upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-21 07:09:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added support for TCP_WRAPPERS (ldapd code not tested, don't have isode here).

Browse source 
Cleaned up LDAP_CRYPT support.
This commit is contained in:
Kurt Zeilenga 1998-08-15 23:03:09 +00:00
parent 412f44afa3
commit e66aa92102
9 changed files with 112 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Make-common
View file

@ -198,10 +198,14 @@ LDAP_DEBUG=-DLDAP_DEBUG
# uncomment this line to enable support for LDAP referrals in libldap # uncomment this line to enable support for LDAP referrals in libldap
LDAP_REFERRALS=-DLDAP_REFERRALS LDAP_REFERRALS=-DLDAP_REFERRALS
# uncomment this line to enable support for CRYPT passwords in LDBM. # uncomment these lines to enable support for CRYPT passwords in LDBM.
# Requires UNIX crypt(3), you may have to add -lcrypt (or whatever)
# to your PLATFORMLIBS (build/platform/your-platform)
#LDAP_CRYPT=-DLDAP_CRYPT #LDAP_CRYPT=-DLDAP_CRYPT
#LDAP_CRYPT_LIB=-lcrypt
# uncomment these lines to enable support fro tcp_wrappers in servers.
# Requires tcp_wrappers.
#LDAP_TCP_WRAPPERS=-DTCP_WRAPPERS -I/usr/local/include
#LDAP_TCP_WRAPPERS_LIB=-L/usr/local/lib -lwrap
# uncomment this line to use soundex for approximate matches in slapd. # uncomment this line to use soundex for approximate matches in slapd.
# the default is to use the metaphone algorithm. # the default is to use the metaphone algorithm.

2
build/Make-append
View file

@ -21,7 +21,7 @@
# DEFS are included in CFLAGS # DEFS are included in CFLAGS
DEFS = $(PLATFORMCFLAGS) $(LDAP_DEBUG) $(KERBEROS) $(AFSKERBEROS) \ DEFS = $(PLATFORMCFLAGS) $(LDAP_DEBUG) $(KERBEROS) $(AFSKERBEROS) \
$(UOFM) $(UOFA) $(NO_USERINTERFACE) $(CLDAP) $(NO_CACHE) \ $(UOFM) $(UOFA) $(NO_USERINTERFACE) $(CLDAP) $(NO_CACHE) \
$(LDAP_REFERRALS) $(LDAP_CRYPT) $(LDAP_DNS) $(STR_TRANSLATION) \ $(LDAP_REFERRALS) $(LDAP_DNS) $(STR_TRANSLATION) \
$(LIBLDAP_CHARSETS) $(LIBLDAP_DEF_CHARSET) \ $(LIBLDAP_CHARSETS) $(LIBLDAP_DEF_CHARSET) \
$(SLAPD_BACKENDS) $(LDBMBACKEND) $(LDBMINCLUDE) $(PHONETIC) $(SLAPD_BACKENDS) $(LDBMBACKEND) $(LDBMINCLUDE) $(PHONETIC)

2
build/platforms/freebsd-gcc/Make-platform
View file

@ -15,5 +15,3 @@ CC = cc
PLATFORMCFLAGS= -Dfreebsd PLATFORMCFLAGS= -Dfreebsd
# uncomment this line if using for LDAP_CRYPT
#PLATFORMLIBS= -lcrypt

2
build/platforms/linux-gcc/Make-platform
View file

@ -16,5 +16,3 @@ RANLIB = "ranlib"
PLATFORMCFLAGS= -Dlinux PLATFORMCFLAGS= -Dlinux
# uncomment this if -DLDAP_CRYPT is defined
#PLATFORMLIBS= -lcrypt

28
servers/ldapd/main.c
View file

@ -42,6 +42,13 @@
#include <unistd.h> #include <unistd.h>
#endif /* USE_SYSCONF */ #endif /* USE_SYSCONF */
#ifdef TCP_WRAPPERS
#include <tcpd.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;
#endif /* TCP_WRAPPERS */
void log_and_exit(); void log_and_exit();
static set_socket(); static set_socket();
static do_queries(); static do_queries();
@ -393,10 +400,31 @@ char **argv;
hp = gethostbyaddr( (char *) &(from.sin_addr.s_addr), hp = gethostbyaddr( (char *) &(from.sin_addr.s_addr),
sizeof(from.sin_addr.s_addr), AF_INET ); sizeof(from.sin_addr.s_addr), AF_INET );
#ifdef TCP_WRAPPERS
if ( !hosts_ctl("ldapd", (hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), STRING_UNKNOWN ) {
Debug( LDAP_DEBUG_ARGS, "connection from %s (%s) denied.\n",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), 0 );
if ( dosyslog ) {
syslog( LOG_NOTICE, "connection from %s (%s) denied.",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ) );
}
close(ns);
continue;
}
#endif /* TCP_WRAPPERS */
Debug( LDAP_DEBUG_ARGS, "connection from %s (%s)\n", Debug( LDAP_DEBUG_ARGS, "connection from %s (%s)\n",
(hp == NULL) ? "unknown" : hp->h_name, (hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), 0 ); inet_ntoa( from.sin_addr ), 0 );
if ( dosyslog ) { if ( dosyslog ) {
syslog( LOG_INFO, "connection from %s (%s)", syslog( LOG_INFO, "connection from %s (%s)",
(hp == NULL) ? "unknown" : hp->h_name, (hp == NULL) ? "unknown" : hp->h_name,

