adding ximian connector patches to expose more of the ldap api (#58320)

4 files changed, 461 insertions, 1 deletions

diff --git a/net-nds/openldap/ChangeLog b/net-nds/openldap/ChangeLog
index 876ef4bfc9c6..3f49951947b1 100644
--- a/net-nds/openldap/ChangeLog
+++ b/net-nds/openldap/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for net-nds/openldap
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.81 2004/07/19 02:02:28 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.82 2004/08/06 02:48:16 liquidx Exp $
+
+  05 Aug 2004; Alastair Tse <liquidx@gentoo.org>
+  +files/openldap-2.1.30-ximian_connector.patch:
+  adding ximian connector patches to expose more of the ldap api (#58320)
 
   18 Jul 2004; Robin H. Johnson <robbat2@gentoo.org> openldap-2.1.26.ebuild,
   openldap-2.1.27-r1.ebuild, openldap-2.1.27.ebuild,
diff --git a/net-nds/openldap/files/digest-openldap-2.1.30-r2 b/net-nds/openldap/files/digest-openldap-2.1.30-r2
new file mode 100644
index 000000000000..a6a4a08b05c0
--- /dev/null
+++ b/net-nds/openldap/files/digest-openldap-2.1.30-r2
@@ -0,0 +1 @@
+MD5 e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz 2044673
diff --git a/net-nds/openldap/files/openldap-2.1.30-ximian_connector.patch b/net-nds/openldap/files/openldap-2.1.30-ximian_connector.patch
new file mode 100644
index 000000000000..aa6e7133ab5d
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.1.30-ximian_connector.patch
@@ -0,0 +1,223 @@
+(Note that this patch is not useful on its own... it just adds some
+hooks to work with the LDAP authentication process at a lower level
+than the API otherwise allows. The code that calls these hooks and
+actually drives the NTLM authentication process is in
+lib/e2k-global-catalog.c, and the code that actually implements the
+NTLM algorithms is in xntlm/.)
+
+diff -Nrc -x '*~' -x '*.o' openldap-2.1.23.orig/include/ldap.h openldap-2.1.23/include/ldap.h
+*** openldap-2.1.23.orig/include/ldap.h	Wed Mar  5 18:48:31 2003
+--- openldap-2.1.23/include/ldap.h	Mon Nov 17 13:46:23 2003
+***************
+*** 1645,1649 ****
+--- 1645,1670 ----
+  	LDAPControl **sctrls,
+  	LDAPControl **cctrls ));
+  
++ /*
++  * hacks for NTLM
++  */
++ #define LDAP_AUTH_NTLM_REQUEST	((ber_tag_t) 0x8aU)
++ #define LDAP_AUTH_NTLM_RESPONSE	((ber_tag_t) 0x8bU)
++ LDAP_F( int )
++ ldap_ntlm_bind LDAP_P((
++ 	LDAP		*ld,
++ 	LDAP_CONST char	*dn,
++ 	ber_tag_t	tag,
++ 	struct berval	*cred,
++ 	LDAPControl	**sctrls,
++ 	LDAPControl	**cctrls,
++ 	int		*msgidp ));
++ LDAP_F( int )
++ ldap_parse_ntlm_bind_result LDAP_P((
++ 	LDAP		*ld,
++ 	LDAPMessage	*res,
++ 	struct berval	*challenge));
++ 
++ 
+  LDAP_END_DECL
+  #endif /* _LDAP_H */
+diff -Nrc -x '*~' -x '*.o' openldap-2.1.23.orig/libraries/libldap/Makefile.in openldap-2.1.23/libraries/libldap/Makefile.in
+*** openldap-2.1.23.orig/libraries/libldap/Makefile.in	Sun Mar 30 09:47:09 2003
+--- openldap-2.1.23/libraries/libldap/Makefile.in	Mon Nov 17 13:48:02 2003
+***************
+*** 11,17 ****
+  SRCS	= bind.c open.c result.c error.c compare.c search.c \
+  	controls.c messages.c references.c extended.c cyrus.c \
+  	modify.c add.c modrdn.c delete.c abandon.c \
+! 	sasl.c sbind.c kbind.c unbind.c cancel.c cache.c \
+  	filter.c free.c sort.c passwd.c whoami.c \
+  	getdn.c getentry.c getattr.c getvalues.c addentry.c \
+  	request.c os-ip.c url.c sortctrl.c vlvctrl.c \
+--- 11,17 ----
+  SRCS	= bind.c open.c result.c error.c compare.c search.c \
+  	controls.c messages.c references.c extended.c cyrus.c \
+  	modify.c add.c modrdn.c delete.c abandon.c \
+! 	sasl.c sbind.c kbind.c ntlm.c unbind.c cancel.c cache.c \
+  	filter.c free.c sort.c passwd.c whoami.c \
+  	getdn.c getentry.c getattr.c getvalues.c addentry.c \
+  	request.c os-ip.c url.c sortctrl.c vlvctrl.c \
+***************
+*** 20,26 ****
+  OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
+  	controls.lo messages.lo references.lo extended.lo cyrus.lo \
+  	modify.lo add.lo modrdn.lo delete.lo abandon.lo \
+! 	sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo cache.lo \
+  	filter.lo free.lo sort.lo passwd.lo whoami.lo \
+  	getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
+  	request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
+--- 20,26 ----
+  OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
+  	controls.lo messages.lo references.lo extended.lo cyrus.lo \
+  	modify.lo add.lo modrdn.lo delete.lo abandon.lo \
+! 	sasl.lo sbind.lo kbind.lo ntlm.lo unbind.lo cancel.lo cache.lo \
+  	filter.lo free.lo sort.lo passwd.lo whoami.lo \
+  	getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
+  	request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
+diff -Nrc -x '*~' -x '*.o' openldap-2.1.23.orig/libraries/libldap/ntlm.c openldap-2.1.23/libraries/libldap/ntlm.c
+*** openldap-2.1.23.orig/libraries/libldap/ntlm.c	Wed Dec 31 19:00:00 1969
+--- openldap-2.1.23/libraries/libldap/ntlm.c	Mon Nov 17 13:46:23 2003
+***************
+*** 0 ****
+--- 1,141 ----
++ /* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
++ /*
++  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
++  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
++  */
++ 
++ /* Mostly copied from sasl.c */
++ 
++ #include "portable.h"
++ 
++ #include <stdlib.h>
++ #include <stdio.h>
++ 
++ #include <ac/socket.h>
++ #include <ac/string.h>
++ #include <ac/time.h>
++ #include <ac/errno.h>
++ 
++ #include "ldap-int.h"
++ 
++ int
++ ldap_ntlm_bind(
++ 	LDAP		*ld,
++ 	LDAP_CONST char	*dn,
++ 	ber_tag_t	tag,
++ 	struct berval	*cred,
++ 	LDAPControl	**sctrls,
++ 	LDAPControl	**cctrls,
++ 	int		*msgidp )
++ {
++ 	BerElement	*ber;
++ 	int rc;
++ 
++ 	Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
++ 
++ 	assert( ld != NULL );
++ 	assert( LDAP_VALID( ld ) );
++ 	assert( msgidp != NULL );
++ 
++ 	if( msgidp == NULL ) {
++ 		ld->ld_errno = LDAP_PARAM_ERROR;
++ 		return ld->ld_errno;
++ 	}
++ 
++ 	/* create a message to send */
++ 	if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
++ 		ld->ld_errno = LDAP_NO_MEMORY;
++ 		return ld->ld_errno;
++ 	}
++ 
++ 	assert( LBER_VALID( ber ) );
++ 
++ 	rc = ber_printf( ber, "{it{istON}" /*}*/,
++ 			 ++ld->ld_msgid, LDAP_REQ_BIND,
++ 			 ld->ld_version, dn, tag,
++ 			 cred );
++ 
++ 	/* Put Server Controls */
++ 	if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
++ 		ber_free( ber, 1 );
++ 		return ld->ld_errno;
++ 	}
++ 
++ 	if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
++ 		ld->ld_errno = LDAP_ENCODING_ERROR;
++ 		ber_free( ber, 1 );
++ 		return ld->ld_errno;
++ 	}
++ 
++ #ifndef LDAP_NOCACHE
++ 	if ( ld->ld_cache != NULL ) {
++ 		ldap_flush_cache( ld );
++ 	}
++ #endif /* !LDAP_NOCACHE */
++ 
++ 	/* send the message */
++ 	*msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
++ 
++ 	if(*msgidp < 0)
++ 		return ld->ld_errno;
++ 
++ 	return LDAP_SUCCESS;
++ }
++ 
++ int
++ ldap_parse_ntlm_bind_result(
++ 	LDAP		*ld,
++ 	LDAPMessage	*res,
++ 	struct berval	*challenge)
++ {
++ 	ber_int_t	errcode;
++ 	ber_tag_t	tag;
++ 	BerElement	*ber;
++ 	ber_len_t	len;
++ 
++ 	Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
++ 
++ 	assert( ld != NULL );
++ 	assert( LDAP_VALID( ld ) );
++ 	assert( res != NULL );
++ 
++ 	if ( ld == NULL || res == NULL ) {
++ 		return LDAP_PARAM_ERROR;
++ 	}
++ 
++ 	if( res->lm_msgtype != LDAP_RES_BIND ) {
++ 		ld->ld_errno = LDAP_PARAM_ERROR;
++ 		return ld->ld_errno;
++ 	}
++ 
++ 	if ( ld->ld_error ) {
++ 		LDAP_FREE( ld->ld_error );
++ 		ld->ld_error = NULL;
++ 	}
++ 	if ( ld->ld_matched ) {
++ 		LDAP_FREE( ld->ld_matched );
++ 		ld->ld_matched = NULL;
++ 	}
++ 
++ 	/* parse results */
++ 
++ 	ber = ber_dup( res->lm_ber );
++ 
++ 	if( ber == NULL ) {
++ 		ld->ld_errno = LDAP_NO_MEMORY;
++ 		return ld->ld_errno;
++ 	}
++ 
++ 	tag = ber_scanf( ber, "{ioa" /*}*/,
++ 			 &errcode, challenge, &ld->ld_error );
++ 	ber_free( ber, 0 );
++ 
++ 	if( tag == LBER_ERROR ) {
++ 		ld->ld_errno = LDAP_DECODING_ERROR;
++ 		return ld->ld_errno;
++ 	}
++ 
++ 	ld->ld_errno = errcode;
++ 
++ 	return( ld->ld_errno );
++ }
diff --git a/net-nds/openldap/openldap-2.1.30-r2.ebuild b/net-nds/openldap/openldap-2.1.30-r2.ebuild
new file mode 100644
index 000000000000..540397b17bd8
--- /dev/null
+++ b/net-nds/openldap/openldap-2.1.30-r2.ebuild
@@ -0,0 +1,232 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.1.30-r2.ebuild,v 1.1 2004/08/06 02:48:16 liquidx Exp $
+
+inherit eutils
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
+
+LICENSE="OPENLDAP"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~amd64 ~s390 ~hppa ~ppc64"
+IUSE="berkdb crypt debug gdbm ipv6 odbc perl readline samba sasl slp ssl tcpd"
+
+DEPEND=">=sys-libs/ncurses-5.1
+	>=sys-apps/sed-4
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	ssl? ( >=dev-libs/openssl-0.9.6 )
+	readline? ( >=sys-libs/readline-4.1 )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.7-r3 )
+	odbc? ( dev-db/unixODBC )
+	slp? ( >=net-libs/openslp-1.0 )
+	perl? ( >=dev-lang/perl-5.6 )
+	samba? ( >=dev-libs/openssl-0.9.6 )"
+
+# note that the 'samba' USE flag pulling in OpenSSL is NOT an error.  OpenLDAP
+# uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like
+# mine at work)!
+# Robin H. Johnson <robbat2@gentoo.org> March 8, 2004
+
+# if USE=berkdb
+#	pull in sys-libs/db
+# else if USE=gdbm
+#	pull in sys-libs/gdbm
+# else
+#	pull in sys-libs/db
+DEPEND="${DEPEND}
+	berkdb? ( >=sys-libs/db-4.1.25_p1-r3 )
+	!berkdb? (
+		gdbm? ( >=sys-libs/gdbm-1.8.0 )
+		!gdbm? ( >=sys-libs/db-4.1.25_p1-r3 )
+	)"
+
+pkg_preinst() {
+	enewgroup ldap 439
+	enewuser ldap 439 /dev/null /usr/lib/openldap ldap
+}
+
+src_unpack() {
+	unpack ${A}
+
+	# According to MDK, the link order needs to be changed so that
+	# on systems w/ MD5 passwords the system crypt library is used
+	# (the net result is that "passwd" can be used to change ldap passwords w/
+	#  proper pam support)
+	sed -ie 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \
+		${S}/servers/slapd/Makefile.in
+
+	# Fix up DB-4.0 linking problem
+	# remember to autoconf! this expands configure by 500 lines (4 lines to m4
+	# stuff).
+	epatch ${FILESDIR}/${PN}-2.1.30-db40.patch
+
+	# supersedes old fix for bug #31202
+	cd ${S}
+	epatch ${FILESDIR}/${PN}-2.1.27-perlthreadsfix.patch
+
+	# fix up stuff for newer autoconf that simulates autoconf-2.13, but doesn't
+	# do it perfectly.
+	cd ${S}/build
+	ln -s shtool install
+	ln -s shtool install.sh
+
+	# ximian connector 1.4.7 ntlm patch
+	cd ${S}
+	epatch ${FILESDIR}/${PN}-2.1.30-ximian_connector.patch
+
+	# reconf for db40 fixes.
+	cd ${S}
+	WANT_AUTOCONF="2.1" autoconf
+}
+
+src_compile() {
+	local myconf
+
+	# enable debugging to syslog
+	use debug && myconf="${myconf} --enable-debug"
+	myconf="${myconf} --enable-syslog"
+
+	# enable slapd/slurpd servers
+	myconf="${myconf} --enable-ldap"
+	myconf="${myconf} --enable-slapd --enable-slurpd"
+
+	myconf="${myconf} `use_enable crypt`"
+	myconf="${myconf} `use_enable ipv6`"
+	myconf="${myconf} `use_with sasl cyrus-sasl` `use_enable sasl spasswd`"
+	myconf="${myconf} `use_with readline`"
+	myconf="${myconf} `use_with ssl tls` `use_with samba lmpasswd`"
+	myconf="${myconf} `use_enable tcpd wrappers`"
+	myconf="${myconf} `use_enable odbc sql`"
+	myconf="${myconf} `use_enable perl`"
+	myconf="${myconf} `use_enable slp`"
+
+	myconf="${myconf} --enable-ldbm"
+	myconf_berkdb='--enable-bdb --with-ldbm-api=berkeley'
+	myconf_gdbm='--disable-bdb --with-ldbm-api=gdbm'
+	if use berkdb; then
+		einfo "Using Berkeley DB for local backend"
+		myconf="${myconf} ${myconf_berkdb}"
+	elif use gdbm; then
+		einfo "Using GDBM for local backend"
+		myconf="${myconf} ${myconf_gdbm}"
+	else
+		ewarn "Neither gdbm or berkdb USE flags present, falling back to"
+		ewarn "Berkeley DB for local backend"
+		myconf="${myconf} ${myconf_berkdb}"
+	fi
+
+	# alas, for BSD only
+	#myconf="${myconf} --with-fetch"
+
+	myconf="${myconf} --enable-dynamic --enable-modules"
+	myconf="${myconf} --enable-rewrite --enable-rlookups"
+	myconf="${myconf} --enable-passwd --enable-phonetic"
+	myconf="${myconf} --enable-dnssrv --enable-ldap"
+	myconf="${myconf} --enable-meta --enable-monitor"
+	myconf="${myconf} --enable-null --enable-shell"
+	myconf="${myconf} --enable-local --enable-proctitle"
+
+	# disabled options
+	# --with-bdb-module=dynamic
+	# --enable-dnsserv --with-dnsserv-module=dynamic
+
+	econf \
+		--libexecdir=/usr/lib/openldap \
+		${myconf} || die "configure failed"
+
+	make depend || die "make depend failed"
+	make || die "make failed"
+
+}
+
+src_test() {
+	cd tests ; make tests || die "make tests failed"
+}
+
+src_install() {
+	make DESTDIR=${D} install || die "make install failed"
+
+	dodoc ANNOUNCEMENT CHANGES COPYRIGHT README LICENSE
+	docinto rfc ; dodoc doc/rfc/*.txt
+
+	# make state directories
+	for x in data slurp ldbm; do
+		keepdir /var/lib/openldap-${x}
+		fowners ldap:ldap /var/lib/openldap-${x}
+		fperms 0700 /var/lib/openldap-${x}
+	done
+
+	# manually remove /var/tmp references in .la
+	# because it is packaged with an ancient libtool
+	for x in ${D}/usr/lib/lib*.la; do
+		sed -i -e "s:-L${S}[/]*libraries::" ${x}
+	done
+
+	# change slapd.pid location in configuration file
+	keepdir /var/run/openldap
+	fowners ldap:ldap /var/run/openldap
+	fperms 0755 /var/run/openldap
+	sed -i -e "s:/var/lib/slapd.pid:/var/run/openldap/slapd.pid:" ${D}/etc/openldap/slapd.conf
+	sed -i -e "s:/var/lib/slapd.pid:/var/run/openldap/slapd.pid:" ${D}/etc/openldap/slapd.conf.default
+	sed -i -e "s:/var/lib/slapd.args:/var/run/openldap/slapd.args:" ${D}/etc/openldap/slapd.conf
+	sed -i -e "s:/var/lib/slapd.args:/var/run/openldap/slapd.args:" ${D}/etc/openldap/slapd.conf.default
+	fowners root:ldap /etc/openldap/slapd.conf
+	fperms 0640 /etc/openldap/slapd.conf
+	fowners root:ldap /etc/openldap/slapd.conf.default
+	fperms 0640 /etc/openldap/slapd.conf.default
+
+	# install our own init scripts
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/2.0/slapd slapd
+	newexe ${FILESDIR}/2.0/slurpd slurpd
+	insinto /etc/conf.d
+	newins ${FILESDIR}/2.0/slapd.conf slapd
+
+	# install MDK's ssl cert script
+	if use ssl || use samba; then
+		dodir /etc/openldap/ssl
+		exeinto /etc/openldap/ssl
+		doexe ${FILESDIR}/gencert.sh
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		# make a self-signed ssl cert (if there isn't one there already)
+		if [ ! -e /etc/openldap/ssl/ldap.pem ]
+		then
+			cd /etc/openldap/ssl
+			yes "" | sh gencert.sh
+			chmod 640 ldap.pem
+			chown root:ldap ldap.pem
+		else
+			einfo "An LDAP cert already appears to exist, no creating"
+		fi
+	fi
+
+	# Since moving to running openldap as user ldap there are some
+	# permissions problems with directories and files.
+	# Let's make sure these permissions are correct.
+	chown ldap:ldap /var/run/openldap
+	chmod 0755 /var/run/openldap
+	chown root:ldap /etc/openldap/slapd.conf
+	chmod 0640 /etc/openldap/slapd.conf
+	chown root:ldap /etc/openldap/slapd.conf.default
+	chmod 0640 /etc/openldap/slapd.conf.default
+	chown ldap:ldap /var/lib/openldap-{data,ldbm,slurp}
+
+	# notes from bug #41297, bug #41039
+	ewarn "If you are upgrading from OpenLDAP 2.0, major changes have occured:"
+	ewarn "- bind_anon_dn is now disabled by default for security"
+	ewarn "  add 'allow bind_anon_dn' to your config for the old behavior."
+	ewarn "- Default schemas have changed, you should slapcat your entire DB to"
+	ewarn "  a file, delete your DB, and then slapadd it again. Alternatively"
+	ewarn "  you can try slapindex which should work in almost all cases. Be"
+	ewarn "  sure to check the permissions on the database files afterwards!"
+	if use ssl; then
+		ewarn "- Self-signed SSL certificates are treated harshly by OpenLDAP 2.1"
+		ewarn "  add 'TLS_REQCERT never' if you want to use them."
+	fi
+}