Skip to content

GitLab

Commit e66aa921 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Added support for TCP_WRAPPERS (ldapd code not tested, don't have isode here). 

Cleaned up LDAP_CRYPT support.
parent 412f44af
Show whitespace changes
Inline Side-by-side
Make-common
View file @ e66aa921
......@@ -198,10 +198,14 @@ LDAP_DEBUG=-DLDAP_DEBUG
# uncomment this line to enable support for LDAP referrals in libldap
LDAP_REFERRALS=-DLDAP_REFERRALS
# uncomment this line to enable support for CRYPT passwords in LDBM.
# Requires UNIX crypt(3), you may have to add -lcrypt (or whatever)
# to your PLATFORMLIBS (build/platform/your-platform)
# uncomment these lines to enable support for CRYPT passwords in LDBM.
#LDAP_CRYPT=-DLDAP_CRYPT
#LDAP_CRYPT_LIB=-lcrypt
# uncomment these lines to enable support fro tcp_wrappers in servers.
# Requires tcp_wrappers.
#LDAP_TCP_WRAPPERS=-DTCP_WRAPPERS -I/usr/local/include
#LDAP_TCP_WRAPPERS_LIB=-L/usr/local/lib -lwrap
# uncomment this line to use soundex for approximate matches in slapd.
# the default is to use the metaphone algorithm.
......
build/Make-append
View file @ e66aa921
......@@ -21,7 +21,7 @@
# DEFS are included in CFLAGS
DEFS = $(PLATFORMCFLAGS) $(LDAP_DEBUG) $(KERBEROS) $(AFSKERBEROS) \
$(UOFM) $(UOFA) $(NO_USERINTERFACE) $(CLDAP) $(NO_CACHE) \
$(LDAP_REFERRALS) $(LDAP_CRYPT) $(LDAP_DNS) $(STR_TRANSLATION) \
$(LDAP_REFERRALS) $(LDAP_DNS) $(STR_TRANSLATION) \
$(LIBLDAP_CHARSETS) $(LIBLDAP_DEF_CHARSET) \
$(SLAPD_BACKENDS) $(LDBMBACKEND) $(LDBMINCLUDE) $(PHONETIC)
......
build/platforms/freebsd-gcc/Make-platform
View file @ e66aa921
......@@ -15,5 +15,3 @@ CC = cc
PLATFORMCFLAGS= -Dfreebsd
# uncomment this line if using for LDAP_CRYPT
#PLATFORMLIBS= -lcrypt
build/platforms/linux-gcc/Make-platform
View file @ e66aa921
......@@ -16,5 +16,3 @@ RANLIB = "ranlib"
PLATFORMCFLAGS= -Dlinux
# uncomment this if -DLDAP_CRYPT is defined
#PLATFORMLIBS= -lcrypt
servers/ldapd/main.c
View file @ e66aa921
......@@ -42,6 +42,13 @@
#include <unistd.h>
#endif /* USE_SYSCONF */
#ifdef TCP_WRAPPERS
#include <tcpd.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;
#endif /* TCP_WRAPPERS */
void log_and_exit();
static set_socket();
static do_queries();
......@@ -393,10 +400,31 @@ char **argv;
hp = gethostbyaddr( (char *) &(from.sin_addr.s_addr),
sizeof(from.sin_addr.s_addr), AF_INET );
#ifdef TCP_WRAPPERS
if ( !hosts_ctl("ldapd", (hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), STRING_UNKNOWN ) {
Debug( LDAP_DEBUG_ARGS, "connection from %s (%s) denied.\n",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), 0 );
if ( dosyslog ) {
syslog( LOG_NOTICE, "connection from %s (%s) denied.",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ) );
}
close(ns);
continue;
}
#endif /* TCP_WRAPPERS */
Debug( LDAP_DEBUG_ARGS, "connection from %s (%s)\n",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), 0 );
if ( dosyslog ) {
syslog( LOG_INFO, "connection from %s (%s)",
(hp == NULL) ? "unknown" : hp->h_name,
......
servers/slapd/Make-template
View file @ e66aa921
......@@ -33,11 +33,11 @@ OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \
schema.o schemaparse.o monitor.o configinfo.o
INCLUDES= -I. -I$(HDIR) $(KRBINCLUDEFLAG)
DEFINES = $(DEFS) $(SERVERDEFS)
DEFINES = $(DEFS) $(LDAP_CRYPT) $(LDAP_TCP_WRAPPERS) $(SERVERDEFS)
CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) $(THREADS)
LDFLAGS = -L$(LDIR) $(KRBLIBFLAG)
LIBS = $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif $(THREADSLIB) \
$(LDBMLIB) $(ALIBS)
$(LDBMLIB) $(LDAP_CRYPT_LIB) $(LDAP_TCP_WRAPPERS_LIB) $(ALIBS)
all: FORCE
@if [ -z "$(MAKESLAPD)" ]; then \
......
servers/slapd/back-ldbm/Make-template
View file @ e66aa921
......@@ -27,9 +27,9 @@ OBJS = idl.o add.o search.o cache.o dbcache.o dn2id.o id2entry.o \
filterindex.o unbind.o kerberos.o close.o
INCLUDES= -I. -I.. -I$(HDIR) $(KRBINCLUDEFLAG)
DEFINES = $(DEFS) $(THREADS)
DEFINES = $(DEFS) $(LDAP_CRYPT) $(THREADS)
CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS)
LDFLAGS = -L$(LDIR) $(KRBLIBFLAG)
LDFLAGS = -L$(LDIR) $(KRBLIBFLAG) $(LDAP_CRYPT_LIB)
all: FORCE
-@echo "$(SLAPD_BACKENDS)" | grep LDAP_LDBM 2>&1 > /dev/null; \
......
servers/slapd/daemon.c
View file @ e66aa921
......@@ -30,6 +30,13 @@
#include <unistd.h>
#endif /* USE_SYSCONF */
#ifdef TCP_WRAPPERS
#include <tcpd.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;
#endif /* TCP_WRAPPERS */
extern Operation *op_add();
#ifndef SYSERRLIST_IN_STDIO
......@@ -177,6 +184,9 @@ slapd_daemon(
struct timeval *tvp;
int len, pid;
char *client_name;
char *client_addr;
FD_ZERO( &writefds );
FD_ZERO( &readfds );
FD_SET( tcps, &readfds );
......@@ -251,6 +261,7 @@ slapd_daemon(
Debug( LDAP_DEBUG_ANY,
"FIONBIO ioctl on %d failed\n", ns, 0, 0 );
}
c[ns].c_sb.sb_sd = ns;
Debug( LDAP_DEBUG_CONNS, "new connection on %d\n", ns,
0, 0 );
......@@ -258,43 +269,76 @@ slapd_daemon(
pthread_mutex_lock( &ops_mutex );
c[ns].c_connid = num_conns++;
pthread_mutex_unlock( &ops_mutex );
len = sizeof(from);
if ( getpeername( ns, (struct sockaddr *) &from, &len )
== 0 ) {
char *s;
#ifdef REVERSE_LOOKUP
client_addr = inet_ntoa( from.sin_addr );
#if defined(REVERSE_LOOKUP) || defined(TCP_WRAPPERS)
hp = gethostbyaddr( (char *)
&(from.sin_addr.s_addr),
sizeof(from.sin_addr.s_addr), AF_INET );
if(hp) {
client_name = hp->h_name;
/* normalize the domain */
for ( s = client_name; *s; s++ ) {
*s = TOLOWER( *s );
}
} else {
client_name = NULL;
}
#else
hp = NULL;
client_name = NULL;
#endif
} else {
client_name = NULL;;
client_addr = NULL;
}
#ifdef TCP_WRAPPERS
if(!hosts_ctl("slapd", client_name, client_addr,
STRING_UNKNOWN))
{
/* DENY ACCESS */
Statslog( LDAP_DEBUG_STATS,
"conn=%d fd=%d connection from %s (%s)\n",
c[ns].c_connid, ns, hp == NULL ? "unknown"
: hp->h_name, inet_ntoa( from.sin_addr ),
"conn=%d fd=%d connection from %s (%s) denied.\n",
c[ns].c_connid, ns,
client_name == NULL ? "unknown" : client_name,
client_addr == NULL ? "unknown" : client_addr,
0 );
close(ns);
pthread_mutex_unlock( &new_conn_mutex );
continue;
}
#endif /* TCP_WRAPPERS */
Statslog( LDAP_DEBUG_STATS,
"conn=%d fd=%d connection from %s (%s) accepted.\n",
c[ns].c_connid, ns,
client_name == NULL ? "unknown" : client_name,
client_addr == NULL ? "unknown" : client_addr,
0 );
if ( c[ns].c_addr != NULL ) {
free( c[ns].c_addr );
}
c[ns].c_addr = strdup( inet_ntoa(
from.sin_addr ) );
c[ns].c_addr = strdup( client_addr );
if ( c[ns].c_domain != NULL ) {
free( c[ns].c_domain );
}
c[ns].c_domain = strdup( hp == NULL ? "" :
hp->h_name );
/* normalize the domain */
for ( s = c[ns].c_domain; *s; s++ ) {
*s = TOLOWER( *s );
}
} else {
Statslog( LDAP_DEBUG_STATS,
"conn=%d fd=%d connection from unknown\n",
c[ns].c_connid, ns, 0, 0, 0 );
}
c[ns].c_domain = strdup( client_name == NULL
? "" : client_name );
pthread_mutex_lock( &c[ns].c_dnmutex );
if ( c[ns].c_dn != NULL ) {
free( c[ns].c_dn );
......
servers/slapd/tools/Make-template
View file @ e66aa921
......@@ -27,12 +27,12 @@ OBJS2 = ../config.o ../ch_malloc.o ../backend.o ../charray.o \
../schemaparse.o ../regex.o ../strdup.o
INCLUDES= -I. -I$(HDIR) $(EXINCLUDES)
DEFINES = $(DEFS) $(SERVERDEFS) $(THREADS)
DEFINES = $(DEFS) $(LDAP_CRYPT) $(SERVERDEFS) $(THREADS)
CFLAGS = $(INCLUDES) $(DEFINES) $(ACFLAGS)
LDFLAGS = -L$(LDIR) $(EXLDFLAGS)
LIBS = -lldif -lldap -llber -lldbm -lavl $(LDBMLIB) $(EXLIBS) $(ALIBS)
LIBS2 = -lldif -lldbm -lavl $(LDBMLIB) -llber $(KRBLIBFLAG) $(KRBLIBS) \
-llthread $(THREADSLIB) $(ALIBS)
-llthread $(THREADSLIB) $(ALIBS) $(LDAP_CRYPT_LIB)
all: build-edb2ldif ldif2index ldif2ldbm ldbmcat ldif2id2entry \
ldif2id2children centipede ldbmtest ldif
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment