rpms/autofs/F-7 autofs-5.0.1-add-ldap-schema-discovery.patch, 1.2, 1.3 autofs-5.0.1-add-ldaps-support.patch, NONE, 1.1 autofs.spec, 1.217, 1.218
Ian Kent (iankent)
fedora-extras-commits at redhat.com
Wed Sep 5 05:33:47 UTC 2007
Author: iankent
Update of /cvs/pkgs/rpms/autofs/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25676
Modified Files:
autofs.spec
Added Files:
autofs-5.0.1-add-ldap-schema-discovery.patch
autofs-5.0.1-add-ldaps-support.patch
Log Message:
* Wed Sep 5 2007 Ian Kent <ikent at redhat.com> - 5.0.1-28
- add ldaps support (required by schema discovery).
- add back LDAP schema discovery if no schema is configured.
autofs-5.0.1-add-ldap-schema-discovery.patch:
Index: autofs-5.0.1-add-ldap-schema-discovery.patch
===================================================================
RCS file: autofs-5.0.1-add-ldap-schema-discovery.patch
diff -N autofs-5.0.1-add-ldap-schema-discovery.patch
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ autofs-5.0.1-add-ldap-schema-discovery.patch 5 Sep 2007 05:33:14 -0000 1.3
@@ -0,0 +1,656 @@
+diff -up autofs-5.0.1/include/lookup_ldap.h.add-ldap-schema-discovery autofs-5.0.1/include/lookup_ldap.h
+--- autofs-5.0.1/include/lookup_ldap.h.add-ldap-schema-discovery 2007-09-05 13:27:06.000000000 +0800
++++ autofs-5.0.1/include/lookup_ldap.h 2007-09-05 13:27:06.000000000 +0800
+@@ -7,8 +7,17 @@
+ #include <openssl/err.h>
+ #include <sasl/sasl.h>
+ #include <libxml/tree.h>
++#include <krb5.h>
+ #endif
+
++struct ldap_schema {
++ char *map_class;
++ char *map_attr;
++ char *entry_class;
++ char *entry_attr;
++ char *value_attr;
++};
++
+ struct lookup_context {
+ char *mapname;
+
+@@ -21,11 +30,7 @@ struct lookup_context {
+ int version;
+
+ /* LDAP lookup configuration */
+- char *map_obj_class;
+- char *entry_obj_class;
+- char *map_attr;
+- char *entry_attr;
+- char *value_attr;
++ struct ldap_schema *schema;
+
+ /* TLS and SASL authentication information */
+ char *auth_conf;
+diff -up autofs-5.0.1/include/defaults.h.add-ldap-schema-discovery autofs-5.0.1/include/defaults.h
+--- autofs-5.0.1/include/defaults.h.add-ldap-schema-discovery 2007-09-05 13:27:05.000000000 +0800
++++ autofs-5.0.1/include/defaults.h 2007-09-05 13:27:06.000000000 +0800
+@@ -43,11 +43,8 @@ unsigned int defaults_get_timeout(void);
+ unsigned int defaults_get_browse_mode(void);
+ unsigned int defaults_get_logging(void);
+ const char *defaults_get_ldap_server(void);
+-const char *defaults_get_map_obj_class(void);
+-const char *defaults_get_entry_obj_class(void);
+-const char *defaults_get_map_attr(void);
+-const char *defaults_get_entry_attr(void);
+-const char *defaults_get_value_attr(void);
++struct ldap_schema *defaults_get_default_schema(void);
++struct ldap_schema *defaults_get_schema(void);
+ unsigned int defaults_get_append_options(void);
+ const char *defaults_get_auth_conf_file(void);
+
+diff -up autofs-5.0.1/modules/lookup_ldap.c.add-ldap-schema-discovery autofs-5.0.1/modules/lookup_ldap.c
+--- autofs-5.0.1/modules/lookup_ldap.c.add-ldap-schema-discovery 2007-09-05 13:27:06.000000000 +0800
++++ autofs-5.0.1/modules/lookup_ldap.c 2007-09-05 13:27:39.000000000 +0800
+@@ -42,6 +42,13 @@
+
+ int lookup_version = AUTOFS_LOOKUP_VERSION; /* Required by protocol */
+
++static struct ldap_schema common_schema[] = {
++ {"nisMap", "nisMapName", "nisObject", "cn", "nisMapEntry"},
++ {"automountMap", "ou", "automount", "cn", "automountInformation"},
++ {"automountMap", "automountMapName", "automount", "automountKey", "automountInformation"},
++};
++static unsigned int common_schema_count = sizeof(common_schema)/sizeof(struct ldap_schema);
++
+ int bind_ldap_anonymous(LDAP *ldap, struct lookup_context *ctxt)
+ {
+ int rv;
+@@ -738,54 +745,15 @@ done:
+ return 1;
+ }
+
+-static int get_default_schema(struct lookup_context *ctxt)
+-{
+- ctxt->map_obj_class = (char *) defaults_get_map_obj_class();
+- if (!ctxt->map_obj_class)
+- return 0;
+-
+- ctxt->entry_obj_class = (char *) defaults_get_entry_obj_class();
+- if (!ctxt->entry_obj_class)
