auto-import changelog data from openldap-2.2.13-2.src.rpm

* Thu Aug 19 2004 Nalin Dahyabhai <nalin@redhat.com> 2.2.13-2
- build a separate, static set of libraries for openldap-devel with the
  non-standard ntlm bind patch applied, for use by the evolution-connector
  package (#125579), and installing them under
  %{evolution_connector_prefix} (/usr/lib/evolution-openldap)
- provide openldap-evolution-devel = %{version}-%{release} in openldap-devel
  so that evolution-connector's source package can require a version of
  openldap-devel which provides what it wants

* Mon Jul 26 2004 Nalin Dahyabhai <nalin@redhat.com>
- update administrator guide
This commit is contained in:
cvsdist 2004-09-09 09:43:01 +00:00
parent 19aca62b12
commit 37375b1703
4 changed files with 721 additions and 293 deletions

22
README.evolution Normal file
View File

@ -0,0 +1,22 @@
These files are here specifically for use in building the evolution-connector
package.
In order to authenticate to older servers, an LDAP client must perform an
ntlm_bind operation instead of a simple or SASL bind. The ntlm_bind is not the
same thing as performing SASL authentication using NTLM as the mechanism, which
wouldn't require any patching. Newer servers properly support DIGEST-MD5, so
this requirement only applies to clients which want to authenticate to older
servers, and this requirement will hopefully go away at some point.
Because the changes involved both modify the libldap ABI and add
non-standardized messages to the protocol, changed libraries are built
statically and stashed in a directory where they will not be found by a
compiler using the default search paths.
The openldap-devel package provides "openldap-evolution-devel" if it includes a
patched version of these libraries in such a directory. Packages which depend
on these libraries should BuildRequire this virtual provision so that they
don't fail to compile or get miscompiled if the libraries are not present.
If/when the evolution-connector package stops requiring these changes, the
changed libraries will simply disappear.

File diff suppressed because it is too large Load Diff

199
openldap-ntlm.diff Normal file
View File

@ -0,0 +1,199 @@
(Note that this patch is not useful on its own... it just adds some
hooks to work with the LDAP authentication process at a lower level
than the API otherwise allows. The code that calls these hooks and
actually drives the NTLM authentication process is in
lib/e2k-global-catalog.c, and the code that actually implements the
NTLM algorithms is in xntlm/.)
This is a patch against OpenLDAP 2.2.6. Apply with -p0
--- include/ldap.h.orig 2004-01-01 13:16:28.000000000 -0500
+++ include/ldap.h 2004-07-14 11:58:49.000000000 -0400
@@ -1753,5 +1753,26 @@
LDAPControl **cctrls ));
+/*
+ * hacks for NTLM
+ */
+#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
+#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
+LDAP_F( int )
+ldap_ntlm_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+LDAP_F( int )
+ldap_parse_ntlm_bind_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge));
+
+
LDAP_END_DECL
#endif /* _LDAP_H */
--- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500
+++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400
@@ -20,7 +20,7 @@
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
- sasl.c sbind.c kbind.c unbind.c cancel.c \
+ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c sortctrl.c vlvctrl.c \
@@ -29,7 +29,7 @@
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
--- /dev/null 2004-06-30 15:04:37.000000000 -0400
+++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400
@@ -0,0 +1,137 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
+/*
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+/* Mostly copied from sasl.c */
+
+#include "portable.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+
+#include "ldap-int.h"
+
+int
+ldap_ntlm_bind(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ if( msgidp == NULL ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ assert( LBER_VALID( ber ) );
+
+ LDAP_NEXT_MSGID( ld, id );
+ rc = ber_printf( ber, "{it{istON}" /*}*/,
+ id, LDAP_REQ_BIND,
+ ld->ld_version, dn, tag,
+ cred );
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
+
+ if(*msgidp < 0)
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_parse_ntlm_bind_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge)
+{
+ ber_int_t errcode;
+ ber_tag_t tag;
+ BerElement *ber;
+ ber_len_t len;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+
+ if ( ld == NULL || res == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ if( res->lm_msgtype != LDAP_RES_BIND ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ if ( ld->ld_matched ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ /* parse results */
+
+ ber = ber_dup( res->lm_ber );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ tag = ber_scanf( ber, "{ioa" /*}*/,
+ &errcode, challenge, &ld->ld_error );
+ ber_free( ber, 0 );
+
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ ld->ld_errno = errcode;
+
+ return( ld->ld_errno );
+}