4
servers/slapd/Make-template
View file

@ -33,11 +33,11 @@ OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \
schema.o schemaparse.o monitor.o configinfo.o schema.o schemaparse.o monitor.o configinfo.o
INCLUDES= -I. -I$(HDIR) $(KRBINCLUDEFLAG) INCLUDES= -I. -I$(HDIR) $(KRBINCLUDEFLAG)
DEFINES = $(DEFS) $(SERVERDEFS) DEFINES = $(DEFS) $(LDAP_CRYPT) $(LDAP_TCP_WRAPPERS) $(SERVERDEFS)
CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) $(THREADS) CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) $(THREADS)
LDFLAGS = -L$(LDIR) $(KRBLIBFLAG) LDFLAGS = -L$(LDIR) $(KRBLIBFLAG)
LIBS = $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif $(THREADSLIB) \ LIBS = $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif $(THREADSLIB) \
$(LDBMLIB) $(ALIBS) $(LDBMLIB) $(LDAP_CRYPT_LIB) $(LDAP_TCP_WRAPPERS_LIB) $(ALIBS)
all: FORCE all: FORCE
@if [ -z "$(MAKESLAPD)" ]; then \ @if [ -z "$(MAKESLAPD)" ]; then \

4
servers/slapd/back-ldbm/Make-template
View file

@ -27,9 +27,9 @@ OBJS = idl.o add.o search.o cache.o dbcache.o dn2id.o id2entry.o \
filterindex.o unbind.o kerberos.o close.o filterindex.o unbind.o kerberos.o close.o
INCLUDES= -I. -I.. -I$(HDIR) $(KRBINCLUDEFLAG) INCLUDES= -I. -I.. -I$(HDIR) $(KRBINCLUDEFLAG)
DEFINES = $(DEFS) $(THREADS) DEFINES = $(DEFS) $(LDAP_CRYPT) $(THREADS)
CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS)
LDFLAGS = -L$(LDIR) $(KRBLIBFLAG) LDFLAGS = -L$(LDIR) $(KRBLIBFLAG) $(LDAP_CRYPT_LIB)
all: FORCE all: FORCE
-@echo "$(SLAPD_BACKENDS)" | grep LDAP_LDBM 2>&1 > /dev/null; \ -@echo "$(SLAPD_BACKENDS)" | grep LDAP_LDBM 2>&1 > /dev/null; \

80
servers/slapd/daemon.c
View file

@ -30,6 +30,13 @@
#include <unistd.h> #include <unistd.h>
#endif /* USE_SYSCONF */ #endif /* USE_SYSCONF */
#ifdef TCP_WRAPPERS
#include <tcpd.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;
#endif /* TCP_WRAPPERS */
extern Operation *op_add(); extern Operation *op_add();
#ifndef SYSERRLIST_IN_STDIO #ifndef SYSERRLIST_IN_STDIO
@ -177,6 +184,9 @@ slapd_daemon(
struct timeval *tvp; struct timeval *tvp;
int len, pid; int len, pid;
char *client_name;
char *client_addr;
FD_ZERO( &writefds ); FD_ZERO( &writefds );
FD_ZERO( &readfds ); FD_ZERO( &readfds );
FD_SET( tcps, &readfds ); FD_SET( tcps, &readfds );
@ -251,6 +261,7 @@ slapd_daemon(
Debug( LDAP_DEBUG_ANY, Debug( LDAP_DEBUG_ANY,
"FIONBIO ioctl on %d failed\n", ns, 0, 0 ); "FIONBIO ioctl on %d failed\n", ns, 0, 0 );
} }
c[ns].c_sb.sb_sd = ns; c[ns].c_sb.sb_sd = ns;
Debug( LDAP_DEBUG_CONNS, "new connection on %d\n", ns, Debug( LDAP_DEBUG_CONNS, "new connection on %d\n", ns,
0, 0 ); 0, 0 );
@ -258,43 +269,76 @@ slapd_daemon(
pthread_mutex_lock( &ops_mutex ); pthread_mutex_lock( &ops_mutex );
c[ns].c_connid = num_conns++; c[ns].c_connid = num_conns++;
pthread_mutex_unlock( &ops_mutex ); pthread_mutex_unlock( &ops_mutex );
len = sizeof(from); len = sizeof(from);
if ( getpeername( ns, (struct sockaddr *) &from, &len ) if ( getpeername( ns, (struct sockaddr *) &from, &len )
== 0 ) { == 0 ) {
char *s; char *s;
#ifdef REVERSE_LOOKUP client_addr = inet_ntoa( from.sin_addr );
#if defined(REVERSE_LOOKUP) || defined(TCP_WRAPPERS)
hp = gethostbyaddr( (char *) hp = gethostbyaddr( (char *)
&(from.sin_addr.s_addr), &(from.sin_addr.s_addr),
sizeof(from.sin_addr.s_addr), AF_INET ); sizeof(from.sin_addr.s_addr), AF_INET );
if(hp) {
client_name = hp->h_name;
/* normalize the domain */
for ( s = client_name; *s; s++ ) {
*s = TOLOWER( *s );
}
} else {
client_name = NULL;
}
#else #else
hp = NULL; client_name = NULL;
#endif #endif
} else {
client_name = NULL;;
client_addr = NULL;
}
#ifdef TCP_WRAPPERS
if(!hosts_ctl("slapd", client_name, client_addr,
STRING_UNKNOWN))
{
/* DENY ACCESS */
Statslog( LDAP_DEBUG_STATS, Statslog( LDAP_DEBUG_STATS,
"conn=%d fd=%d connection from %s (%s)\n", "conn=%d fd=%d connection from %s (%s) denied.\n",
c[ns].c_connid, ns, hp == NULL ? "unknown" c[ns].c_connid, ns,
: hp->h_name, inet_ntoa( from.sin_addr ), client_name == NULL ? "unknown" : client_name,
client_addr == NULL ? "unknown" : client_addr,
0 );
close(ns);
pthread_mutex_unlock( &new_conn_mutex );
continue;
}
#endif /* TCP_WRAPPERS */
Statslog( LDAP_DEBUG_STATS,
"conn=%d fd=%d connection from %s (%s) accepted.\n",
c[ns].c_connid, ns,
client_name == NULL ? "unknown" : client_name,
client_addr == NULL ? "unknown" : client_addr,
0 ); 0 );
if ( c[ns].c_addr != NULL ) { if ( c[ns].c_addr != NULL ) {
free( c[ns].c_addr ); free( c[ns].c_addr );
} }
c[ns].c_addr = strdup( inet_ntoa( c[ns].c_addr = strdup( client_addr );
from.sin_addr ) );
if ( c[ns].c_domain != NULL ) { if ( c[ns].c_domain != NULL ) {
free( c[ns].c_domain ); free( c[ns].c_domain );
} }
c[ns].c_domain = strdup( hp == NULL ? "" :
hp->h_name ); c[ns].c_domain = strdup( client_name == NULL
/* normalize the domain */ ? "" : client_name );
for ( s = c[ns].c_domain; *s; s++ ) {
*s = TOLOWER( *s );
}
} else {
Statslog( LDAP_DEBUG_STATS,
"conn=%d fd=%d connection from unknown\n",
c[ns].c_connid, ns, 0, 0, 0 );
}
pthread_mutex_lock( &c[ns].c_dnmutex ); pthread_mutex_lock( &c[ns].c_dnmutex );
if ( c[ns].c_dn != NULL ) { if ( c[ns].c_dn != NULL ) {
free( c[ns].c_dn ); free( c[ns].c_dn );

4
servers/slapd/tools/Make-template
View file

@ -27,12 +27,12 @@ OBJS2 = ../config.o ../ch_malloc.o ../backend.o ../charray.o \
../schemaparse.o ../regex.o ../strdup.o ../schemaparse.o ../regex.o ../strdup.o
INCLUDES= -I. -I$(HDIR) $(EXINCLUDES) INCLUDES= -I. -I$(HDIR) $(EXINCLUDES)
DEFINES = $(DEFS) $(SERVERDEFS) $(THREADS) DEFINES = $(DEFS) $(LDAP_CRYPT) $(SERVERDEFS) $(THREADS)
CFLAGS = $(INCLUDES) $(DEFINES) $(ACFLAGS) CFLAGS = $(INCLUDES) $(DEFINES) $(ACFLAGS)
LDFLAGS = -L$(LDIR) $(EXLDFLAGS) LDFLAGS = -L$(LDIR) $(EXLDFLAGS)
LIBS = -lldif -lldap -llber -lldbm -lavl $(LDBMLIB) $(EXLIBS) $(ALIBS) LIBS = -lldif -lldap -llber -lldbm -lavl $(LDBMLIB) $(EXLIBS) $(ALIBS)
LIBS2 = -lldif -lldbm -lavl $(LDBMLIB) -llber $(KRBLIBFLAG) $(KRBLIBS) \ LIBS2 = -lldif -lldbm -lavl $(LDBMLIB) -llber $(KRBLIBFLAG) $(KRBLIBS) \
-llthread $(THREADSLIB) $(ALIBS) -llthread $(THREADSLIB) $(ALIBS) $(LDAP_CRYPT_LIB)
all: build-edb2ldif ldif2index ldif2ldbm ldbmcat ldif2id2entry \ all: build-edb2ldif ldif2index ldif2ldbm ldbmcat ldif2id2entry \
ldif2id2children centipede ldbmtest ldif ldif2id2children centipede ldbmtest ldif