.1.203.4.46
|
||||
- NAME 'dhcpFailOverRole'
|
||||
+ NAME 'dhcpFailOverPrimaryServer'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
- DESC 'Role of the DHCP Server. Either primary or secondary'
|
||||
+ DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( 2.16.840.1.113719.1.203.4.47
|
||||
- NAME 'dhcpFailOverReceiveAddress'
|
||||
+ NAME 'dhcpFailOverSecondaryServer'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
- DESC 'IP address or DNS name on which the server should listen for connections from its fail over peer'
|
||||
+ DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
-attributetype ( 2.16.840.1.113719.1.203.4.48
|
||||
- NAME 'dhcpFailOverPeerAddress'
|
||||
- EQUALITY caseIgnoreIA5Match
|
||||
- DESC 'IP address or DNS name to which the server should connect to reach its fail over peer'
|
||||
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
-
|
||||
-attributetype ( 2.16.840.1.113719.1.203.4.49
|
||||
- NAME 'dhcpFailOverPeerPort'
|
||||
+attributetype ( 2.16.840.1.113719.1.203.4.48
|
||||
+ NAME 'dhcpFailOverPrimaryPort'
|
||||
EQUALITY integerMatch
|
||||
- DESC 'Port to which server should connect to reach its fail over peer'
|
||||
+ DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
|
||||
-attributetype ( 2.16.840.1.113719.1.203.4.50
|
||||
- NAME 'dhcpFailOverReceivePort'
|
||||
+attributetype ( 2.16.840.1.113719.1.203.4.49
|
||||
+ NAME 'dhcpFailOverSecondaryPort'
|
||||
EQUALITY integerMatch
|
||||
- DESC 'Port on which server should listen for connections from its fail over peer'
|
||||
+ DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
|
||||
-attributetype ( 2.16.840.1.113719.1.203.4.51
|
||||
+attributetype ( 2.16.840.1.113719.1.203.4.50
|
||||
NAME 'dhcpFailOverResponseDelay'
|
||||
EQUALITY integerMatch
|
||||
DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
|
||||
-attributetype ( 2.16.840.1.113719.1.203.4.52
|
||||
- NAME 'dhcpFailOverUnpackedUpdates'
|
||||
+attributetype ( 2.16.840.1.113719.1.203.4.51
|
||||
+ NAME 'dhcpFailOverUnackedUpdates'
|
||||
EQUALITY integerMatch
|
||||
DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
|
||||
-attributetype ( 2.16.840.1.113719.1.203.4.53
|
||||
+attributetype ( 2.16.840.1.113719.1.203.4.52
|
||||
NAME 'dhcpFailOverSplit'
|
||||
EQUALITY integerMatch
|
||||
DESC 'Split between the primary and secondary servers for fail over purpose'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
|
||||
-attributetype ( 2.16.840.1.113719.1.203.4.54
|
||||
+attributetype ( 2.16.840.1.113719.1.203.4.53
|
||||
NAME 'dhcpFailOverLoadBalanceTime'
|
||||
EQUALITY integerMatch
|
||||
DESC 'Cutoff time in seconds, after which load balance is disabled'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
|
||||
-attributetype ( 2.16.840.1.113719.1.203.4.55
|
||||
+attributetype ( 2.16.840.1.113719.1.203.4.54
|
||||
NAME 'dhcpFailOverPeerDN'
|
||||
EQUALITY distinguishedNameMatch
|
||||
DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
||||
|
||||
#List of all servers in the tree
|
||||
-attributetype ( 2.16.840.1.113719.1.203.4.56
|
||||
+attributetype ( 2.16.840.1.113719.1.203.4.55
|
||||
NAME 'dhcpServerDN'
|
||||
EQUALITY distinguishedNameMatch
|
||||
DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
||||
|
||||
-attributetype ( 2.16.840.1.113719.1.203.4.57
|
||||
+attributetype ( 2.16.840.1.113719.1.203.4.56
|
||||
NAME 'dhcpComments'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
DESC 'Generic attribute that allows coments within any DHCP object'
|
||||
@@ -415,7 +409,7 @@
|
||||
DESC 'This class represents an IP Address, which may or may not have been leased.'