+- goto free_moc;
+-
+- ctxt->map_attr = (char *) defaults_get_map_attr();
+- if (!ctxt->map_attr)
+- goto free_eoc;
+-
+- ctxt->entry_attr = (char *) defaults_get_entry_attr();
+- if (!ctxt->entry_attr)
+- goto free_ma;
+-
+- ctxt->value_attr = (char *) defaults_get_value_attr();
+- if (!ctxt->value_attr)
+- goto free_ea;
+-
+- return 1;
+-
+-free_ea:
+- free(ctxt->entry_attr);
+-free_ma:
+- free(ctxt->map_attr);
+-free_eoc:
+- free(ctxt->entry_obj_class);
+-free_moc:
+- free(ctxt->map_obj_class);
+-
+- ctxt->map_obj_class = NULL;
+- ctxt->entry_obj_class = NULL;
+- ctxt->map_attr = NULL;
+- ctxt->entry_attr = NULL;
+-
+- return 0;
+-}
+-
+ static void free_context(struct lookup_context *ctxt)
+ {
+- if (ctxt->map_obj_class) {
+- free(ctxt->map_obj_class);
+- free(ctxt->entry_obj_class);
+- free(ctxt->map_attr);
+- free(ctxt->entry_attr);
++ if (ctxt->schema) {
++ free(ctxt->schema->map_class);
++ free(ctxt->schema->map_attr);
++ free(ctxt->schema->entry_class);
++ free(ctxt->schema->entry_attr);
++ free(ctxt->schema->value_attr);
++ free(ctxt->schema);
+ }
+ if (ctxt->auth_conf)
+ free(ctxt->auth_conf);
+@@ -808,19 +776,15 @@ static void free_context(struct lookup_c
+ return;
+ }
+
+-static int get_query_dn(LDAP *ldap, struct lookup_context *ctxt)
++static int get_query_dn(LDAP *ldap, struct lookup_context *ctxt, const char *class, const char *key)
+ {
+ char buf[PARSE_MAX_BUF];
+ char *query, *dn;
+ LDAPMessage *result, *e;
+- char *class, *key;
+ char *attrs[2];
+ int scope;
+ int rv, l;
+
+- class = ctxt->map_obj_class;
+- key = ctxt->map_attr;
+-
+ attrs[0] = LDAP_NO_ATTRS;
+ attrs[1] = NULL;
+
+@@ -890,6 +854,90 @@ static int get_query_dn(LDAP *ldap, stru
+ return 1;
+ }
+
++static struct ldap_schema *alloc_common_schema(struct ldap_schema *s)
++{
++ struct ldap_schema *schema;
++ char *mc, *ma, *ec, *ea, *va;
++
++ mc = strdup(s->map_class);
++ if (!mc)
++ return NULL;
++
++ ma = strdup(s->map_attr);
++ if (!ma) {
++ free(mc);
++ return NULL;
++ }
++
++ ec = strdup(s->entry_class);
++ if (!ec) {
++ free(mc);
++ free(ma);
++ return NULL;
++ }
++
++ ea = strdup(s->entry_attr);
++ if (!ea) {
++ free(mc);
++ free(ma);
++ free(ec);
++ return NULL;
++ }
++
++ va = strdup(s->value_attr);
++ if (!va) {
++ free(mc);
++ free(ma);
++ free(ec);
++ free(ea);
++ return NULL;
++ }
++
++ schema = malloc(sizeof(struct ldap_schema));
++ if (!schema) {
++ free(mc);
++ free(ma);
++ free(ec);
++ free(ea);
++ free(va);
++ return NULL;
++ }
++
++ schema->map_class = mc;
++ schema->map_attr = ma;
++ schema->entry_class = ec;
++ schema->entry_attr = ea;
++ schema->value_attr = va;
++
++ return schema;
++}
++
++static int find_query_dn(LDAP *ldap, struct lookup_context *ctxt)
++{
++ struct ldap_schema *schema;
++ unsigned int i;
++
++ if (ctxt->schema)
++ return 0;
++
++ for (i = 0; i < common_schema_count; i++) {
++ const char *class = common_schema[i].map_class;
++ const char *key = common_schema[i].map_attr;
++ if (get_query_dn(ldap, ctxt, class, key)) {
++ schema = alloc_common_schema(&common_schema[i]);
++ if (!schema) {
++ error(LOGOPT_ANY,
++ MODPREFIX "failed to allocate schema");
++ return 0;
++ }
++ ctxt->schema = schema;
++ return 1;
++ }
++ }
++
++ return 0;
++}
++
+ /*
+ * This initializes a context (persistent non-global data) for queries to
+ * this module. Return zero if we succeed.
+@@ -926,13 +974,6 @@ int lookup_init(const char *mapfmt, int
+ return 1;
+ }
+
+- /* Get default schema for queries */
+- if (!get_default_schema(ctxt)) {
+- error(LOGOPT_ANY, MODPREFIX "cannot set default schema");
+- free_context(ctxt);
+- return 1;
+- }
+-
+ #ifdef WITH_SASL
+ /*
+ * Determine which authentication mechanism to use. We sanity-
+@@ -954,13 +995,31 @@ int lookup_init(const char *mapfmt, int
+ return 1;
+ }
+
+- ret = get_query_dn(ldap, ctxt);
+- unbind_ldap_connection(ldap, ctxt);
+- if (!ret) {
+- error(LOGOPT_ANY, MODPREFIX "failed to get query dn");
+- free_context(ctxt);
+- return 1;
++ /*
++ * Get default schema for queries.
