Guenther Deschner
parent
276ea4746d
commit
143acfa110
37
0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch
Normal file
37
0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From d332da87068cd72489941010a33e372ab53d3bcc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Adam <obnox@samba.org>
|
||||||
|
Date: Thu, 29 Jan 2009 13:17:46 +0100
|
||||||
|
Subject: [PATCH] fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested
|
||||||
|
|
||||||
|
This fixes "net ads join".
|
||||||
|
It copes with the changed default "ldap ssl = start tls".
|
||||||
|
A new boolean option "ldap ssl : ads" is added to allow for
|
||||||
|
explicitly requesting ssl with ads.
|
||||||
|
|
||||||
|
Michael
|
||||||
|
---
|
||||||
|
source/libads/ldap.c | 8 +++++---
|
||||||
|
1 files changed, 5 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
|
||||||
|
index f3bc2c5..5c95d4f 100644
|
||||||
|
--- a/source/libads/ldap.c
|
||||||
|
+++ b/source/libads/ldap.c
|
||||||
|
@@ -672,9 +672,11 @@ got_connection:
|
||||||
|
|
||||||
|
ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
|
||||||
|
|
||||||
|
- status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
|
||||||
|
- if (!ADS_ERR_OK(status)) {
|
||||||
|
- goto out;
|
||||||
|
+ if (lp_parm_bool(-1, "ldap ssl", "ads", false)) {
|
||||||
|
+ status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
|
||||||
|
+ if (!ADS_ERR_OK(status)) {
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* fill in the current time and offsets */
|
||||||
|
--
|
||||||
|
1.6.0.2
|
||||||
|
|
||||||
@ -43,6 +43,7 @@ Patch104: samba-3.0.0rc3-nmbd-netbiosname.patch
|
|||||||
# The passwd part has been applied, but not the group part
|
# The passwd part has been applied, but not the group part
|
||||||
Patch107: samba-3.2.0pre1-grouppwd.patch
|
Patch107: samba-3.2.0pre1-grouppwd.patch
|
||||||
Patch200: samba-3.2.5-inotify.patch
|
Patch200: samba-3.2.5-inotify.patch
|
||||||
|
Patch201: 0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch
|
||||||
|
|
||||||
Requires(pre): samba-common = %{epoch}:%{samba_version}-%{release}
|
Requires(pre): samba-common = %{epoch}:%{samba_version}-%{release}
|
||||||
Requires: pam >= 0:0.64
|
Requires: pam >= 0:0.64
|
||||||
@ -246,6 +247,7 @@ cp %{SOURCE11} packaging/Fedora/
|
|||||||
#%patch104 -p1 -b .nmbd-netbiosname # FIXME: does not apply
|
#%patch104 -p1 -b .nmbd-netbiosname # FIXME: does not apply
|
||||||
%patch107 -p1 -b .grouppwd
|
%patch107 -p1 -b .grouppwd
|
||||||
%patch200 -p0 -b .inotify
|
%patch200 -p0 -b .inotify
|
||||||
|
%patch201 -p1 -b .ldap_ssl
|
||||||
|
|
||||||
mv source/VERSION source/VERSION.orig
|
mv source/VERSION source/VERSION.orig
|
||||||
sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{samba_release}\"/' < source/VERSION.orig > source/VERSION
|
sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{samba_release}\"/' < source/VERSION.orig > source/VERSION
|
||||||
@ -826,8 +828,9 @@ exit 0
|
|||||||
%{_datadir}/pixmaps/samba/logo-small.png
|
%{_datadir}/pixmaps/samba/logo-small.png
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Jan 30 2009 Guenther Deschner <gdeschner@redhat.com> - 3.3.0-0.25
|
* Sat Jan 31 2009 Guenther Deschner <gdeschner@redhat.com> - 3.3.0-0.25
|
||||||
- Update to 3.3.0 final
|
- Update to 3.3.0 final
|
||||||
|
- Add upstream fix for ldap connections to AD (Bug #6073)
|
||||||
|
|
||||||
* Fri Nov 28 2008 Guenther Deschner <gdeschner@redhat.com> - 3.3.0-0rc1.24
|
* Fri Nov 28 2008 Guenther Deschner <gdeschner@redhat.com> - 3.3.0-0rc1.24
|
||||||
- Update to 3.3.0rc1
|
- Update to 3.3.0rc1
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user