Commit e66aa921 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Added support for TCP_WRAPPERS (ldapd code not tested, don't have isode here).

Cleaned up LDAP_CRYPT support.
parent 412f44af
...@@ -198,10 +198,14 @@ LDAP_DEBUG=-DLDAP_DEBUG ...@@ -198,10 +198,14 @@ LDAP_DEBUG=-DLDAP_DEBUG
# uncomment this line to enable support for LDAP referrals in libldap # uncomment this line to enable support for LDAP referrals in libldap
LDAP_REFERRALS=-DLDAP_REFERRALS LDAP_REFERRALS=-DLDAP_REFERRALS
# uncomment this line to enable support for CRYPT passwords in LDBM. # uncomment these lines to enable support for CRYPT passwords in LDBM.
# Requires UNIX crypt(3), you may have to add -lcrypt (or whatever)
# to your PLATFORMLIBS (build/platform/your-platform)
#LDAP_CRYPT=-DLDAP_CRYPT #LDAP_CRYPT=-DLDAP_CRYPT
#LDAP_CRYPT_LIB=-lcrypt
# uncomment these lines to enable support fro tcp_wrappers in servers.
# Requires tcp_wrappers.
#LDAP_TCP_WRAPPERS=-DTCP_WRAPPERS -I/usr/local/include
#LDAP_TCP_WRAPPERS_LIB=-L/usr/local/lib -lwrap
# uncomment this line to use soundex for approximate matches in slapd. # uncomment this line to use soundex for approximate matches in slapd.
# the default is to use the metaphone algorithm. # the default is to use the metaphone algorithm.
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
# DEFS are included in CFLAGS # DEFS are included in CFLAGS
DEFS = $(PLATFORMCFLAGS) $(LDAP_DEBUG) $(KERBEROS) $(AFSKERBEROS) \ DEFS = $(PLATFORMCFLAGS) $(LDAP_DEBUG) $(KERBEROS) $(AFSKERBEROS) \
$(UOFM) $(UOFA) $(NO_USERINTERFACE) $(CLDAP) $(NO_CACHE) \ $(UOFM) $(UOFA) $(NO_USERINTERFACE) $(CLDAP) $(NO_CACHE) \
$(LDAP_REFERRALS) $(LDAP_CRYPT) $(LDAP_DNS) $(STR_TRANSLATION) \ $(LDAP_REFERRALS) $(LDAP_DNS) $(STR_TRANSLATION) \
$(LIBLDAP_CHARSETS) $(LIBLDAP_DEF_CHARSET) \ $(LIBLDAP_CHARSETS) $(LIBLDAP_DEF_CHARSET) \
$(SLAPD_BACKENDS) $(LDBMBACKEND) $(LDBMINCLUDE) $(PHONETIC) $(SLAPD_BACKENDS) $(LDBMBACKEND) $(LDBMINCLUDE) $(PHONETIC)
......
...@@ -15,5 +15,3 @@ CC = cc ...@@ -15,5 +15,3 @@ CC = cc
PLATFORMCFLAGS= -Dfreebsd PLATFORMCFLAGS= -Dfreebsd
# uncomment this line if using for LDAP_CRYPT
#PLATFORMLIBS= -lcrypt
...@@ -16,5 +16,3 @@ RANLIB = "ranlib" ...@@ -16,5 +16,3 @@ RANLIB = "ranlib"
PLATFORMCFLAGS= -Dlinux PLATFORMCFLAGS= -Dlinux
# uncomment this if -DLDAP_CRYPT is defined
#PLATFORMLIBS= -lcrypt
...@@ -42,6 +42,13 @@ ...@@ -42,6 +42,13 @@
#include <unistd.h> #include <unistd.h>
#endif /* USE_SYSCONF */ #endif /* USE_SYSCONF */
#ifdef TCP_WRAPPERS
#include <tcpd.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;
#endif /* TCP_WRAPPERS */
void log_and_exit(); void log_and_exit();
static set_socket(); static set_socket();
static do_queries(); static do_queries();
...@@ -393,10 +400,31 @@ char **argv; ...@@ -393,10 +400,31 @@ char **argv;
hp = gethostbyaddr( (char *) &(from.sin_addr.s_addr), hp = gethostbyaddr( (char *) &(from.sin_addr.s_addr),
sizeof(from.sin_addr.s_addr), AF_INET ); sizeof(from.sin_addr.s_addr), AF_INET );
#ifdef TCP_WRAPPERS
if ( !hosts_ctl("ldapd", (hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), STRING_UNKNOWN ) {
Debug( LDAP_DEBUG_ARGS, "connection from %s (%s) denied.\n",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), 0 );
if ( dosyslog ) {
syslog( LOG_NOTICE, "connection from %s (%s) denied.",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ) );
}
close(ns);
continue;
}
#endif /* TCP_WRAPPERS */
Debug( LDAP_DEBUG_ARGS, "connection from %s (%s)\n", Debug( LDAP_DEBUG_ARGS, "connection from %s (%s)\n",
(hp == NULL) ? "unknown" : hp->h_name, (hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), 0 ); inet_ntoa( from.sin_addr ), 0 );
if ( dosyslog ) { if ( dosyslog ) {
syslog( LOG_INFO, "connection from %s (%s)", syslog( LOG_INFO, "connection from %s (%s)",
(hp == NULL) ? "unknown" : hp->h_name, (hp == NULL) ? "unknown" : hp->h_name,
......
...@@ -33,11 +33,11 @@ OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \ ...@@ -33,11 +33,11 @@ OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \
schema.o schemaparse.o monitor.o configinfo.o schema.o schemaparse.o monitor.o configinfo.o
INCLUDES= -I. -I$(HDIR) $(KRBINCLUDEFLAG) INCLUDES= -I. -I$(HDIR) $(KRBINCLUDEFLAG)
DEFINES = $(DEFS) $(SERVERDEFS) DEFINES = $(DEFS) $(LDAP_CRYPT) $(LDAP_TCP_WRAPPERS) $(SERVERDEFS)
CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) $(THREADS) CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) $(THREADS)
LDFLAGS = -L$(LDIR) $(KRBLIBFLAG) LDFLAGS = -L$(LDIR) $(KRBLIBFLAG)
LIBS = $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif $(THREADSLIB) \ LIBS = $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif $(THREADSLIB) \
$(LDBMLIB) $(ALIBS) $(LDBMLIB) $(LDAP_CRYPT_LIB) $(LDAP_TCP_WRAPPERS_LIB) $(ALIBS)
all: FORCE all: FORCE
@if [ -z "$(MAKESLAPD)" ]; then \ @if [ -z "$(MAKESLAPD)" ]; then \
......
...@@ -27,9 +27,9 @@ OBJS = idl.o add.o search.o cache.o dbcache.o dn2id.o id2entry.o \ ...@@ -27,9 +27,9 @@ OBJS = idl.o add.o search.o cache.o dbcache.o dn2id.o id2entry.o \
filterindex.o unbind.o kerberos.o close.o filterindex.o unbind.o kerberos.o close.o
INCLUDES= -I. -I.. -I$(HDIR) $(KRBINCLUDEFLAG) INCLUDES= -I. -I.. -I$(HDIR) $(KRBINCLUDEFLAG)
DEFINES = $(DEFS) $(THREADS) DEFINES = $(DEFS) $(LDAP_CRYPT) $(THREADS)
CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS)
LDFLAGS = -L$(LDIR) $(KRBLIBFLAG) LDFLAGS = -L$(LDIR) $(KRBLIBFLAG) $(LDAP_CRYPT_LIB)
all: FORCE all: FORCE
-@echo "$(SLAPD_BACKENDS)" | grep LDAP_LDBM 2>&1 > /dev/null; \ -@echo "$(SLAPD_BACKENDS)" | grep LDAP_LDBM 2>&1 > /dev/null; \
......
...@@ -30,6 +30,13 @@ ...@@ -30,6 +30,13 @@
#include <unistd.h> #include <unistd.h>
#endif /* USE_SYSCONF */ #endif /* USE_SYSCONF */
#ifdef TCP_WRAPPERS
#include <tcpd.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;
#endif /* TCP_WRAPPERS */
extern Operation *op_add(); extern Operation *op_add();
#ifndef SYSERRLIST_IN_STDIO #ifndef SYSERRLIST_IN_STDIO
...@@ -177,6 +184,9 @@ slapd_daemon( ...@@ -177,6 +184,9 @@ slapd_daemon(
struct timeval *tvp; struct timeval *tvp;
int len, pid; int len, pid;
char *client_name;
char *client_addr;
FD_ZERO( &writefds ); FD_ZERO( &writefds );
FD_ZERO( &readfds ); FD_ZERO( &readfds );
FD_SET( tcps, &readfds ); FD_SET( tcps, &readfds );
...@@ -251,6 +261,7 @@ slapd_daemon( ...@@ -251,6 +261,7 @@ slapd_daemon(
Debug( LDAP_DEBUG_ANY, Debug( LDAP_DEBUG_ANY,
"FIONBIO ioctl on %d failed\n", ns, 0, 0 ); "FIONBIO ioctl on %d failed\n", ns, 0, 0 );
} }
c[ns].c_sb.sb_sd = ns; c[ns].c_sb.sb_sd = ns;
Debug( LDAP_DEBUG_CONNS, "new connection on %d\n", ns, Debug( LDAP_DEBUG_CONNS, "new connection on %d\n", ns,
0, 0 ); 0, 0 );
...@@ -258,43 +269,76 @@ slapd_daemon( ...@@ -258,43 +269,76 @@ slapd_daemon(
pthread_mutex_lock( &ops_mutex ); pthread_mutex_lock( &ops_mutex );
c[ns].c_connid = num_conns++; c[ns].c_connid = num_conns++;
pthread_mutex_unlock( &ops_mutex ); pthread_mutex_unlock( &ops_mutex );
len = sizeof(from); len = sizeof(from);
if ( getpeername( ns, (struct sockaddr *) &from, &len ) if ( getpeername( ns, (struct sockaddr *) &from, &len )
== 0 ) { == 0 ) {
char *s; char *s;
#ifdef REVERSE_LOOKUP client_addr = inet_ntoa( from.sin_addr );
#if defined(REVERSE_LOOKUP) || defined(TCP_WRAPPERS)
hp = gethostbyaddr( (char *) hp = gethostbyaddr( (char *)
&(from.sin_addr.s_addr), &(from.sin_addr.s_addr),
sizeof(from.sin_addr.s_addr), AF_INET ); sizeof(from.sin_addr.s_addr), AF_INET );
#else
hp = NULL;
#endif
Statslog( LDAP_DEBUG_STATS, if(hp) {
"conn=%d fd=%d connection from %s (%s)\n", client_name = hp->h_name;
c[ns].c_connid, ns, hp == NULL ? "unknown"
: hp->h_name, inet_ntoa( from.sin_addr ),
0 );
if ( c[ns].c_addr != NULL ) { /* normalize the domain */
free( c[ns].c_addr ); for ( s = client_name; *s; s++ ) {
} *s = TOLOWER( *s );
c[ns].c_addr = strdup( inet_ntoa( }
from.sin_addr ) );
if ( c[ns].c_domain != NULL ) { } else {
free( c[ns].c_domain ); client_name = NULL;
}
c[ns].c_domain = strdup( hp == NULL ? "" :
hp->h_name );
/* normalize the domain */
for ( s = c[ns].c_domain; *s; s++ ) {