|
||||
SUP top
|
||||
MUST ( cn $ dhcpAddressState )
|
||||
- MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpOption )
|
||||
+ MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress )
|
||||
X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
|
||||
|
||||
objectclass ( 2.16.840.1.113719.1.203.6.11
|
||||
@@ -454,7 +448,8 @@
|
||||
NAME 'dhcpFailOverPeer'
|
||||
DESC 'This class defines the Fail over peer'
|
||||
SUP top
|
||||
- MUST ( cn $ dhcpFailOverRole $ dhcpFailOverReceiveAddress $ dhcpFailOverPeerAddress $ dhcpFailoverReceivePort $ dhcpFailOverPeerPort ) MAY ( dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
|
||||
+ MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments )
|
||||
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
|
||||
|
||||
objectclass ( 2.16.840.1.113719.1.203.6.16
|
||||
NAME 'dhcpLocator'
|
433
dhcp-3.0.5-ldap-patch-ssl-opts.dif
Normal file
433
dhcp-3.0.5-ldap-patch-ssl-opts.dif
Normal file
@ -0,0 +1,433 @@
|
||||
--- includes/dhcpd.h
|
||||
+++ includes/dhcpd.h 2007/01/24 14:28:48
|
||||
@@ -255,6 +255,12 @@
|
||||
# define LDAP_BUFFER_SIZE 8192
|
||||
# define LDAP_METHOD_STATIC 0
|
||||
# define LDAP_METHOD_DYNAMIC 1
|
||||
+#if defined (USE_SSL)
|
||||
+# define LDAP_SSL_OFF 0
|
||||
+# define LDAP_SSL_ON 1
|
||||
+# define LDAP_SSL_TLS 2
|
||||
+# define LDAP_SSL_LDAPS 3
|
||||
+#endif
|
||||
|
||||
/* This is a tree of the current configuration we are building from LDAP */
|
||||
|
||||
@@ -463,6 +469,17 @@
|
||||
# define SV_LDAP_DEBUG_FILE 53
|
||||
# define SV_LDAP_DHCP_SERVER_CN 54
|
||||
# define SV_LDAP_REFERRALS 55
|
||||
+#if defined (USE_SSL)
|
||||
+# define SV_LDAP_SSL 56
|
||||
+# define SV_LDAP_TLS_REQCERT 57
|
||||
+# define SV_LDAP_TLS_CA_FILE 58
|
||||
+# define SV_LDAP_TLS_CA_DIR 59
|
||||
+# define SV_LDAP_TLS_CERT 60
|
||||
+# define SV_LDAP_TLS_KEY 61
|
||||
+# define SV_LDAP_TLS_CRLCHECK 62
|
||||
+# define SV_LDAP_TLS_CIPHERS 63
|
||||
+# define SV_LDAP_TLS_RANDFILE 64
|
||||
+#endif
|
||||
#endif
|
||||
|
||||
#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
|
||||
@@ -2682,6 +2699,11 @@
|
||||
/* ldap.c */
|
||||
#if defined(LDAP_CONFIGURATION)
|
||||
extern struct enumeration ldap_methods;
|
||||
+#if defined (USE_SSL)
|
||||
+extern struct enumeration ldap_ssl_usage_enum;
|
||||
+extern struct enumeration ldap_tls_reqcert_enum;
|
||||
+extern struct enumeration ldap_tls_crlcheck_enum;
|
||||
+#endif
|
||||
isc_result_t ldap_read_config (void);
|
||||
int find_haddr_in_ldap (struct host_decl **, int, unsigned,
|
||||
const unsigned char *, const char *, int);
|
||||
--- README.ldap
|
||||
+++ README.ldap 2007/01/24 17:50:13
|
||||
@@ -43,6 +43,7 @@
|
||||
SSL, you will need to perform the following steps:
|
||||
|
||||
* Edit the includes/site.h file and uncomment the USE_SSL line
|
||||
+ or specify "-DUSE_SSL" via CFLAGS.
|
||||
* Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o
|
||||
from the SRC= and OBJ= lines (around line 24)
|
||||
* Now run configure in the base source directory. If you chose to enable
|
||||
@@ -64,6 +65,23 @@
|
||||
ldap-method dynamic;
|
||||
ldap-debug-file "/var/log/dhcp-ldap-startup.log";
|
||||
|
||||
+If SSL has been enabled at compile time using the USE_SSL flag, the dhcp
|
||||
+server trys to use TLS if possible, but continues without TLS if not.
|
||||
+
|
||||
+You can modify this behaviour using following option in /etc/dhcpd.conf:
|
||||
+
|
||||
+ldap-ssl <off | ldaps | start_tls | on>
|
||||
+ off: disables TLS/LDAPS.
|
||||
+ ldaps: enables LDAPS -- don't forget to set ldap-port to 636.
|
||||
+ start_tls: enables TLS using START_TLS command
|
||||
+ on: enables LDAPS if ldap-port is set to 636 or TLS in
|
||||
+ other cases.
|
||||
+
|
||||
+See also "man 5 ldap.conf" for description the following TLS related
|
||||
+options:
|
||||
+ ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert
|
||||
+ ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile
|
||||
+
|
||||
All of these parameters should be self explanatory except for the ldap-method.