++ * If the schema isn't defined in the configuration then check for
++ * presence of a map dn in the common schemas.
++ */
++ ctxt->schema = defaults_get_schema();
++ if (!ctxt->schema) {
++ if (!find_query_dn(ldap, ctxt)) {
++ unbind_ldap_connection(ldap, ctxt);
++ error(LOGOPT_ANY,
++ MODPREFIX "failed to find valid query dn");
++ free_context(ctxt);
++ return 1;
++ }
++ } else {
++ const char *class = common_schema[i].map_class;
++ const char *key = common_schema[i].map_attr;
++ if (!get_query_dn(ldap, ctxt, class, key)) {
++ unbind_ldap_connection(ldap, ctxt);
++ error(LOGOPT_ANY, MODPREFIX "failed to get query dn");
++ free_context(ctxt);
++ return 1;
++ }
+ }
++ unbind_ldap_connection(ldap, ctxt);
+
+ /* Open the parser, if we can. */
+ ctxt->parse = open_parse(mapfmt, MODPREFIX, argc - 1, argv + 1);
+@@ -990,9 +1049,9 @@ int lookup_read_master(struct master *ma
+ int scope = LDAP_SCOPE_SUBTREE;
+ LDAP *ldap;
+
+- class = ctxt->entry_obj_class;
+- entry = ctxt->entry_attr;
+- info = ctxt->value_attr;
++ class = ctxt->schema->entry_class;
++ entry = ctxt->schema->entry_attr;
++ info = ctxt->schema->value_attr;
+
+ attrs[0] = entry;
+ attrs[1] = info;
+@@ -1141,9 +1200,9 @@ static int read_one_map(struct autofs_po
+
+ mc = source->mc;
+
+- class = ctxt->entry_obj_class;
+- entry = ctxt->entry_attr;
+- info = ctxt->value_attr;
++ class = ctxt->schema->entry_class;
++ entry = ctxt->schema->entry_attr;
++ info = ctxt->schema->value_attr;
+
+ attrs[0] = entry;
+ attrs[1] = info;
+@@ -1438,9 +1497,9 @@ static int lookup_one(struct autofs_poin
+ return CHE_FAIL;
+ }
+
+- class = ctxt->entry_obj_class;
+- entry = ctxt->entry_attr;
+- info = ctxt->value_attr;
++ class = ctxt->schema->entry_class;
++ entry = ctxt->schema->entry_attr;
++ info = ctxt->schema->value_attr;
+
+ attrs[0] = entry;
+ attrs[1] = info;
+diff -up autofs-5.0.1/lib/defaults.c.add-ldap-schema-discovery autofs-5.0.1/lib/defaults.c
+--- autofs-5.0.1/lib/defaults.c.add-ldap-schema-discovery 2007-09-05 13:27:05.000000000 +0800
++++ autofs-5.0.1/lib/defaults.c 2007-09-05 13:27:06.000000000 +0800
+@@ -18,6 +18,7 @@
+ #include <string.h>
+
+ #include "defaults.h"
++#include "lookup_ldap.h"
+ #include "log.h"
+
+ #define DEFAULTS_CONFIG_FILE AUTOFS_CONF_DIR "/autofs"
+@@ -41,16 +42,8 @@
+ #define ENV_AUTH_CONF_FILE "AUTH_CONF_FILE"
+
+ static const char *default_master_map_name = DEFAULT_MASTER_MAP_NAME;
+-
+-static const char *default_ldap_server = DEFAULT_LDAP_SERVER;
+-
+-static const char *default_map_obj_class = DEFAULT_MAP_OBJ_CLASS;
+-static const char *default_entry_obj_class = DEFAULT_ENTRY_OBJ_CLASS;
+-static const char *default_map_attr = DEFAULT_MAP_ATTR;
+-static const char *default_entry_attr = DEFAULT_ENTRY_ATTR;
+-static const char *default_value_attr = DEFAULT_VALUE_ATTR;
+-
+-static const char *default_auth_conf_file = DEFAULT_AUTH_CONF_FILE;
++static const char *default_ldap_server = DEFAULT_LDAP_SERVER;
++static const char *default_auth_conf_file = DEFAULT_AUTH_CONF_FILE;
+
+ static char *get_env_string(const char *name)
+ {
+@@ -285,59 +278,120 @@ const char *defaults_get_ldap_server(voi
+ return (const char *) server;
+ }
+
+-const char *defaults_get_map_obj_class(void)
++struct ldap_schema *defaults_get_default_schema(void)
+ {
+- char *moc;
++ struct ldap_schema *schema;
++ char *mc, *ma, *ec, *ea, *va;
+
+- moc = get_env_string(ENV_NAME_MAP_OBJ_CLASS);
+- if (!moc)
+- return strdup(default_map_obj_class);
++ mc = strdup(DEFAULT_MAP_OBJ_CLASS);
++ if (!mc)
++ return NULL;
+
+- return (const char *) moc;
+-}
++ ma = strdup(DEFAULT_MAP_ATTR);
++ if (!ma) {
++ free(mc);
++ return NULL;
++ }
+
+-const char *defaults_get_entry_obj_class(void)
+-{
+- char *eoc;
++ ec = strdup(DEFAULT_ENTRY_OBJ_CLASS);
++ if (!ec) {
++ free(mc);
++ free(ma);
++ return NULL;
++ }
+
+- eoc = get_env_string(ENV_NAME_ENTRY_OBJ_CLASS);
+- if (!eoc)
+- return strdup(default_entry_obj_class);
++ ea = strdup(DEFAULT_ENTRY_ATTR);
++ if (!ea) {
++ free(mc);
++ free(ma);
++ free(ec);
++ return NULL;
++ }
+
+- return (const char *) eoc;
+-}
++ va = strdup(DEFAULT_VALUE_ATTR);
++ if (!va) {
++ free(mc);
++ free(ma);
++ free(ec);
++ free(ea);
++ return NULL;
++ }
+
+-const char *defaults_get_map_attr(void)
+-{
+- char *ma;
++ schema = malloc(sizeof(struct ldap_schema));
++ if (!schema) {
++ free(mc);
++ free(ma);
++ free(ec);
++ free(ea);
++ free(va);
++ return NULL;
++ }
+
+- ma = get_env_string(ENV_NAME_MAP_ATTR);
+- if (!ma)
+- return strdup(default_map_attr);
++ schema->map_class = mc;
++ schema->map_attr = ma;
++ schema->entry_class = ec;
++ schema->entry_attr = ea;
++ schema->value_attr = va;
+
+- return (const char *) ma;
++ return schema;
+ }
+
+-const char *defaults_get_entry_attr(void)
++struct ldap_schema *defaults_get_schema(void)
+ {
+- char *ea;
++ struct ldap_schema *schema;
++ char *mc, *ma, *ec, *ea, *va;
+
+- ea = get_env_string(ENV_NAME_ENTRY_ATTR);
+- if (!ea)
+- return strdup(default_entry_attr);
++ mc = get_env_string(ENV_NAME_MAP_OBJ_CLASS);
++ if (!mc)
++ return NULL;
+
+- return (const char *) ea;
+-}
++ ma = get_env_string(ENV_NAME_MAP_ATTR);
++ if (!ma) {
++ free(mc);
++ return NULL;
++ }
+
+-const char *defaults_get_value_attr(void)
+-{
+- char *va;
++ ec = get_env_string(ENV_NAME_ENTRY_OBJ_CLASS);
++ if (!ec) {
++ free(mc);
++ free(ma);
++ return NULL;
++ }
++
++ ea = get_env_string(ENV_NAME_ENTRY_ATTR);
++ if (!ea) {
++ free(mc);
++ free(ma);
++ free(ec);
++ return NULL;
++ }
+
+ va = get_env_string(ENV_NAME_VALUE_ATTR);
+- if (!va)
+- return strdup(default_value_attr);
++ if (!va) {
++ free(mc);
++ free(ma);
++ free(ec);
++ free(ea);
++ return NULL;
++ }
++
++ schema = malloc(sizeof(struct ldap_schema));
++ if (!schema) {
++ free(mc);
++ free(ma);
++ free(ec);
++ free(ea);
++ free(va);
++ return NULL;
++ }
++
++ schema->map_class = mc;
++ schema->map_attr = ma;
++ schema->entry_class = ec;
++ schema->entry_attr = ea;
++ schema->value_attr = va;
+
+- return (const char *) va;
++ return schema;
+ }
+
+ unsigned int defaults_get_append_options(void)
+diff -up autofs-5.0.1/man/auto.master.5.in.add-ldap-schema-discovery autofs-5.0.1/man/auto.master.5.in
+--- autofs-5.0.1/man/auto.master.5.in.add-ldap-schema-discovery 2007-09-05 13:27:06.000000000 +0800
++++ autofs-5.0.1/man/auto.master.5.in 2007-09-05 13:27:06.000000000 +0800
+@@ -188,17 +188,25 @@ The old style
+ is also understood. Alternatively, the type can be obtained from the Name Service Switch
+ configuration, in which case the map name alone must be given.
+ .P
+-The default LDAP schema is the NIS schema described in RFC 2307.
+-Entries in the nisMap schema are \fBnisObject\fP objects in
++If no schema is set in the autofs configuration then autofs will check
++each of the commonly used schema for a valid entry and if one is found
++it will used for subsequent lookups.
++.P
++There are three common schemas in use:
++.TP
++.I nisMap
++Entries in the \fBnisMap\fP schema are \fBnisObject\fP objects in
+ the specified subtree, where the \fBcn\fP attribute is the key
+ (the wildcard key is "/"), and the \fBnisMapEntry\fP attribute
+ contains the information used by the automounter.
+-.P
+-Entries in the automountMap schema are \fBautomount\fP objects in
+-the specified subtree, where the \fBcn\fP or \fBautomountKey\fP attribute
+-(depending on local usage) is the key (the wildcard key is "/"), and the
+-\fBautomountInformation\fP attribute contains the information used by the
+-automounter.
++.TP
++.I automountMap
++The \fBautomountMap\fP schema has two variations that differ in the attribute
++used for the map key. Entries in the automountMap schema are \fBautomount\fP
++objects in the specified subtree, where the \fBcn\fP or \fBautomountKey\fP
++attribute (depending on local usage) is the key (the wildcard key is "/"),
++and the \fBautomountInformation\fP attribute contains the information used
++by the automounter. Note that the \fBcn\fP attribute is case insensitive.
+ .P
+ The object classes and attributes used for accessing automount maps in
+ LDAP can be changed by setting entries in the autofs configuration
+@@ -206,61 +214,44 @@ located in
+ .nh
+ .BR @@autofsconfdir@@/autofs .
+ .hy
++.TP
++.B NOTE:
++If a schema is given in the configuration then all the schema configuration
++values must be set, any partial schema specification will be ignored.
+ .P
+ The configuration settings available are:
+ .TP
+-\fBMAP_OBJECT_CLASS\fP
+-The map object class. Its Default value is "nisMap". In the
+-.nh
+-automountMap
+-.hy
+-schema this corresponds to the class
+-.nh
+-.BR automountMap .
+-.hy
++.B MAP_OBJECT_CLASS
++The map object class. In the \fBnisMap\fP schema this corresponds to the class
++\fBnisMap\fP and in the \fBautomountMap\fP schema it corresponds to the class
++\fBautomountMap\fP.
+ .TP
+ .B ENTRY_OBJECT_CLASS
+-The map entry object class. Its default value is \fBnisObject\fP.
+-In the automountMap schema this corresponds to the class
+-.nh
+-.BR automount .
+-.hy
++The map entry object class. In the \fBnisMap\fP schema this corresponds
++to the class \fBnisObject\fP and in the \fBautomountMap\fP schema it
++corresponds to the class \fBautomount\fP.
+ .TP
+ .B MAP_ATTRIBUTE
+ The attribute used to identify the name of the map to which this
+-entry belongs. Its default value is
+-.nh
+-.BR nisMapName .
+-.hy
+-In the
+-.nh
+-automountMap
+-.hy
+-schema this corresponds to the attributes \fBou\fP or
+-.nh
+-.BR automountMapName .
+-.hy
++entry belongs. In the \fBnisMap\fP schema this corresponds to the attribute
++\fBnisMapName\fP and in the \fBautomountMap\fP schema it corresponds to the
++attribute \fBou\fP or \fBautomountMapName\fP.
+ .TP
+ .B ENTRY_ATTRIBUTE
+-The attribute used to identify a map key. Its default value is
+-In the
+-.nh
+-automountMap
+-.hy
+-schema this corresponds to the attribute
+-.nh
+-.BR automountKey .
+-.hy
++The attribute used to identify a map key. In the \fBnisMap\fP schema this
++corresponds to the attribute \fBcn\fP and in the \fBautomountMap\fP schema
++it corresponds to the attribute \fBautomountKey\fP.
+ .TP
+ .B VALUE_ATTRIBUTE
+-The attribute used to identify the value of the map entry. Its default
+-value is
+-.nh
+-.BR BnisMapEntry .
+-.hy
+-In the automountMap schema this corresponds to the attribute
+-.nh
+-.BR automountInformation .
++The attribute used to identify the value of the map entry. In the \fBnisMap\fP
++schema this corresponds to the attribute \fBnisMapEntry\fP and in the \fBautomountMap\fP
++schema it corresponds to the attribute \fBautomountInformation\fP.
++.TP
++.B NOTE:
++It is essential that entries use class and attribute in a consistent
++manner for correct operation of autofs. For example mixing \fBcn\fP and
++\fBautomountKey\fP attributes in \fBautomount\fP schema map entries won't
++work as expected.
+ .SH LDAP AUTHENTICATION, ENCRYPTED AND CERTIFIED CONNECTIONS
+ LDAP authenticated binds, TLS encrypted connections and certification
+ may be used by setting appropriate values in the autofs authentication
+diff -up autofs-5.0.1/man/automount.8.in.add-ldap-schema-discovery autofs-5.0.1/man/automount.8.in
+--- autofs-5.0.1/man/automount.8.in.add-ldap-schema-discovery 2007-09-05 13:27:06.000000000 +0800
++++ autofs-5.0.1/man/automount.8.in 2007-09-05 13:27:06.000000000 +0800
+@@ -104,6 +104,8 @@ started they will be recoverd unless the
+ the map in which case they need to umounted manually.
+ .SH "SEE ALSO"
+ .BR autofs (5),
++.BR autofs (8),
++.BR auto.master (5),
+ .BR mount (8).
+ .SH BUGS
+ Don't know, I've fixed everything I know about.
autofs-5.0.1-add-ldaps-support.patch:
--- NEW FILE autofs-5.0.1-add-ldaps-support.patch ---
--- autofs-5.0.1/include/lookup_ldap.h.add-ldaps-support 2006-09-01 13:29:50.000000000 +0800
+++ autofs-5.0.1/include/lookup_ldap.h 2007-06-20 11:41:02.000000000 +0800
@@ -13,6 +13,7 @@ struct lookup_context {
char *mapname;
char *server;
+ int port;
char *base;
char *qdn;
--- autofs-5.0.1/modules/Makefile.add-ldaps-support 2007-06-20 11:41:02.000000000 +0800
+++ autofs-5.0.1/modules/Makefile 2007-06-20 11:41:02.000000000 +0800
@@ -64,6 +64,7 @@ install: all
-rm -f $(INSTALLROOT)$(autofslibdir)/mount_smbfs.so
ln -fs lookup_file.so $(INSTALLROOT)$(autofslibdir)/lookup_files.so
ln -fs lookup_yp.so $(INSTALLROOT)$(autofslibdir)/lookup_nis.so
+ ln -fs lookup_ldap.so $(INSTALLROOT)$(autofslibdir)/lookup_ldaps.so
ln -fs mount_nfs.so $(INSTALLROOT)$(autofslibdir)/mount_nfs4.so
ifeq ($(EXT2FS), 1)
ifeq ($(EXT3FS), 1)
--- autofs-5.0.1/modules/lookup_ldap.c.add-ldaps-support 2007-06-20 11:41:02.000000000 +0800
+++ autofs-5.0.1/modules/lookup_ldap.c 2007-06-20 11:41:52.000000000 +0800
@@ -100,14 +100,8 @@ LDAP *init_ldap_connection(struct lookup
ctxt->version = 3;
/* Initialize the LDAP context. */
- /* LDAP_PORT should not be hard-coded, here. If we are going to
- * parse ldap strings ourselves, then we can put the port specified
- * in the host:port format here. Otherwise, we can just pass the
- * host:port string to the ldap_init call and let the library handle
- * it. -JM
- */
- ldap = ldap_init(ctxt->server, LDAP_PORT);
- if (!ldap) {
+ rv = ldap_initialize(&ldap, ctxt->server);
+ if (rv != LDAP_OPT_SUCCESS) {
crit(LOGOPT_ANY,
MODPREFIX "couldn't initialize LDAP connection to %s",
ctxt->server ? ctxt->server : "default server");
@@ -119,8 +113,8 @@ LDAP *init_ldap_connection(struct lookup
if (rv != LDAP_OPT_SUCCESS) {
/* fall back to LDAPv2 */
ldap_unbind_ext(ldap, NULL, NULL);
- ldap = ldap_init(ctxt->server, LDAP_PORT);
- if (!ldap) {
+ rv = ldap_initialize(&ldap, ctxt->server);
+ if (rv != LDAP_OPT_SUCCESS) {
crit(LOGOPT_ANY, MODPREFIX "couldn't initialize LDAP");
return NULL;
}
@@ -348,7 +342,7 @@ int parse_ldap_config(struct lookup_cont
goto out;
}
- if (!usetls)
+ if (!usetls || ctxt->port == LDAPS_PORT)
use_tls = LDAP_TLS_DONT_USE;
else {
if (!strcasecmp(usetls, "yes"))
@@ -551,16 +545,31 @@ int auth_init(struct lookup_context *ctx
*/
static int parse_server_string(const char *url, struct lookup_context *ctxt)
{
- char buf[MAX_ERR_BUF], *tmp = NULL;
- const char *ptr;
- int l;
+ char buf[MAX_ERR_BUF], *tmp = NULL, proto[9];
+ const char *ptr, *name;
+ int l, al_len;
+ memset(proto, 0, 9);
ptr = url;
debug(LOGOPT_NONE,
MODPREFIX
"Attempting to parse LDAP information from string \"%s\".", ptr);
+ ctxt->port = LDAP_PORT;
+ if (!strncmp(ptr, "ldap:", 5) || !strncmp(ptr, "ldaps:", 6)) {
+ if (*(ptr + 4) == 's') {
+ ctxt->port = LDAPS_PORT;
+ memcpy(proto, ptr, 6);
+ strcat(proto, "//");
+ ptr += 6;
+ } else {
+ memcpy(proto, ptr, 5);
+ strcat(proto, "//");
+ ptr += 5;
+ }
+ }
+
if (!strncmp(ptr, "//", 2)) {
const char *s = ptr + 2;
const char *q = NULL;
@@ -568,7 +577,13 @@ static int parse_server_string(const cha
/* Isolate the server(s). */
if ((q = strchr(s, '/'))) {
l = q - s;
- tmp = malloc(l + 1);
+ if (*proto) {
+ al_len = l + strlen(proto) + 2;
+ tmp = malloc(al_len);
+ } else {
+ al_len = l + 1;
+ tmp = malloc(al_len);
+ }
if (!tmp) {
char *estr;
estr = strerror_r(errno, buf, MAX_ERR_BUF);
@@ -576,8 +591,13 @@ static int parse_server_string(const cha
return 0;
}
ctxt->server = tmp;
- memset(ctxt->server, 0, l + 1);
- memcpy(ctxt->server, s, l);
+ memset(ctxt->server, 0, al_len);
+ if (*proto) {
+ strcpy(ctxt->server, proto);
+ memcpy(ctxt->server + strlen(proto), s, l);
+ strcat(ctxt->server, "/");
+ } else
+ memcpy(ctxt->server, s, l);
ptr = q + 1;
} else {
crit(LOGOPT_ANY,
@@ -600,7 +620,7 @@ static int parse_server_string(const cha
} else if (strchr(ptr, ':') != NULL) {
char *q = NULL;
- /* Isolate the server(s). Include the port spec */
+ /* Isolate the server. Include the port spec */
q = strchr(ptr, ':');
if (isdigit(*q))
while (isdigit(*q))
@@ -613,8 +633,14 @@ static int parse_server_string(const cha
}
l = q - ptr;
+ if (*proto) {
+ al_len = l + strlen(proto) + 2;
+ tmp = malloc(al_len);
+ } else {
+ al_len = l + 1;
+ tmp = malloc(al_len);
+ }
/* Isolate the server's name. */
- tmp = malloc(l + 1);
if (!tmp) {
char *estr;
estr = strerror_r(errno, buf, MAX_ERR_BUF);
@@ -622,8 +648,13 @@ static int parse_server_string(const cha
return 0;
}
ctxt->server = tmp;
- memset(ctxt->server, 0, l + 1);
- memcpy(ctxt->server, ptr, l);
+ memset(ctxt->server, 0, al_len);
+ if (*proto) {
+ strcpy(ctxt->server, proto);
+ memcpy(ctxt->server + strlen(proto), ptr, l);
+ strcat(ctxt->server, "/");
+ } else
+ memcpy(ctxt->server, ptr, l);
ptr += l + 1;
}
@@ -639,29 +670,41 @@ static int parse_server_string(const cha
* the later LDAP calls will fail.
*/
l = strlen(ptr);
- if (strchr(ptr, '=')) {
+ if ((name = strchr(ptr, '='))) {
char *base;
+ /*
+ * An '=' with no ',' means a mapname has been given so just
+ * grab it alone to keep it independent of schema otherwize
+ * we expect a full dn.
+ */
if (!strchr(ptr, ',')) {
- debug(LOGOPT_NONE,
- MODPREFIX "LDAP dn not fuly specified");
- if (ctxt->server)
- free(ctxt->server);
- return 0;
- }
-
- base = malloc(l + 1);
- if (!base) {
- char *estr;
- estr = strerror_r(errno, buf, MAX_ERR_BUF);
- crit(LOGOPT_ANY, MODPREFIX "malloc: %s", estr);
- if (ctxt->server)
- free(ctxt->server);
- return 0;
+ char *map = strdup(name + 1);
+ if (map)
+ ctxt->mapname = map;
+ else {
+ char *estr;
+ estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ crit(LOGOPT_ANY, MODPREFIX "malloc: %s", estr);
+ if (ctxt->server)
+ free(ctxt->server);
+ return 0;
+ }
+
+ } else {
+ base = malloc(l + 1);
+ if (!base) {
+ char *estr;
+ estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ crit(LOGOPT_ANY, MODPREFIX "malloc: %s", estr);
+ if (ctxt->server)
+ free(ctxt->server);
+ return 0;
+ }
+ ctxt->base = base;
+ memset(ctxt->base, 0, l + 1);
+ memcpy(ctxt->base, ptr, l);
}
- ctxt->base = base;
- memset(ctxt->base, 0, l + 1);
- memcpy(ctxt->base, ptr, l);
} else {
char *map = malloc(l + 1);
if (!map) {
@@ -676,6 +719,14 @@ static int parse_server_string(const cha
memset(ctxt->mapname, 0, l + 1);
memcpy(map, ptr, l);
}
+
+ if (!ctxt->server && *proto) {
+ if (!strncmp(proto, "ldaps", 5)) {
+ warn(LOGOPT_ANY, MODPREFIX
+ "server must be given to force ldaps, connection "
+ "will use LDAP client configured protocol");
+ }
+ }
done:
if (ctxt->mapname)
debug(LOGOPT_NONE, MODPREFIX "mapname %s", ctxt->mapname);
--- autofs-5.0.1/daemon/lookup.c.add-ldaps-support 2007-06-20 11:41:02.000000000 +0800
+++ autofs-5.0.1/daemon/lookup.c 2007-06-20 11:41:02.000000000 +0800
@@ -169,20 +169,30 @@ int lookup_nss_read_master(struct master
char source[10];
memset(source, 0, 10);
- /* TODO: ldaps is not yet handled by ldap module */
- /* TODO: must tighten up this test */
- if (!strncmp(name, "file", 4) ||
- !strncmp(name, "yp", 2) ||
- !strncmp(name, "nis", 3) ||
- !strncmp(name, "nisplus", 7) ||
- !strncmp(name, "ldap", 4)) {
+ if (!strncmp(name, "file:", 5) ||
+ !strncmp(name, "yp:", 3) ||
+ !strncmp(name, "nis:", 4) ||
+ !strncmp(name, "nisplus:", 8) ||
+ !strncmp(name, "ldap:", 5) ||
+ !strncmp(name, "ldaps:", 6)) {
strncpy(source, name, tmp - name);
- master->name = tmp + 1;
-
- debug(LOGOPT_NONE,
- "reading master %s %s",
- source, master->name);
+ /*
+ * If it's an ldap map leave the source in the
+ * name so the lookup module can work out if
+ * ldaps has been requested.
+ */
+ if (strncmp(name, "ldap", 4)) {
+ master->name = tmp + 1;
+ debug(LOGOPT_NONE,
+ "reading master %s %s",
+ source, master->name);
+ } else {
+ master->name = name;
+ debug(LOGOPT_NONE,
+ "reading master %s %s",
+ source, tmp + 1);
+ }
result = do_read_master(master, source, age);
master->name = name;
--- autofs-5.0.1/lib/master_parse.y.add-ldaps-support 2007-06-20 11:41:02.000000000 +0800
+++ autofs-5.0.1/lib/master_parse.y 2007-06-20 11:41:02.000000000 +0800
@@ -290,6 +290,19 @@ map: PATH
local_free_vars();
YYABORT;
}
+ /* Add back the type for lookup_ldap.c to handle ldaps */
+ if (*local_argv[0]) {
+ tmp = malloc(strlen(type) + strlen(local_argv[0]) + 2);
+ if (!tmp) {
+ local_free_vars();
+ YYABORT;
+ }
+ strcpy(tmp, type);
+ strcat(tmp, ":");
+ strcat(tmp, local_argv[0]);
+ free(local_argv[0]);
+ local_argv[0] = tmp;
+ }
}
;
@@ -343,12 +356,12 @@ dnattrs: DNATTR EQUAL DNNAME
strcat($$, ",");
strcat($$, $5);
}
- | DNATTR
+ | DNNAME
{
- master_notify($1);
- YYABORT;
+ /* Matches map in old style syntax ldap:server:map */
+ strcpy($$, $1);
}
- | DNNAME
+ | DNATTR
{
master_notify($1);
YYABORT;
--- autofs-5.0.1/lib/master_tok.l.add-ldaps-support 2007-06-20 11:41:02.000000000 +0800
+++ autofs-5.0.1/lib/master_tok.l 2007-06-20 11:41:02.000000000 +0800
@@ -104,7 +104,7 @@ DNATTRSTR (cn|nisMapName|automountMapNam
DNNAMESTR ([[:alnum:]_.\-]+)
INTMAP (-hosts|-null)
-MTYPE ((file|program|yp|nis|nisplus|ldap|hesiod|userdir)(,(sun|hesiod))?)
+MTYPE ((file|program|yp|nis|nisplus|ldap|ldaps|hesiod|userdir)(,(sun|hesiod))?)
OPTTOUT (-t{OPTWS}|-t{OPTWS}={OPTWS}|--timeout{OPTWS}|--timeout{OPTWS}={OPTWS})
--- autofs-5.0.1/man/auto.master.5.in.add-ldaps-support 2006-09-01 13:29:50.000000000 +0800
+++ autofs-5.0.1/man/auto.master.5.in 2007-06-20 11:41:02.000000000 +0800
@@ -101,8 +101,9 @@ The map is a hesiod database whose
.B filsys
entries are used for maps.
.TP
-.B ldap
-The map is stored in an LDAP directory.
+.B ldap \fPor\fB ldaps
+The map is stored in an LDAP directory. If \fBldaps\fP is used the
+appropriate certificate must be configured in the LDAP client.
.RE
.TP
\fBformat\fP
Index: autofs.spec
===================================================================
RCS file: /cvs/pkgs/rpms/autofs/F-7/autofs.spec,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -r1.217 -r1.218
--- autofs.spec 30 Aug 2007 17:24:46 -0000 1.217
+++ autofs.spec 5 Sep 2007 05:33:14 -0000 1.218
@@ -4,7 +4,7 @@
Summary: A tool for automatically mounting and unmounting filesystems
Name: autofs
Version: 5.0.1
-Release: 27
+Release: 28
Epoch: 1
License: GPL
Group: System Environment/Daemons
@@ -44,6 +44,8 @@
Patch32: autofs-5.0.1-consistent-random-selection-option-name.patch
Patch33: autofs-5.0.2-fix-mount-nfs-nosymlink.patch
Patch34: autofs-5.0.2-default-nsswitch.patch
+Patch35: autofs-5.0.1-add-ldaps-support.patch
+Patch36: autofs-5.0.1-add-ldap-schema-discovery.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, hesiod-devel, openldap-devel, bison, flex, libxml2-devel, cyrus-sasl-devel, openssl-devel module-init-tools util-linux nfs-utils e2fsprogs
Conflicts: kernel < 2.6.17
@@ -119,6 +121,8 @@
%patch32 -p1
%patch33 -p1
%patch34 -p1
+%patch35 -p1
+%patch36 -p1
%build
#CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%{_libdir}
@@ -171,8 +175,9 @@
%{_libdir}/autofs/
%changelog
-* Thu Aug 31 2007 Ian Kent <ikent at redhat.com> - 5.0.1-27
-- revert ldap schema discovery patch.
+* Wed Sep 5 2007 Ian Kent <ikent at redhat.com> - 5.0.1-28
+- add ldaps support (required by schema discovery).
+- add back LDAP schema discovery if no schema is configured.
* Tue Aug 28 2007 Ian Kent <ikent at redhat.com> - 5.0.1-26
- fix "nosymlink" option handling and add desription to man page.
More information about the fedora-extras-commits
mailing list