Attachment 295512 Details for Bug 220973 – make --enableldapssl enable SSL, not TLS

[patch] make --enableldapssl enable SSL, not TLS

add-ldapssl.patch (text/plain), 5.09 KB, created by Matthew Boyle on 2008-02-21 14:43:38 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Matthew Boyle

Created: 2008-02-21 14:43:38 UTC

Size: 5.09 KB

patch

obsolete

>Index: authconfig.py
>===================================================================
>RCS file: /usr/local/CVS/authconfig/authconfig.py,v
>retrieving revision 1.21
>diff -u -d -w -r1.21 authconfig.py
>--- authconfig.py	29 Jan 2008 17:12:11 -0000	1.21
>+++ authconfig.py	21 Feb 2008 13:38:33 -0000
>@@ -114,10 +114,14 @@
>  			help=_("default LDAP server"))
>  		parser.add_option("--ldapbasedn", metavar=_("<dn>"),
>  			help=_("default LDAP base DN"))
>-		parser.add_option("--enableldaptls", "--enableldapssl", action="store_true",
>+		parser.add_option("--enableldaptls", action="store_true",
> 			help=_("enable use of TLS with LDAP"))
>- 		parser.add_option("--disableldaptls",  "--disableldapssl", action="store_true",
>+ 		parser.add_option("--disableldaptls", action="store_true",
> 			help=_("disable use of TLS with LDAP"))
>+		parser.add_option("--enableldapssl", action="store_true",
>+			help=_("enable use of SSL with LDAP"))
>+ 		parser.add_option("--disableldapssl", action="store_true",
>+			help=_("disable use of SSL with LDAP"))
>  		parser.add_option("--ldaploadcacert", metavar=_("<URL>"),
>  			help=_("load CA certificate from the URL"))
> 
>@@ -309,6 +313,7 @@
> 			"cache":"enableCache",
> 			"hesiod":"enableHesiod",
> 			"ldap":"enableLDAP",
>+			"ldapssl":"enableLDAPS",
> 			"ldaptls":"enableLDAPS",
> 			"ldapauth":"enableLDAPAuth",
> 			"krb5":"enableKerberos",
>@@ -353,6 +358,13 @@
> 				setattr(self.info, aival, True)
> 			if getattr(self.options, "disable"+opt):
> 				setattr(self.info, aival, False)
>+
>+		if self.options.enableldapssl:
>+			self.info.ldapsType = "on"
>+		if self.options.enableldaptls:
>+			self.info.ldapsType = "start_tls"
>+		if self.options.disableldaptls or self.options.disableldapssl:
>+			self.info.ldapsType = "off"
> 
> 		if self.options.krb5realm and self.options.krb5realm != self.info.kerberosRealm:
> 			self.info.kerberosKDC = self.info.getKerberosKDC(self.options.krb5realm)
>Index: authinfo.py
>===================================================================
>RCS file: /usr/local/CVS/authconfig/authinfo.py,v
>retrieving revision 1.33
>diff -u -d -w -r1.33 authinfo.py
>--- authinfo.py	9 Jan 2008 21:33:12 -0000	1.33
>+++ authinfo.py	21 Feb 2008 13:38:34 -0000
>@@ -134,14 +134,17 @@
> def matchLine(line, key):
> 	return line.startswith(key)
> 
>-def matchLineI(line, key):
>-	return line.lower().startswith(key.lower())
>+def matchLineI(line, keys):
>+	# takes a tuple, not a string.
>+	lkeys = map(string.lower, keys)
>+	return line.lower().startswith(tuple(lkeys))
> 				
> def commaAppend(lst, value):
> 	if lst:
> 		return lst + "," + value
> 	else:
> 		return value
>+
> def stringsDiffer(a, b, case_sensitive):
> 	if not a and not b:
> 		return False
>@@ -695,6 +698,7 @@
>   
> 		self.ldapServer = ""
> 		self.ldapBaseDN = ""
>+		self.ldapsType = ""
> 
> 		self.kerberosRealm = ""
> 		self.kerberosRealmviaDNS = None
>@@ -905,7 +909,8 @@
> 			# Is it a "ssl" statement?
> 			value = matchKey(line, "ssl")
> 			if value:
>-				self.enableLDAPS = matchLine(value, "start_tls")
>+				self.enableLDAPS = matchLineI(value, ("start_tls", "on", "yes", "true"))
>+				self.ldapsType = value
> 				continue
> 			# We'll pull MD5/DES crypt ("pam_password") from the config
> 		 	# file, or from the pam_unix PAM config lines.
>@@ -1492,6 +1497,9 @@
> 		(self.enableHesiod != b.enableHesiod) or
> 		(self.enableLDAP != b.enableLDAP) or
> 		(self.enableLDAPS != b.enableLDAPS) or
>+		
>+		stringsDiffer(self.ldapsType, b.ldapsType, False) or
>+
> 		(self.enableNIS != b.enableNIS) or
> 		(self.enableNIS3 != b.enableNIS3) or
> 		(self.enableDBbind != b.enableDBbind) or
>@@ -1753,12 +1761,12 @@
> 					if not wrotessl:
> 						output += "ssl "
> 						if self.enableLDAPS:
>-							output += "start_tls"
>+							output += self.ldapsType 
> 						else:
> 							output += "no"
> 						output += "\n"
> 						wrotessl = True
>-				elif matchLineI(ls, "tls_cacertdir"):
>+				elif matchLineI(ls, ("tls_cacertdir")):
> 					# If it's an 'tls_cacertdir' line, insert ours instead.
> 					if not wrotecacertdir:
> 						if writePadl:
>@@ -1790,7 +1798,7 @@
> 			if writePadl and not wrotessl:
> 						output += "ssl "
> 						if self.enableLDAPS:
>-							output += "start_tls"
>+							output += self.ldapsType
> 						else:
> 							output += "no"
> 						output += "\n"
>@@ -2764,7 +2772,7 @@
> 	SaveGroup(self.writeSMB, [("smbWorkgroup", "i"), ("smbServers", "i")]),
> 	SaveGroup(self.writeNIS, [("nisDomain", "c"), ("nisLocalDomain", "c"), ("nisServer", "c")]),
> 	SaveGroup(self.writeLDAP, [("ldapServer", "i"), ("ldapBaseDN", "c"), ("enableLDAPS", "b"),
>-		("ldapCacertDir", "c"), ("passwordAlgorithm", "i")]),
>+		("ldapsType", "i"), ("ldapCacertDir", "c"), ("passwordAlgorithm", "i")]),
> 	SaveGroup(self.writeCache, [("enableCache", "b")]),
> 	SaveGroup(self.writeLibuser, [("passwordAlgorithm", "i")]),
> 	SaveGroup(self.writeLogindefs, [("passwordAlgorithm", "i")]),
>@@ -2907,6 +2915,7 @@
> 		print " hesiod RHS = \"%s\"" % self.hesiodRHS
> 		print "nss_ldap is %s" % formatBool(self.enableLDAP)
> 		print " LDAP+TLS is %s" % formatBool(self.enableLDAPS)
>+		print " LDAP SSL is %s" % self.ldapsType
> 		print " LDAP server = \"%s\"" % self.ldapServer
> 		print " LDAP base DN = \"%s\"" % self.ldapBaseDN
> 		print "nss_nis is %s" % formatBool(self.enableNIS)

Actions: View | Diff

Attachments on bug 220973: 295512