|
||||
You can set this to static or dynamic. If you set it to static, the
|
||||
configuration is read once on startup, and LDAP isn't used anymore. But, if you
|
||||
--- server/dhcpd.c
|
||||
+++ server/dhcpd.c 2007/01/24 14:28:48
|
||||
@@ -530,6 +530,11 @@
|
||||
add_enumeration (&syslog_enum);
|
||||
#if defined (LDAP_CONFIGURATION)
|
||||
add_enumeration (&ldap_methods);
|
||||
+#if defined (USE_SSL)
|
||||
+ add_enumeration (&ldap_ssl_usage_enum);
|
||||
+ add_enumeration (&ldap_tls_reqcert_enum);
|
||||
+ add_enumeration (&ldap_tls_crlcheck_enum);
|
||||
+#endif
|
||||
#endif
|
||||
|
||||
if (!group_allocate (&root_group, MDL))
|
||||
--- server/ldap.c
|
||||
+++ server/ldap.c 2007/01/24 14:41:26
|
||||
@@ -57,6 +57,17 @@
|
||||
ldap_method = LDAP_METHOD_DYNAMIC,
|
||||
ldap_referrals = -1,
|
||||
ldap_debug_fd = -1;
|
||||
+#if defined (USE_SSL)
|
||||
+static int ldap_use_ssl = -1, /* try TLS if possible */
|
||||
+ ldap_tls_reqcert = -1,
|
||||
+ ldap_tls_crlcheck = -1;
|
||||
+static char *ldap_tls_ca_file = NULL,
|
||||
+ *ldap_tls_ca_dir = NULL,
|
||||
+ *ldap_tls_cert = NULL,
|
||||
+ *ldap_tls_key = NULL,
|
||||
+ *ldap_tls_ciphers = NULL,
|
||||
+ *ldap_tls_randfile = NULL;
|
||||
+#endif
|
||||
static struct ldap_config_stack *ldap_stack = NULL;
|
||||
|
||||
typedef struct ldap_dn_node {
|
||||
@@ -548,6 +559,41 @@
|
||||
return ret;
|
||||
}
|
||||
|
||||
+
|
||||
+#if defined (USE_SSL)
|
||||
+ if (strcasecmp(ldapurl->lud_scheme, "ldaps") == 0)
|
||||
+ {
|
||||
+ int opt = LDAP_OPT_X_TLS_HARD;
|
||||
+ if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Error: Cannot init LDAPS session to %s:%d: %s",
|
||||
+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
|
||||
+ return ret;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ log_info ("LDAPS session successfully enabled to %s", ldap_server);
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ if (strcasecmp(ldapurl->lud_scheme, "ldap") == 0 &&
|
||||
+ ldap_use_ssl != LDAP_SSL_OFF)
|
||||
+ {
|
||||
+ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Error: Cannot start TLS session to %s:%d: %s",
|
||||
+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret));
|
||||
+ return ret;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ log_info ("TLS session successfully started to %s:%d",
|
||||
+ ldapurl->lud_host, ldapurl->lud_port);
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+
|
||||
if (ldap_username != NULL || *ldap_username != '\0')
|
||||
{
|
||||
who = ldap_username;
|
||||
@@ -591,6 +637,21 @@
|
||||
SV_LDAP_DEBUG_FILE);
|
||||
ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS);
|
||||
|
||||
+#if defined (USE_SSL)
|
||||
+ ldap_use_ssl = _do_lookup_dhcp_enum_option (options, SV_LDAP_SSL);
|
||||
+ if( ldap_use_ssl != LDAP_SSL_OFF)
|
||||
+ {
|
||||
+ ldap_tls_reqcert = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_REQCERT);
|
||||
+ ldap_tls_ca_file = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_FILE);
|
||||
+ ldap_tls_ca_dir = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_DIR);
|
||||
+ ldap_tls_cert = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CERT);
|
||||
+ ldap_tls_key = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_KEY);
|
||||
+ ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
|
||||
+ ldap_tls_ciphers = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CIPHERS);
|
||||
+ ldap_tls_randfile = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_RANDFILE);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
#if defined (LDAP_CASA_AUTH)
|
||||
if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password))
|
||||
{
|
||||
@@ -628,9 +689,105 @@
|
||||
log_info ("Connecting to LDAP server %s:%d", ldap_server, ldap_port);
|
||||
#endif
|
||||
|
||||
+#if defined (USE_SSL)
|
||||
+ if (ldap_use_ssl == -1)
|
||||
+ {
|
||||
+ /*
|
||||
+ ** There was no "ldap-ssl" option in dhcpd.conf (also not "off").
|
||||
+ ** Let's try, if we can use an anonymous TLS session without to
|
||||
+ ** verify the server certificate -- if not continue without TLS.
|
||||
+ */
|
||||
+ int opt = LDAP_OPT_X_TLS_ALLOW;
|
||||
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
|
||||
+ &opt)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Warning: Cannot set LDAP TLS require cert option to 'allow': %s",
|
||||
+ ldap_err2string (ret));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (ldap_use_ssl != LDAP_SSL_OFF)
|
||||
+ {
|
||||
+ if (ldap_tls_reqcert != -1)
|
||||
+ {
|
||||
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
|
||||
+ &ldap_tls_reqcert)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Cannot set LDAP TLS require cert option: %s",
|
||||
+ ldap_err2string (ret));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if( ldap_tls_ca_file != NULL)
|
||||
+ {
|
||||
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE,
|
||||
+ ldap_tls_ca_file)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Cannot set LDAP TLS CA certificate file %s: %s",
|
||||
+ ldap_tls_ca_file, ldap_err2string (ret));
|
||||
+ }
|
||||
+ }
|
||||
+ if( ldap_tls_ca_dir != NULL)
|
||||
+ {
|
||||
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR,
|
||||
+ ldap_tls_ca_dir)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Cannot set LDAP TLS CA certificate dir %s: %s",
|
||||
+ ldap_tls_ca_dir, ldap_err2string (ret));
|
||||
+ }
|
||||
+ }
|
||||
+ if( ldap_tls_cert != NULL)
|
||||
+ {
|
||||
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE,
|
||||
+ ldap_tls_cert)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Cannot set LDAP TLS client certificate file %s: %s",
|
||||
+ ldap_tls_cert, ldap_err2string (ret));
|
||||
+ }
|
||||
+ }
|
||||
+ if( ldap_tls_key != NULL)
|
||||
+ {
|
||||
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE,
|
||||
+ ldap_tls_key)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Cannot set LDAP TLS certificate key file %s: %s",
|
||||
+ ldap_tls_key, ldap_err2string (ret));
|
||||
+ }
|
||||
+ }
|
||||
+ if( ldap_tls_crlcheck != -1)
|
||||
+ {
|
||||
+ int opt = ldap_tls_crlcheck;
|
||||
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
|
||||
+ &opt)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Cannot set LDAP TLS crl check option: %s",
|
||||
+ ldap_err2string (ret));
|
||||
+ }
|
||||
+ }
|
||||
+ if( ldap_tls_ciphers != NULL)
|
||||
+ {
|
||||
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
|
||||
+ ldap_tls_ciphers)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Cannot set LDAP TLS cipher suite %s: %s",
|
||||
+ ldap_tls_ciphers, ldap_err2string (ret));
|
||||
+ }
|
||||
+ }
|
||||
+ if( ldap_tls_randfile != NULL)
|
||||
+ {
|
||||
+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE,
|
||||
+ ldap_tls_randfile)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Cannot set LDAP TLS random file %s: %s",
|
||||
+ ldap_tls_randfile, ldap_err2string (ret));
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if ((ld = ldap_init (ldap_server, ldap_port)) == NULL)
|
||||
{
|
||||
- log_error ("Cannot init ldap session to %s", ldap_server);
|
||||
+ log_error ("Cannot init ldap session to %s:%d", ldap_server, ldap_port);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -659,11 +816,38 @@
|
||||
}
|
||||
|
||||
#if defined (USE_SSL)
|
||||
- if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
|
||||
- log_error ("Warning: Cannot start TLS session to %s: %s",
|
||||
- ldap_server, ldap_err2string (ret));
|
||||
- else
|
||||
- log_info ("TLS session successfully started to %s", ldap_server);
|
||||
+ if (ldap_use_ssl == LDAP_SSL_LDAPS ||
|
||||
+ (ldap_use_ssl == LDAP_SSL_ON && ldap_port == LDAPS_PORT))
|
||||
+ {
|
||||
+ int opt = LDAP_OPT_X_TLS_HARD;
|
||||
+ if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Error: Cannot init LDAPS session to %s:%d: %s",
|
||||
+ ldap_server, ldap_port, ldap_err2string (ret));
|
||||
+ ldap_stop();
|
||||
+ return;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ log_info ("LDAPS session successfully enabled to %s:%d",
|
||||
+ ldap_server, ldap_port);
|
||||
+ }
|
||||
+ }
|
||||
+ else if (ldap_use_ssl != LDAP_SSL_OFF)
|
||||
+ {
|
||||
+ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS)
|
||||
+ {
|
||||
+ log_error ("Error: Cannot start TLS session to %s:%d: %s",
|
||||
+ ldap_server, ldap_port, ldap_err2string (ret));
|
||||
+ ldap_stop();
|
||||
+ return;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ log_info ("TLS session successfully started to %s:%d",
|
||||
+ ldap_server, ldap_port);
|
||||
+ }
|
||||
+ }
|
||||
#endif
|
||||
|
||||
if (ldap_username != NULL && *ldap_username != '\0')
|
||||
@@ -671,8 +855,8 @@
|
||||
if ((ret = ldap_simple_bind_s (ld, ldap_username,
|
||||
ldap_password)) != LDAP_SUCCESS)
|
||||
{
|
||||
- log_error ("Error: Cannot login into ldap server %s: %s", ldap_server,
|
||||
- ldap_err2string (ret));
|
||||
+ log_error ("Error: Cannot login into ldap server %s:%d: %s",
|
||||
+ ldap_server, ldap_port, ldap_err2string (ret));
|
||||
ldap_stop();
|
||||
return;
|
||||
}
|
||||
--- server/stables.c
|
||||
+++ server/stables.c 2007/01/24 14:28:48
|
||||
@@ -493,6 +493,27 @@
|
||||
{ "ldap-debug-file", "t", &server_universe, 53 },
|
||||
{ "ldap-dhcp-server-cn", "t", &server_universe, 54 },
|
||||
{ "ldap-referrals", "f", &server_universe, 55 },
|
||||
+#if defined(USE_SSL)
|
||||
+ { "ldap-ssl", "Nldap-ssl-usage.", &server_universe, 56 },
|
||||
+ { "ldap-tls-reqcert", "Nldap-tls-reqcert.", &server_universe, 57 },
|
||||
+ { "ldap-tls-ca-file", "t", &server_universe, 58 },
|
||||
+ { "ldap-tls-ca-dir", "t", &server_universe, 59 },
|
||||
+ { "ldap-tls-cert", "t", &server_universe, 60 },
|
||||
+ { "ldap-tls-key", "t", &server_universe, 61 },
|
||||
+ { "ldap-tls-crlcheck", "Nldap-tls-crlcheck.", &server_universe, 62 },
|
||||
+ { "ldap-tls-ciphers", "t", &server_universe, 63 },
|
||||
+ { "ldap-tls-randfile", "t", &server_universe, 64 },
|
||||
+#else
|
||||
+ { "unknown-56", "X", &server_universe, 56 },
|
||||
+ { "unknown-57", "X", &server_universe, 57 },
|
||||
+ { "unknown-58", "X", &server_universe, 58 },
|
||||
+ { "unknown-59", "X", &server_universe, 59 },
|
||||
+ { "unknown-60", "X", &server_universe, 60 },
|
||||
+ { "unknown-61", "X", &server_universe, 61 },
|
||||
+ { "unknown-62", "X", &server_universe, 62 },
|
||||
+ { "unknown-63", "X", &server_universe, 63 },
|
||||
+ { "unknown-64", "X", &server_universe, 64 },
|
||||
+#endif
|
||||
#else
|
||||
{ "unknown-47", "X", &server_universe, 47 },
|
||||
{ "unknown-48", "X", &server_universe, 48 },
|
||||
@@ -503,7 +524,6 @@
|
||||
{ "unknown-53", "X", &server_universe, 53 },
|
||||
{ "unknown-54", "X", &server_universe, 54 },
|
||||
{ "unknown-55", "X", &server_universe, 55 },
|
||||
-#endif
|
||||
{ "unknown-56", "X", &server_universe, 56 },
|
||||
{ "unknown-57", "X", &server_universe, 57 },
|
||||
{ "unknown-58", "X", &server_universe, 58 },
|
||||
@@ -513,6 +533,7 @@
|
||||
{ "unknown-62", "X", &server_universe, 62 },
|
||||
{ "unknown-63", "X", &server_universe, 63 },
|
||||
{ "unknown-64", "X", &server_universe, 64 },
|
||||
+#endif
|
||||
{ "unknown-65", "X", &server_universe, 65 },
|
||||
{ "unknown-66", "X", &server_universe, 66 },
|
||||
{ "unknown-67", "X", &server_universe, 67 },
|
||||
@@ -718,6 +739,47 @@
|
||||
"ldap-methods",
|
||||
ldap_values
|
||||
};
|
||||
+
|
||||
+#if defined(USE_SSL)
|
||||
+struct enumeration_value ldap_ssl_usage_values [] = {
|
||||
+ { "off", LDAP_SSL_OFF },
|
||||
+ { "on", LDAP_SSL_ON },
|
||||
+ { "ldaps", LDAP_SSL_LDAPS},
|
||||
+ { "start_tls", LDAP_SSL_TLS },
|
||||
+ { (char *) 0, 0 }
|
||||
+};
|
||||
+struct enumeration ldap_ssl_usage_enum = {
|
||||
+ (struct enumeration *)0,
|
||||
+ "ldap-ssl-usage",
|
||||
+ ldap_ssl_usage_values
|
||||
+};
|
||||
+
|
||||
+struct enumeration_value ldap_tls_reqcert_values [] = {
|
||||
+ { "never", LDAP_OPT_X_TLS_NEVER },
|
||||
+ { "hard", LDAP_OPT_X_TLS_HARD },
|
||||
+ { "demand", LDAP_OPT_X_TLS_DEMAND},
|
||||
+ { "allow", LDAP_OPT_X_TLS_ALLOW },
|
||||
+ { "try", LDAP_OPT_X_TLS_TRY },
|
||||
+ { (char *) 0, 0 }
|
||||
+};
|
||||
+struct enumeration ldap_tls_reqcert_enum = {
|
||||
+ (struct enumeration *)0,
|
||||
+ "ldap-tls-reqcert",
|
||||
+ ldap_tls_reqcert_values
|
||||
+};
|
||||
+
|
||||
+struct enumeration_value ldap_tls_crlcheck_values [] = {
|
||||
+ { "none", LDAP_OPT_X_TLS_CRL_NONE},
|
||||
+ { "peer", LDAP_OPT_X_TLS_CRL_PEER},
|
||||
+ { "all", LDAP_OPT_X_TLS_CRL_ALL },
|
||||
+ { (char *) 0, 0 }
|
||||
+};
|
||||
+struct enumeration ldap_tls_crlcheck_enum = {
|
||||
+ (struct enumeration *)0,
|
||||
+ "ldap-tls-crlcheck",
|
||||
+ ldap_tls_crlcheck_values
|
||||
+};
|
||||
+#endif
|
||||
#endif
|
||||
|
||||
struct enumeration_value ddns_styles_values [] = {
|
@ -1,20 +1,20 @@
|
||||
--- server/ldap.c
|
||||
+++ server/ldap.c 2006/08/28 16:12:55
|
||||
@@ -63,6 +63,13 @@ typedef struct ldap_dn_node {
|
||||
static ldap_dn_node *ldap_service_dn_head = NULL;
|
||||
+++ server/ldap.c 2007/01/24 12:40:58
|
||||
@@ -68,6 +68,13 @@
|
||||
static ldap_dn_node *ldap_service_dn_tail = NULL;
|
||||
|
||||
+
|
||||
|
||||
+static char *
|
||||
+x_strncat(char *dst, const char *src, size_t dst_size)
|
||||
+{
|
||||
+ size_t len = strlen(dst);
|
||||
+ return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0);
|
||||
+ size_t len = strlen(dst);
|
||||
+ return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0);
|
||||
+}
|
||||
|
||||
+
|
||||
static void
|
||||
ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile)
|
||||
@@ -78,9 +83,9 @@ ldap_parse_class (struct ldap_config_sta
|
||||
{
|
||||
@@ -82,9 +89,9 @@
|
||||
return;
|
||||
}
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
|
||||
item->close_brace = 1;
|
||||
ldap_value_free (tempstr);
|
||||
@@ -112,11 +117,11 @@ ldap_parse_subclass (struct ldap_config_
|
||||
@@ -116,11 +123,11 @@
|
||||
return;
|
||||
}
|
||||
|
||||
@ -44,7 +44,7 @@
|
||||
|
||||
item->close_brace = 1;
|
||||
ldap_value_free (tempstr);
|
||||
@@ -140,14 +145,14 @@ ldap_parse_host (struct ldap_config_stac
|
||||
@@ -144,14 +151,14 @@
|
||||
|
||||
hwaddr = ldap_get_values (ld, item->ldent, "dhcpHWAddress");
|
||||
|
||||
@ -64,7 +64,7 @@
|
||||
ldap_value_free (hwaddr);
|
||||
}
|
||||
|
||||
@@ -171,9 +176,9 @@ ldap_parse_shared_network (struct ldap_c
|
||||
@@ -174,9 +181,9 @@
|
||||
return;
|
||||
}
|
||||
|
||||
@ -77,7 +77,7 @@
|
||||
|
||||
item->close_brace = 1;
|
||||
ldap_value_free (tempstr);
|
||||
@@ -224,14 +229,14 @@ ldap_parse_subnet (struct ldap_config_st
|
||||
@@ -228,14 +235,14 @@
|
||||
return;
|
||||
}
|
||||
|
||||
@ -97,7 +97,7 @@
|
||||
|
||||
ldap_value_free (tempstr);
|
||||
ldap_value_free (netmaskstr);
|
||||
@@ -240,10 +245,10 @@ ldap_parse_subnet (struct ldap_config_st
|
||||
@@ -244,10 +251,10 @@
|
||||
{
|
||||
for (i=0; tempstr[i] != NULL; i++)
|
||||
{
|
||||
@ -112,7 +112,7 @@
|
||||
}
|
||||
ldap_value_free (tempstr);
|
||||
}
|
||||
@@ -258,17 +263,17 @@ ldap_parse_pool (struct ldap_config_stac
|
||||
@@ -262,17 +269,17 @@
|
||||
char **tempstr;
|
||||
int i;
|
||||
|
||||
@ -135,7 +135,7 @@
|
||||
ldap_value_free (tempstr);
|
||||
}
|
||||
|
||||
@@ -276,8 +281,8 @@ ldap_parse_pool (struct ldap_config_stac
|
||||
@@ -280,8 +287,8 @@
|
||||
{
|
||||
for (i=0; tempstr[i] != NULL; i++)
|
||||
{
|
||||
@ -146,7 +146,7 @@
|
||||
}
|
||||
ldap_value_free (tempstr);
|
||||
}
|
||||
@@ -289,7 +294,7 @@ ldap_parse_pool (struct ldap_config_stac
|
||||
@@ -293,7 +300,7 @@
|
||||
static void
|
||||
ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile)
|
||||
{
|
||||
@ -155,7 +155,80 @@
|
||||
item->close_brace = 1;
|
||||
}
|
||||
|
||||
@@ -625,7 +630,7 @@ next_ldap_entry (struct parse *cfile)
|
||||
@@ -305,25 +312,25 @@
|
||||
|
||||
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL)
|
||||
{
|
||||
- strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
|
||||
ldap_value_free (tempstr);
|
||||
}
|
||||
|
||||
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeyAlgorithm")) != NULL)
|
||||
{
|
||||
- strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
|
||||
ldap_value_free (tempstr);
|
||||
}
|
||||
|
||||
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpKeySecret")) != NULL)
|
||||
{
|
||||
- strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
|
||||
ldap_value_free (tempstr);
|
||||
}
|
||||
|
||||
@@ -341,18 +348,18 @@
|
||||
|
||||
if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL)
|
||||
{
|
||||
- strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
|
||||
ldap_value_free (tempstr);
|
||||
}
|
||||
|
||||
if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpDnsZoneServer")) != NULL)
|
||||
{
|
||||
- strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
|
||||
|
||||
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
|
||||
ldap_value_free (tempstr);
|
||||
}
|
||||
|
||||
@@ -380,9 +387,9 @@
|
||||
strncpy (keyCn, cnFindStart, len);
|
||||
keyCn[len] = '\0';
|
||||
|
||||
- strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE);
|
||||
- strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE);
|
||||
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
|
||||
|
||||
dfree (keyCn, MDL);
|
||||
}
|
||||
@@ -731,7 +738,7 @@
|
||||
|
||||
if (ldap_stack != NULL && ldap_stack->close_brace)
|
||||
{
|
||||
@ -164,7 +237,7 @@
|
||||
ldap_stack->close_brace = 0;
|
||||
}
|
||||
|
||||
@@ -635,7 +640,7 @@ next_ldap_entry (struct parse *cfile)
|
||||
@@ -741,7 +748,7 @@
|
||||
{
|
||||
if (ldap_stack->close_brace)
|
||||
{
|
||||
@ -173,7 +246,7 @@
|
||||
ldap_stack->close_brace = 0;
|
||||
}
|
||||
|
||||
@@ -646,7 +651,7 @@ next_ldap_entry (struct parse *cfile)
|
||||
@@ -752,7 +759,7 @@
|
||||
|
||||
if (ldap_stack != NULL && ldap_stack->close_brace)
|
||||
{
|
||||
@ -182,7 +255,7 @@
|
||||
ldap_stack->close_brace = 0;
|
||||
}
|
||||
}
|
||||
@@ -722,16 +727,16 @@ ldap_parse_entry_options (LDAPMessage *e
|
||||
@@ -828,16 +835,16 @@
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -202,7 +275,7 @@
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -742,15 +747,15 @@ ldap_parse_entry_options (LDAPMessage *e
|
||||
@@ -848,15 +855,15 @@
|
||||
{
|
||||
for (i=0; tempstr[i] != NULL; i++)
|
||||
{
|
3
dhcp-3.0.5-ldap-patch.gz
Normal file
3
dhcp-3.0.5-ldap-patch.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0bbc5c94d7d917f1dd2ae7daf7127ff75564faac21cfb1700f94f01772893197
|
||||
size 42290
|
15
dhcp-3.0.5-pool_eof.dif
Normal file
15
dhcp-3.0.5-pool_eof.dif
Normal file
@ -0,0 +1,15 @@
|
||||
--- server/confpars.c
|
||||
+++ server/confpars.c 2007/02/19 12:39:45
|
||||
@@ -1466,6 +1466,12 @@
|
||||
done = 1;
|
||||
break;
|
||||
|
||||
+ case END_OF_FILE:
|
||||
+ parse_warn (cfile, "unexpected end of file");
|
||||
+ pool_dereference (&pool, MDL);
|
||||
+ return;
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
declaration = parse_statement (cfile, pool -> group,
|
||||
POOL_DECL,
|
48
dhcp.changes
48
dhcp.changes
@ -1,3 +1,51 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 20 11:45:29 CET 2007 - mt@suse.de
|
||||
|
||||
- Bug #162186: Added check for EOF in parse_pool_statement to
|
||||
avoid endless recursion loop between parse_pool_statement
|
||||
and parse_statement when a closing right brace "}" is missed
|
||||
at the end of a pool declaration in /etc/dhcpd.conf.
|
||||
New patch file: dhcp-3.0.5-pool_eof.dif
|
||||
- Fixed ldap_read_function to avoid returning of empty strings
|
||||
causing parsing errors in ldap-dynamic mode.
|
||||
New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 25 11:15:57 CET 2007 - mt@suse.de
|
||||
|
||||
- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes:
|
||||
* unbind from the LDAP server after the config file has been ran
|
||||
if the server is being ran in static mode
|
||||
* fixed ldap_read_function bug where the entire configuration
|
||||
was not being processed
|
||||
and extensions / enhancements:
|
||||
* added functions for reading config values from the config
|
||||
file to clean up the ldap_start() function.
|
||||
* new ldap-server-cn option that will be used to locate the
|
||||
data in ldap; defaults to the hostname as before (FATE #227).
|
||||
* while host is added in the ldap-method dynamic mode, try to
|
||||
find if it belongs to a group and apply the group options too.
|
||||
* modifies the dhcpHWAddress attribute to case-insensitive, adds
|
||||
several new objectclasses, e.g. dhcpLocator, dhcpTsigKey,
|
||||
dhcpDnsZone,dhcpFailOver to the dhcp.schema.
|
||||
* implements support for dhcpTsigKey, dhcpDnsZone and related.
|
||||
* implements auth password query via casa.
|
||||
- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by
|
||||
ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif
|
||||
- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server
|
||||
with md5 functions from openssl library instead of own copy.
|
||||
- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support
|
||||
- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf
|
||||
ldap-server-cn option to more clear ldap-dhcp-server-cn.
|
||||
- dhcp-3.0.5-ldap-patch-schema.dif
|
||||
- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support
|
||||
for LDAP referrals, introducing new "ldap-referrals <on|off>"
|
||||
option in dhcpd.conf.
|
||||
- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing
|
||||
TLS/LDAPS support. Adds new "ldap-ssl <on|off|ldaps|start_tls>"
|
||||
and several "ldap-tls-*" options for dhcpd.conf. By default, the
|
||||
server trys to use TLS if possible, but continues without if not.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 9 13:48:07 CET 2007 - mt@suse.de
|
||||
|
||||
|
77
dhcp.spec
77
dhcp.spec
@ -13,12 +13,16 @@
|
||||
Name: dhcp
|
||||
%define omc_prefix /usr/share/omc
|
||||
%define omc_svcdir %{omc_prefix}/svcinfo.d
|
||||
%define with_casa 0
|
||||
%if %{?with_casa:%with_casa}
|
||||
BuildRequires: CASA-devel
|
||||
%endif
|
||||
BuildRequires: openldap2-devel
|
||||
License: BSD License and BSD-like
|
||||
Group: Productivity/Networking/Boot/Servers
|
||||
Autoreqprov: on
|
||||
Version: 3.0.5
|
||||
Release: 12
|
||||
Release: 17
|
||||
Summary: Common Files Used by ISC DHCP Software
|
||||
URL: http://www.isc.org/isc/dhcp.html
|
||||
Source0: http://ftp.isc.org/isc/dhcp/dhcp-%{version}.tar.gz
|
||||
@ -58,13 +62,20 @@ Patch40: dhcp-3.0rc10.filedes.dif
|
||||
Patch41: makefile.diff
|
||||
Patch51: dhcp-3.0.5-tmpfile.dif
|
||||
Patch52: dhcp-3.0.3-man.dif
|
||||
Patch53: dhcp-3.0.5-pool_eof.dif
|
||||
## LDAP support for DHCP server
|
||||
## patch lives here: http://home.ntelos.net/~masneyb/
|
||||
%define DHCPD_LDAP 1
|
||||
%if %DHCPD_LDAP
|
||||
Patch60: dhcp-3.0.4-ldap-patch.gz
|
||||
Patch61: dhcp-3.0.4-ldap-patch-nossl.dif
|
||||
Patch62: dhcp-3.0.4-ldap-patch-strncat.diff
|
||||
Patch60: dhcp-3.0.5-ldap-patch.gz
|
||||
Patch61: dhcp-3.0.5-ldap-patch-strncat.dif
|
||||
Patch62: dhcp-3.0.5-ldap-patch-casa-fix.dif
|
||||
Patch63: dhcp-3.0.5-ldap-patch-dhcp-cn.dif
|
||||
Patch64: dhcp-3.0.5-ldap-patch-schema.dif
|
||||
Patch65: dhcp-3.0.5-ldap-patch-nomd5.dif
|
||||
Patch66: dhcp-3.0.5-ldap-patch-referrals.dif
|
||||
Patch67: dhcp-3.0.5-ldap-patch-ssl-opts.dif
|
||||
Patch68: dhcp-3.0.5-ldap-patch-ldap_read.dif
|
||||
%endif
|
||||
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
|
||||
Patch70: dhcp-3.0.3b1-pie.dif
|
||||
@ -197,10 +208,17 @@ Authors:
|
||||
%patch41
|
||||
%patch51 -p1
|
||||
%patch52 -p1
|
||||
%patch53 -p0
|
||||
%if %DHCPD_LDAP
|
||||
%patch60 -p1
|
||||
%patch61 -p1
|
||||
%patch61 -p0
|
||||
%patch62 -p0
|
||||
%patch63 -p0
|
||||
%patch64 -p0
|
||||
%patch65 -p0
|
||||
%patch66 -p0
|
||||
%patch67 -p0
|
||||
%patch68 -p0
|
||||
%endif
|
||||
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
|
||||
%patch70
|
||||
@ -221,7 +239,10 @@ tar xzf $RPM_SOURCE_DIR/examples.tar.gz
|
||||
|
||||
%build
|
||||
export CFLAGS
|
||||
CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused -DEXTENDED_NEW_OPTION_INFO -DLDAP_DEPRECATED -DPARANOIA"
|
||||
CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused -DEXTENDED_NEW_OPTION_INFO -DLDAP_DEPRECATED -DUSE_SSL -DPARANOIA"
|
||||
%if %{?with_casa:%with_casa}
|
||||
CFLAGS="$CFLAGS -DLDAP_CASA_AUTH"
|
||||
%endif
|
||||
%ifarch ia64 sparc64 alpha s390x ppc64 x86_64
|
||||
CFLAGS="$CFLAGS -DPTRSIZE_64BIT"
|
||||
%endif
|
||||
@ -501,7 +522,49 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
|
||||
%doc %{_mandir}/man3/omapi.3.gz
|
||||
%doc %{_mandir}/man3/dhcpctl.3.gz
|
||||
|
||||
%changelog -n dhcp
|
||||
%changelog
|
||||
* Tue Feb 20 2007 - mt@suse.de
|
||||
- Bug #162186: Added check for EOF in parse_pool_statement to
|
||||
avoid endless recursion loop between parse_pool_statement
|
||||
and parse_statement when a closing right brace "}" is missed
|
||||
at the end of a pool declaration in /etc/dhcpd.conf.
|
||||
New patch file: dhcp-3.0.5-pool_eof.dif
|
||||
- Fixed ldap_read_function to avoid returning of empty strings
|
||||
causing parsing errors in ldap-dynamic mode.
|
||||
New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif
|
||||
* Thu Jan 25 2007 - mt@suse.de
|
||||
- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes:
|
||||
* unbind from the LDAP server after the config file has been ran
|
||||
if the server is being ran in static mode
|
||||
* fixed ldap_read_function bug where the entire configuration
|
||||
was not being processed
|
||||
and extensions / enhancements:
|
||||
* added functions for reading config values from the config
|
||||
file to clean up the ldap_start() function.
|
||||
* new ldap-server-cn option that will be used to locate the
|
||||
data in ldap; defaults to the hostname as before (FATE #227).
|
||||
* while host is added in the ldap-method dynamic mode, try to
|
||||
find if it belongs to a group and apply the group options too.
|
||||
* modifies the dhcpHWAddress attribute to case-insensitive, adds
|
||||
several new objectclasses, e.g. dhcpLocator, dhcpTsigKey,
|
||||
dhcpDnsZone,dhcpFailOver to the dhcp.schema.
|
||||
* implements support for dhcpTsigKey, dhcpDnsZone and related.
|
||||
* implements auth password query via casa.
|
||||
- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by
|
||||
ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif
|
||||
- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server
|
||||
with md5 functions from openssl library instead of own copy.
|
||||
- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support
|
||||
- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf
|
||||
ldap-server-cn option to more clear ldap-dhcp-server-cn.
|
||||
- dhcp-3.0.5-ldap-patch-schema.dif
|
||||
- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support
|
||||
for LDAP referrals, introducing new "ldap-referrals <on|off>"
|
||||
option in dhcpd.conf.
|
||||
- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing
|
||||
TLS/LDAPS support. Adds new "ldap-ssl <on|off|ldaps|start_tls>"
|
||||
and several "ldap-tls-*" options for dhcpd.conf. By default, the
|
||||
server trys to use TLS if possible, but continues without if not.
|
||||
* Tue Jan 09 2007 - mt@suse.de
|
||||
- Added installation of dhcpd.xml, dhcpd service description
|
||||
for omc xml-service-provider, fate #301710.
|
||||
|
3
rc.dhcpd
3
rc.dhcpd
@ -162,7 +162,8 @@ case "$1" in
|
||||
for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do
|
||||
test -d $CHROOT_PREFIX/${i%/*} || mkdir -p $CHROOT_PREFIX/${i%/*}
|
||||
done
|
||||
for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES /etc/{resolv.conf,host.conf,hosts,localtime}; do
|
||||
rm -f $CHROOT_PREFIX/dev/urandom
|
||||
for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES /etc/{resolv.conf,host.conf,hosts,localtime} /dev/urandom; do
|
||||
if ! test -e $i; then continue; fi # neither of them is absolutely necessary
|
||||
cp -aL $i $CHROOT_PREFIX/$i &>/dev/null \
|
||||
|| { echo "...$0:$LINENO: could not copy $i to chroot jail"; rc_failed; rc_status -v1; exit 6; }
|
||||
|
Loading…
Reference in New Issue
Block a user