- make nfs4 default for replicated selection configuration (bz579949).

- add simple bind authentication option (bz579951).
2010-04-07 03:31:22 +00:00 · 2010-04-07 03:31:22 +00:00 · dccdcf8330
commit dccdcf8330
parent 2b89682808
3 changed files with 158 additions and 1 deletions
--- a/autofs-5.0.5-add-simple-bind-auth.patch
+++ b/autofs-5.0.5-add-simple-bind-auth.patch
@ -0,0 +1,124 @@
+autofs-5.0.5 - add simple bind authentication
+
+From: James Y Knight <foom@fuhm.net>
+
+This patch adds the ability to do a simple bind against an LDAP server with
+the configured username and password.
+---
+
+ CHANGELOG                     |    1 +
+ include/lookup_ldap.h         |    1 +
+ modules/lookup_ldap.c         |   21 +++++++++++++--------
+ samples/autofs_ldap_auth.conf |   15 +++++++++------
+ 4 files changed, 24 insertions(+), 14 deletions(-)
+
+
+--- autofs-5.0.5.orig/CHANGELOG
+++ autofs-5.0.5/CHANGELOG
+@@ -27,6 +27,7 @@
+ - fix ampersand escape in auto.smb.
+ - add locality as valid ldap master map attribute.
+ - add locality as valid ldap master map attribute fix.
+- add simple bind authentication.
+ 
+ 03/09/2009 autofs-5.0.5
+ -----------------------
+--- autofs-5.0.5.orig/include/lookup_ldap.h
+++ autofs-5.0.5/include/lookup_ldap.h
+@@ -97,6 +97,7 @@ struct lookup_context {
+ #define LDAP_AUTH_NOTREQUIRED	0x0001
+ #define LDAP_AUTH_REQUIRED	0x0002
+ #define LDAP_AUTH_AUTODETECT	0x0004
+#define LDAP_AUTH_USESIMPLE	0x0008
+ 
+ /* lookup_ldap.c */
+ LDAP *init_ldap_connection(unsigned logopt, const char *uri, struct lookup_context *ctxt);
+--- autofs-5.0.5.orig/modules/lookup_ldap.c
+++ autofs-5.0.5/modules/lookup_ldap.c
+@@ -137,11 +137,13 @@ static void uris_mutex_unlock(struct loo
+ 	return;
+ }
+ 
+-int bind_ldap_anonymous(unsigned logopt, LDAP *ldap, const char *uri, struct lookup_context *ctxt)
+int bind_ldap_simple(unsigned logopt, LDAP *ldap, const char *uri, struct lookup_context *ctxt)
+ {
+ 	int rv;
+ 
+-	if (ctxt->version == 2)
+	if (ctxt->auth_required == LDAP_AUTH_USESIMPLE)
+		rv = ldap_simple_bind_s(ldap, ctxt->user, ctxt->secret);
+	else if (ctxt->version == 2)
+ 		rv = ldap_simple_bind_s(ldap, ctxt->base, NULL);
+ 	else
+ 		rv = ldap_simple_bind_s(ldap, NULL, NULL);
+@@ -517,12 +519,12 @@ static int do_bind(unsigned logopt, LDAP
+ 		rv = autofs_sasl_bind(logopt, ldap, ctxt);
+ 		debug(logopt, MODPREFIX "autofs_sasl_bind returned %d", rv);
+ 	} else {
+-		rv = bind_ldap_anonymous(logopt, ldap, uri, ctxt);
+-		debug(logopt, MODPREFIX "ldap anonymous bind returned %d", rv);
+		rv = bind_ldap_simple(logopt, ldap, uri, ctxt);
+		debug(logopt, MODPREFIX "ldap simple bind returned %d", rv);
+ 	}
+ #else
+-	rv = bind_ldap_anonymous(logopt, ldap, uri, ctxt);
+-	debug(logopt, MODPREFIX "ldap anonymous bind returned %d", rv);
+	rv = bind_ldap_simple(logopt, ldap, uri, ctxt);
+	debug(logopt, MODPREFIX "ldap simple bind returned %d", rv);
+ #endif
+ 
+ 	if (rv != 0)
+@@ -971,11 +973,13 @@ int parse_ldap_config(unsigned logopt, s
+ 			auth_required = LDAP_AUTH_NOTREQUIRED;
+ 		else if (!strcasecmp(authrequired, "autodetect"))
+ 			auth_required = LDAP_AUTH_AUTODETECT;
+		else if (!strcasecmp(authrequired, "simple"))
+			auth_required = LDAP_AUTH_USESIMPLE;
+ 		else {
+ 			error(logopt,
+ 			      MODPREFIX
+ 			      "The authrequired property must have value "
+-			      "\"yes\", \"no\" or \"autodetect\".");
+			      "\"yes\", \"no\", \"autodetect\", or \"simple\".");
+ 			ret = -1;
+ 			goto out;
+ 		}
+@@ -991,7 +995,8 @@ int parse_ldap_config(unsigned logopt, s
+ 		goto out;
+ 	}
+ 
+-	if (authtype && authtype_requires_creds(authtype)) {
+	if (auth_required == LDAP_AUTH_USESIMPLE ||
+	   (authtype && authtype_requires_creds(authtype))) {
+ 		ret = get_property(logopt, root, "user",  &user);
+ 		ret |= get_property(logopt, root, "secret", &secret);
+ 		if (ret != 0 || (!user || !secret)) {
+--- autofs-5.0.5.orig/samples/autofs_ldap_auth.conf
+++ autofs-5.0.5/samples/autofs_ldap_auth.conf
+@@ -17,17 +17,20 @@ tlsrequired  -  This flag tells whether 
+ 
+ authrequired  -  This option tells whether an authenticated connection to
+ 	    the ldap server is required in order to perform ldap queries.
+-	    If this flag is set to yes, then only authenticated connections
+	    If the flag is set to yes, only sasl authenticated connections
+ 	    will be allowed. If it is set to no then authentication is not
+-	    needed for ldap server connections. Finally, if it is set to
+-	    autodetect then the ldap server will be queried to establish
+-	    a suitable authentication mechanism. If no suitable mechanism
+-	    can be found, connections to the ldap server are made without
+-	    authentication.
+	    needed for ldap server connections. If it is set to autodetect
+	    then the ldap server will be queried to establish a suitable
+	    sasl authentication mechanism. If no suitable mechanism can be
+	    found, connections to the ldap server are made without
+	    authentication. Finally, if it is set to simple, then simple
+	    authentication will be used instead of SASL.
+
+ 	    Legal values for this option include:
+ 	    "yes"
+ 	    "no"
+ 	    "autodetect"
+	    "simple"
+ 
+ authtype  -  This attribute can be used to specify a preferred
+ 	    authentication mechanism.  In normal operations, the
--- a/autofs-5.0.5-make-nfs4-default-for-redhat-replicated-selection.patch
+++ b/autofs-5.0.5-make-nfs4-default-for-redhat-replicated-selection.patch
@ -0,0 +1,25 @@
+autofs-5.0.5 - make nfs4 default for RedHat replicated selection configuration
+
+From: Ian Kent <raven@themaw.net>
+
+We know for sure that RHEL-6 and later is set to mount NFSv4 as default and
+fall back to earlier NFS versions if it can't mount as NFSv4. So set our
+default for replicated mount probing to start at NFSv4 instead of v3.
+---
+
+ redhat/autofs.sysconfig.in |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+
+diff --git a/redhat/autofs.sysconfig.in b/redhat/autofs.sysconfig.in
+index c72cd2b..a46335d 100644
+--- a/redhat/autofs.sysconfig.in
+++ b/redhat/autofs.sysconfig.in
+@@ -40,6 +40,7 @@ BROWSE_MODE="no"
+ # 			       used for single host map entries.
+ #
+ #MOUNT_NFS_DEFAULT_PROTOCOL=3
+MOUNT_NFS_DEFAULT_PROTOCOL=4
+ #
+ # APPEND_OPTIONS - append to global options instead of replace.
+ #
--- a/autofs.spec
+++ b/autofs.spec
@ -4,7 +4,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.0.5
-Release: 24%{?dist}
+Release: 25%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: System Environment/Daemons
@ -37,6 +37,8 @@ Patch24: autofs-5.0.5-fix-get-qdn-fail.patch
 Patch25: autofs-5.0.5-fix-ampersand-escape-in-auto-smb.patch
 Patch26: autofs-5.0.5-add-locality-as-valid-ldap-master-map-attribute.patch
 Patch27: autofs-5.0.5-add-locality-as-valid-ldap-master-map-attribute-fix.patch
+Patch28: autofs-5.0.5-make-nfs4-default-for-redhat-replicated-selection.patch
+Patch29: autofs-5.0.5-add-simple-bind-auth.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf, hesiod-devel, openldap-devel, bison, flex, libxml2-devel, cyrus-sasl-devel, openssl-devel module-init-tools util-linux nfs-utils e2fsprogs libtirpc-devel
 Conflicts: cyrus-sasl-lib < 2.1.23-9
@ -106,6 +108,8 @@ echo %{version}-%{release} > .version
 %patch25 -p1
 %patch26 -p1
 %patch27 -p1
+%patch28 -p1
+%patch29 -p1

 %build
 #CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%{_libdir}
@ -158,6 +162,10 @@ fi
 %{_libdir}/autofs/

 %changelog
+* Wed Apr 7 2010 Ian Kent <ikent@redhat.com> - 1:5.0.5-25.fc14
+- make nfs4 default for replicated selection configuration (bz579949).
+- add simple bind authentication option (bz579951).
+
 * Fri Mar 26 2010 Ian Kent <ikent@redhat.com> - 1:5.0.5-24.fc14
 - fix add locality as valid ldap master map attribute (bz575863).