View File

@ -4,17 +4,21 @@
%define ldbm_backend berkeley
%define version_20 2.0.27
%define version_21 2.1.30
# For Fedora, we want 2.1 compatibility. For RHEL or RHL9, we want 2.0.
%define version_22 2.2.13
%define evolution_connector_prefix %{_libdir}/evolution-openldap
%define evolution_connector_includedir %{evolution_connector_prefix}/include
%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
# For Fedora, we want 2.1 compatibility. For RHEL or RHL9, we may want 2.0.
%define compat_version %{version_21}
%define nptl_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 x86_64
Summary: The configuration files, libraries, and documentation for OpenLDAP.
Name: openldap
Version: 2.2.13
Release: 1
Version: %{version_22}
Release: 2
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_22}.tgz
Source1: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_20}.tgz
Source2: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_21}.tgz
Source3: ftp://ftp.OpenLDAP.org/pub/tools/autoconf-2.13.1.tar.gz
@ -28,6 +32,7 @@ Source10: autofs.schema
Source11: README.upgrading
Source12: http://www.OpenLDAP.org/doc/admin/guide.html
Source13: nptl-abi-note.S
Source14: README.evolution
Patch0: openldap-2.2.13-config.patch
Patch2: openldap-1.2.11-cldap.patch
Patch3: openldap-2.1.17-syslog.patch
@ -46,8 +51,9 @@ Patch24: MigrationTools-26-suffix.patch
Patch25: MigrationTools-44-schema.patch
Patch30: http://www.sleepycat.com/update/4.2.52/patch.4.2.52.1
Patch31: http://www.sleepycat.com/update/4.2.52/patch.4.2.52.2
Patch40: openldap-ntlm.diff
URL: http://www.openldap.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRoot: %{_tmppath}/%{name}-%{version_22}-root
BuildPreReq: cyrus-sasl-devel >= 2.1, gdbm-devel, libtool >= 1.5.6-2, krb5-devel
BuildPreReq: openssl-devel, pam-devel, perl, pkgconfig, tcp_wrappers,
BuildPreReq: unixODBC-devel
@ -65,7 +71,8 @@ libraries, and documentation for OpenLDAP.
%package devel
Summary: OpenLDAP development libraries and header files.
Group: Development/Libraries
Requires: openldap = %{version}-%{release}, cyrus-sasl-devel >= 2.1
Requires: openldap = %{version_22}-%{release}, cyrus-sasl-devel >= 2.1
Provides: openldap-evolution-devel = %{version_22}-%{release}
%description devel
The openldap-devel package includes the development libraries and
@ -77,7 +84,7 @@ customized LDAP clients.
%package servers
Summary: OpenLDAP servers and related files.
Prereq: fileutils, make, openldap = %{version}-%{release}, openssl, /usr/sbin/useradd, /sbin/chkconfig
Prereq: fileutils, make, openldap = %{version_22}-%{release}, openssl, /usr/sbin/useradd, /sbin/chkconfig
Group: System Environment/Daemons
%description servers
@ -91,7 +98,7 @@ migration scripts, and related files.
%package servers-sql
Summary: OpenLDAP server SQL support module.
Prereq: openldap-servers = %{version}-%{release}
Prereq: openldap-servers = %{version_22}-%{release}
Group: System Environment/Daemons
%description servers-sql
@ -105,7 +112,7 @@ slapd server can use to read data from an RDBMS.
%package clients
Summary: Client programs for OpenLDAP.
Prereq: openldap = %{version}-%{release}
Prereq: openldap = %{version_22}-%{release}
Group: Applications/Internet
%description clients
@ -118,11 +125,11 @@ over the Internet. The openldap-clients package contains the client
programs needed for accessing and modifying OpenLDAP directories.
# Declare this subpackage LAST. This version tag redefines %%{version}, so
# any future use in a Requires: tag would reference the wrong version.
# any future use would reference the wrong version.
%package -n compat-openldap
Summary: OpenLDAP compatibility shared libraries.
Group: System Environment/Libraries
Requires: openldap = %{version}-%{release}, cyrus-sasl >= 2.1
Requires: openldap = %{version_22}-%{release}, cyrus-sasl >= 2.1
Version: %{compat_version}
%description -n compat-openldap
@ -132,8 +139,9 @@ includes older versions of the OpenLDAP shared libraries which may be
required by some applications.
%prep
%setup -q -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 8
%setup -q -c -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 8
pushd openldap-%{version_22}
%patch0 -p1 -b .config
%patch2 -p1 -b .cldap
%patch3 -p1 -b .syslog
@ -142,6 +150,17 @@ required by some applications.
%patch6 -p1 -b .pie
%patch7 -p1 -b .toollinks
%patch8 -p1 -b .nosql
cp %{_datadir}/libtool/config.{sub,guess} build/
popd
# Set up a build tree for a static version of libldap with the hooks for the
# non-standard NTLM bind type which is needed to connect to Win2k GC servers
# (Win2k3 supports SASL with DIGEST-MD5, so this shouldn't be needed for those
# servers, though as of version 1.4 the connector doesn't try SASL first).
cp -a openldap-%{version_22} evo-openldap-%{version_22}
pushd evo-openldap-%{version_22}
%patch40 -p0 -b .evolution-ntlm
popd
pushd db-%{db_version_40}
%patch12 -p1 -b .disable-mutex
@ -178,12 +197,12 @@ pushd openldap-%{version_21}
done
popd
pushd openldap-%{version_22}
for subdir in build-servers build-clients ; do
mkdir $subdir
ln -s ../configure $subdir
done
cp %{_datadir}/libtool/config.{sub,guess} build/
popd
autodir=`pwd`/auto-instroot
pushd autoconf-2.13.1
@ -331,6 +350,7 @@ pushd openldap-%{version_21}/build-servers
LIBS=-lpthread; export LIBS
%configure \
--disable-shared \
--disable-dynamic \
--without-cyrus-sasl \
--without-kerberos \
--without-threads \
@ -348,7 +368,7 @@ popd
pushd openldap-%{compat_version}/build-compat
%configure \
--disable-slapd --disable-slurpd \
--with-threads=posix --enable-static --enable-dynamic \
--with-threads=posix --disable-static --enable-shared --enable-dynamic \
--enable-local --enable-rlookups --with-tls --with-cyrus-sasl \
--without-kerberos
make %{_smp_mflags}
@ -358,7 +378,7 @@ popd
build() {
%configure \
--disable-slapd --disable-slurpd \
--with-threads=posix --enable-static --enable-dynamic \
--with-threads=posix --enable-static --enable-shared --enable-dynamic \
\
--enable-local --enable-rlookups \
\
@ -382,7 +402,7 @@ make %{_smp_mflags} LIBTOOL="$libtool"
# Build the servers with Kerberos support (for password checking, mainly).
LIBS=-lpthread; export LIBS
pushd build-servers
pushd openldap-%{version_22}/build-servers
build \
--enable-plugins \
--enable-slapd \
@ -399,23 +419,41 @@ build \
--enable-sql=mod \
--disable-perl \
--disable-shared \
--disable-dynamic \
--with-kerberos=k5only
unset LIBS
popd
# Build clients without Kerberos password-checking support, which is only
# useful in the server anyway, to avoid stray dependencies.
pushd build-clients
pushd openldap-%{version_22}/build-clients
build \
--disable-slapd \
--disable-slurpd \
--enable-shared \
--enable-dynamic \
--enable-static \
--without-kerberos \
--with-cyrus-sasl \
--with-pic
popd
# Build evolution-specific clients just as we would normal clients, except with
# a different installation directory in mind and no shared libraries.
pushd evo-openldap-%{version_22}
build \
--disable-slapd \
--disable-slurpd \
--disable-shared \
--disable-dynamic \
--enable-static \
--without-kerberos \
--with-cyrus-sasl \
--with-pic \
--includedir=%{evolution_connector_includedir} \
--libdir=%{evolution_connector_libdir}
popd
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
libtool='%{_bindir}/libtool'
@ -468,7 +506,7 @@ install -d $RPM_BUILD_ROOT/%{_libdir}/
install -m755 libslapd_db-*.*.so $RPM_BUILD_ROOT/%{_libdir}/
popd
pushd build-servers
pushd openldap-%{version_22}/build-servers
make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool"
popd
@ -479,8 +517,18 @@ for binary in db_* ; do
done
popd
# Install clients and shared libraries.
pushd build-clients
# Install clients and shared libraries. Install the evo-specific versions
# first so that any conflicting files are overwritten by generic versions.
pushd evo-openldap-%{version_22}
make install DESTDIR=$RPM_BUILD_ROOT \
includedir=%{evolution_connector_includedir} \
libdir=%{evolution_connector_libdir} \
LIBTOOL="$libtool"
install -m644 \
$RPM_SOURCE_DIR/README.evolution \
$RPM_BUILD_ROOT/%{evolution_connector_prefix}/
popd
pushd openldap-%{version_22}/build-clients
make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool"
popd
@ -505,8 +553,9 @@ perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/*/*.*
# We don't need the default files -- RPM handles changes.
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/*.default
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/schema/*.default
# Install an init script for the server.
# Install an init script for the servers.
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
install -m 755 $RPM_SOURCE_DIR/ldap.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ldap
@ -528,6 +577,8 @@ chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a
# Remove files which we don't want packaged.
rm -f $RPM_BUILD_ROOT/%{_datadir}/openldap/migration/*.{instdir,simple,schema,mktemp,suffix}
rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.la
rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.so*
rm -f $RPM_BUILD_ROOT/%{_sbindir}/openldap/*.a
rm -f $RPM_BUILD_ROOT/%{_sbindir}/openldap/*.so
@ -587,7 +638,11 @@ fi
%files
%defattr(-,root,root)
%doc ANNOUNCEMENT CHANGES COPYRIGHT LICENSE README
%doc openldap-%{version_22}/ANNOUNCEMENT
%doc openldap-%{version_22}/CHANGES
%doc openldap-%{version_22}/COPYRIGHT
%doc openldap-%{version_22}/LICENSE
%doc openldap-%{version_22}/README
%attr(0755,root,root) %dir /etc/openldap
%attr(0644,root,root) %config(noreplace) /etc/openldap/ldap*.conf
%attr(0755,root,root) %{_libdir}/liblber-*.so.*
@ -599,14 +654,17 @@ fi
%files -n compat-openldap
%defattr(-,root,root)
%doc ANNOUNCEMENT COPYRIGHT LICENSE
%doc openldap-%{compat_version}/ANNOUNCEMENT
%doc openldap-%{compat_version}/COPYRIGHT
%doc openldap-%{compat_version}/LICENSE
%attr(0755,root,root) %{_libdir}/liblber.so.*
%attr(0755,root,root) %{_libdir}/libldap.so.*
%attr(0755,root,root) %{_libdir}/libldap_r.so.*
%files servers
%defattr(-,root,root)
%doc README.migration TOOLS.migration
%doc README.migration
%doc TOOLS.migration
%doc $RPM_SOURCE_DIR/README.upgrading $RPM_SOURCE_DIR/guide.html
%attr(0755,root,root) %config /etc/rc.d/init.d/ldap
%attr(0640,root,ldap) %config(noreplace) /etc/openldap/slapd.conf
@ -634,8 +692,8 @@ fi
%files servers-sql
%defattr(-,root,root)
%doc servers/slapd/back-sql/docs/*
%doc servers/slapd/back-sql/rdbms_depend
%doc openldap-%{version_22}/servers/slapd/back-sql/docs/*
%doc openldap-%{version_22}/servers/slapd/back-sql/rdbms_depend
%attr(0755,root,root) %{_sbindir}/openldap/back_sql.la
%attr(0755,root,root) %{_sbindir}/openldap/back_sql*.so.*
@ -646,15 +704,35 @@ fi
%files devel
%defattr(-,root,root)
%doc doc/drafts doc/rfc
%doc openldap-%{version_22}/doc/drafts openldap-%{version_22}/doc/rfc
%attr(0755,root,root) %{_libdir}/libl*.so
%attr(0644,root,root) %{_libdir}/libl*.a
%attr(0644,root,root) %{_includedir}/*
%attr(0644,root,root) %{_mandir}/man3/*
%attr(0755,root,root) %dir %{evolution_connector_prefix}
%attr(0644,root,root) %{evolution_connector_prefix}/README*
%attr(0755,root,root) %dir %{evolution_connector_includedir}
%attr(0644,root,root) %{evolution_connector_includedir}/*.h
%attr(0755,root,root) %dir %{evolution_connector_libdir}
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog
* Thu Aug 19 2004 Nalin Dahyabhai <nalin@redhat.com> 2.2.13-2
- build a separate, static set of libraries for openldap-devel with the
non-standard ntlm bind patch applied, for use by the evolution-connector
package (#125579), and installing them under
%%{evolution_connector_prefix} (%{evolution_connector_prefix})
- provide openldap-evolution-devel = %%{version}-%%{release} in openldap-devel
so that evolution-connector's source package can require a version of
openldap-devel which provides what it wants
* Mon Jul 26 2004 Nalin Dahyabhai <nalin@redhat.com>
- update administrator guide
* Wed Jun 16 2004 Nalin Dahyabhai <nalin@redhat.com> 2.2.13-1
- add compat-openldap subpackage
- default to bdb, as upstream does, gambling that we're only going to be
on systems with nptl now
* Tue Jun 15 2004 Nalin Dahyabhai <nalin@redhat.com> 2.2.13-0
- preliminary 2.2.13 update