diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2009-05-24 21:00:10 +0000 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2009-05-24 21:00:10 +0000 |
| commit | 8b88aa01f9ac9322917afe62cd824329202fd9c9 (patch) | |
| tree | 9bbf8ad206449d593007897bcaae23e74ae882b6 /net-nds/nsscache/files | |
| parent | stable sparc, security bug 270671 (diff) | |
| download | historical-8b88aa01f9ac9322917afe62cd824329202fd9c9.tar.gz historical-8b88aa01f9ac9322917afe62cd824329202fd9c9.tar.bz2 historical-8b88aa01f9ac9322917afe62cd824329202fd9c9.zip | |
Fix to offer new option for STARTTLS if required, as needed by Gentoo infrastructure.
Package-Manager: portage-2.2_rc33/cvs/Linux x86_64
Diffstat (limited to 'net-nds/nsscache/files')
| -rw-r--r-- | net-nds/nsscache/files/nsscache-0.8.3-starttls.patch | 44 | ||||
| -rw-r--r-- | net-nds/nsscache/files/nsscache.conf | 2 |
2 files changed, 46 insertions, 0 deletions
diff --git a/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch b/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch new file mode 100644 index 000000000000..c345c958f137 --- /dev/null +++ b/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch @@ -0,0 +1,44 @@ +Some LDAP configurations require STARTTLS, like the Gentoo infrastructure one. +Add a new configuration file to do it. + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> + +diff -Nuar ../nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py ../nsscache-0.8.3/nss_cache/sources/ldapsource.py +--- ../nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py 2008-09-08 18:31:58.000000000 -0700 ++++ ../nsscache-0.8.3/nss_cache/sources/ldapsource.py 2009-05-24 13:56:14.009240803 -0700 +@@ -76,6 +76,8 @@ + self.conn = rlo(uri=conf['uri'], + retry_max=conf['retry_max'], + retry_delay=conf['retry_delay']) ++ if configuration['ldap_tls_starttls'] == 1: ++ self.conn.start_tls_s() + else: + self.conn = conn + +@@ -120,6 +122,13 @@ + elif configuration['tls_require_cert'] == 'try': + configuration['tls_require_cert'] = ldap.OPT_X_TLS_TRY + ++ # Should we issue STARTTLS? ++ if configuration['ldap_tls_starttls'] in (1, '1', 'on', 'yes', 'true'): ++ configuration['ldap_tls_starttls'] = 1 ++ #if not configuration['ldap_tls_starttls']: ++ else: ++ configuration['ldap_tls_starttls'] = 0 ++ + # Setting global ldap defaults. + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, + configuration['tls_require_cert']) +diff -Nuar ../nsscache-0.8.3.orig/nsscache.conf ../nsscache-0.8.3/nsscache.conf +--- ../nsscache-0.8.3.orig/nsscache.conf 2008-09-08 18:31:58.000000000 -0700 ++++ ../nsscache-0.8.3/nsscache.conf 2009-05-24 13:56:18.182858446 -0700 +@@ -70,6 +70,9 @@ + # Default filename for trusted CAs + #ldap_tls_cacertfile = '/usr/share/ssl/cert.pem' + ++# Should we issue STARTTLS? ++# ldap_tls_starttls = 1 ++ + + ## + # nssdb module defaults diff --git a/net-nds/nsscache/files/nsscache.conf b/net-nds/nsscache/files/nsscache.conf index 5f54fe8353d1..c17f4a2df9c8 100644 --- a/net-nds/nsscache/files/nsscache.conf +++ b/net-nds/nsscache/files/nsscache.conf @@ -70,6 +70,8 @@ ldap_filter = (objectclass=posixAccount) # Default filename for trusted CAs #ldap_tls_cacertfile = '/usr/share/ssl/cert.pem' +# Should we issue STARTTLS? +# ldap_tls_starttls = 1 ## # nssdb module defaults |