*s = TOLOWER( *s );
} }
#else
client_name = NULL;
#endif
} else { } else {
client_name = NULL;;
client_addr = NULL;
}
#ifdef TCP_WRAPPERS
if(!hosts_ctl("slapd", client_name, client_addr,
STRING_UNKNOWN))
{
/* DENY ACCESS */
Statslog( LDAP_DEBUG_STATS, Statslog( LDAP_DEBUG_STATS,
"conn=%d fd=%d connection from unknown\n", "conn=%d fd=%d connection from %s (%s) denied.\n",
c[ns].c_connid, ns, 0, 0, 0 ); c[ns].c_connid, ns,
client_name == NULL ? "unknown" : client_name,
client_addr == NULL ? "unknown" : client_addr,
0 );
close(ns);
pthread_mutex_unlock( &new_conn_mutex );
continue;
} }
#endif /* TCP_WRAPPERS */
Statslog( LDAP_DEBUG_STATS,
"conn=%d fd=%d connection from %s (%s) accepted.\n",
c[ns].c_connid, ns,
client_name == NULL ? "unknown" : client_name,
client_addr == NULL ? "unknown" : client_addr,
0 );
if ( c[ns].c_addr != NULL ) {
free( c[ns].c_addr );
}
c[ns].c_addr = strdup( client_addr );
if ( c[ns].c_domain != NULL ) {
free( c[ns].c_domain );
}
c[ns].c_domain = strdup( client_name == NULL
? "" : client_name );
pthread_mutex_lock( &c[ns].c_dnmutex ); pthread_mutex_lock( &c[ns].c_dnmutex );
if ( c[ns].c_dn != NULL ) { if ( c[ns].c_dn != NULL ) {
free( c[ns].c_dn ); free( c[ns].c_dn );
......
...@@ -27,12 +27,12 @@ OBJS2 = ../config.o ../ch_malloc.o ../backend.o ../charray.o \ ...@@ -27,12 +27,12 @@ OBJS2 = ../config.o ../ch_malloc.o ../backend.o ../charray.o \
../schemaparse.o ../regex.o ../strdup.o ../schemaparse.o ../regex.o ../strdup.o
INCLUDES= -I. -I$(HDIR) $(EXINCLUDES) INCLUDES= -I. -I$(HDIR) $(EXINCLUDES)
DEFINES = $(DEFS) $(SERVERDEFS) $(THREADS) DEFINES = $(DEFS) $(LDAP_CRYPT) $(SERVERDEFS) $(THREADS)
CFLAGS = $(INCLUDES) $(DEFINES) $(ACFLAGS) CFLAGS = $(INCLUDES) $(DEFINES) $(ACFLAGS)
LDFLAGS = -L$(LDIR) $(EXLDFLAGS) LDFLAGS = -L$(LDIR) $(EXLDFLAGS)
LIBS = -lldif -lldap -llber -lldbm -lavl $(LDBMLIB) $(EXLIBS) $(ALIBS) LIBS = -lldif -lldap -llber -lldbm -lavl $(LDBMLIB) $(EXLIBS) $(ALIBS)
LIBS2 = -lldif -lldbm -lavl $(LDBMLIB) -llber $(KRBLIBFLAG) $(KRBLIBS) \ LIBS2 = -lldif -lldbm -lavl $(LDBMLIB) -llber $(KRBLIBFLAG) $(KRBLIBS) \
-llthread $(THREADSLIB) $(ALIBS) -llthread $(THREADSLIB) $(ALIBS) $(LDAP_CRYPT_LIB)
all: build-edb2ldif ldif2index ldif2ldbm ldbmcat ldif2id2entry \ all: build-edb2ldif ldif2index ldif2ldbm ldbmcat ldif2id2entry \
ldif2id2children centipede ldbmtest ldif ldif2id2children centipede ldbmtest ldif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment