diff --git a/README.evolution b/README.evolution deleted file mode 100644 index 56971d1..0000000 --- a/README.evolution +++ /dev/null @@ -1,22 +0,0 @@ -These files are here specifically for use in building the evolution-connector -package, and should not be used for any other purpose. - -In order to authenticate to older servers, an LDAP client must perform an -ntlm_bind operation instead of a simple or SASL bind. The ntlm_bind is not the -same thing as performing SASL authentication using NTLM as the mechanism, which -wouldn't require any patching. Newer servers properly support DIGEST-MD5, so -this requirement only applies to clients which want to authenticate to older -servers, and this requirement will hopefully go away at some point. - -Because the changes involved both modify the libldap ABI and add -non-standardized messages to the protocol, changed libraries are built -statically and stashed in a directory where they will not be found by a -compiler using the default search paths. - -The openldap-devel package provides "openldap-evolution-devel" if it includes a -patched version of these libraries in such a directory. Packages which depend -on these libraries should BuildRequire this virtual provision so that they -don't fail to compile or get miscompiled if the libraries are not present. - -If/when the evolution-connector package stops requiring these changes, the -changed libraries will simply disappear. diff --git a/openldap-evolution-ntlm.patch b/openldap-evolution-ntlm.patch deleted file mode 100644 index 638903d..0000000 --- a/openldap-evolution-ntlm.patch +++ /dev/null @@ -1,199 +0,0 @@ -Get rid of this patch as soon as possible. -More details are provided in README.evolution - -diff --git a/include/ldap.h b/include/ldap.h -index 3791732..fe01b18 100644 ---- a/include/ldap.h -+++ b/include/ldap.h -@@ -2517,5 +2517,26 @@ ldap_parse_deref_control LDAP_P(( - LDAPControl **ctrls, - LDAPDerefRes **drp )); - -+/* -+ * hacks for NTLM -+ */ -+#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) -+#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) -+LDAP_F( int ) -+ldap_ntlm_bind LDAP_P(( -+ LDAP *ld, -+ LDAP_CONST char *dn, -+ ber_tag_t tag, -+ struct berval *cred, -+ LDAPControl **sctrls, -+ LDAPControl **cctrls, -+ int *msgidp )); -+LDAP_F( int ) -+ldap_parse_ntlm_bind_result LDAP_P(( -+ LDAP *ld, -+ LDAPMessage *res, -+ struct berval *challenge)); -+ -+ - LDAP_END_DECL - #endif /* _LDAP_H */ -diff --git a/libraries/libldap/Makefile.in b/libraries/libldap/Makefile.in -index ce4be1b..2326680 100644 ---- a/libraries/libldap/Makefile.in -+++ b/libraries/libldap/Makefile.in -@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest urltest - SRCS = bind.c open.c result.c error.c compare.c search.c \ - controls.c messages.c references.c extended.c cyrus.c \ - modify.c add.c modrdn.c delete.c abandon.c \ -- sasl.c gssapi.c sbind.c unbind.c cancel.c \ -+ sasl.c ntlm.c gssapi.c sbind.c unbind.c cancel.c \ - filter.c free.c sort.c passwd.c whoami.c \ - getdn.c getentry.c getattr.c getvalues.c addentry.c \ - request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \ -@@ -33,7 +33,7 @@ SRCS = bind.c open.c result.c error.c compare.c search.c \ - OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ - controls.lo messages.lo references.lo extended.lo cyrus.lo \ - modify.lo add.lo modrdn.lo delete.lo abandon.lo \ -- sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \ -+ sasl.lo ntlm.lo gssapi.lo sbind.lo unbind.lo cancel.lo \ - filter.lo free.lo sort.lo passwd.lo whoami.lo \ - getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ - request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \ -diff --git a/libraries/libldap/ntlm.c b/libraries/libldap/ntlm.c -new file mode 100644 -index 0000000..e0734d5 ---- /dev/null -+++ b/libraries/libldap/ntlm.c -@@ -0,0 +1,137 @@ -+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ -+/* -+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. -+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file -+ */ -+ -+/* Mostly copied from sasl.c */ -+ -+#include "portable.h" -+ -+#include -+#include -+ -+#include -+#include -+#include -+#include -+ -+#include "ldap-int.h" -+ -+int -+ldap_ntlm_bind( -+ LDAP *ld, -+ LDAP_CONST char *dn, -+ ber_tag_t tag, -+ struct berval *cred, -+ LDAPControl **sctrls, -+ LDAPControl **cctrls, -+ int *msgidp ) -+{ -+ BerElement *ber; -+ int rc; -+ ber_int_t id; -+ -+ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); -+ -+ assert( ld != NULL ); -+ assert( LDAP_VALID( ld ) ); -+ assert( msgidp != NULL ); -+ -+ if( msgidp == NULL ) { -+ ld->ld_errno = LDAP_PARAM_ERROR; -+ return ld->ld_errno; -+ } -+ -+ /* create a message to send */ -+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { -+ ld->ld_errno = LDAP_NO_MEMORY; -+ return ld->ld_errno; -+ } -+ -+ assert( LBER_VALID( ber ) ); -+ -+ LDAP_NEXT_MSGID( ld, id ); -+ rc = ber_printf( ber, "{it{istON}" /*}*/, -+ id, LDAP_REQ_BIND, -+ ld->ld_version, dn, tag, -+ cred ); -+ -+ /* Put Server Controls */ -+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { -+ ber_free( ber, 1 ); -+ return ld->ld_errno; -+ } -+ -+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { -+ ld->ld_errno = LDAP_ENCODING_ERROR; -+ ber_free( ber, 1 ); -+ return ld->ld_errno; -+ } -+ -+ /* send the message */ -+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); -+ -+ if(*msgidp < 0) -+ return ld->ld_errno; -+ -+ return LDAP_SUCCESS; -+} -+ -+int -+ldap_parse_ntlm_bind_result( -+ LDAP *ld, -+ LDAPMessage *res, -+ struct berval *challenge) -+{ -+ ber_int_t errcode; -+ ber_tag_t tag; -+ BerElement *ber; -+ ber_len_t len; -+ -+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); -+ -+ assert( ld != NULL ); -+ assert( LDAP_VALID( ld ) ); -+ assert( res != NULL ); -+ -+ if ( ld == NULL || res == NULL ) { -+ return LDAP_PARAM_ERROR; -+ } -+ -+ if( res->lm_msgtype != LDAP_RES_BIND ) { -+ ld->ld_errno = LDAP_PARAM_ERROR; -+ return ld->ld_errno; -+ } -+ -+ if ( ld->ld_error ) { -+ LDAP_FREE( ld->ld_error ); -+ ld->ld_error = NULL; -+ } -+ if ( ld->ld_matched ) { -+ LDAP_FREE( ld->ld_matched ); -+ ld->ld_matched = NULL; -+ } -+ -+ /* parse results */ -+ -+ ber = ber_dup( res->lm_ber ); -+ -+ if( ber == NULL ) { -+ ld->ld_errno = LDAP_NO_MEMORY; -+ return ld->ld_errno; -+ } -+ -+ tag = ber_scanf( ber, "{ioa" /*}*/, -+ &errcode, challenge, &ld->ld_error ); -+ ber_free( ber, 0 ); -+ -+ if( tag == LBER_ERROR ) { -+ ld->ld_errno = LDAP_DECODING_ERROR; -+ return ld->ld_errno; -+ } -+ -+ ld->ld_errno = errcode; -+ -+ return( ld->ld_errno ); -+} diff --git a/openldap.spec b/openldap.spec index a2d4c26..4c8c149 100644 --- a/openldap.spec +++ b/openldap.spec @@ -1,15 +1,11 @@ %global _hardened_build 1 -%global evolution_connector_prefix %{_libdir}/evolution-openldap -%global evolution_connector_includedir %{evolution_connector_prefix}/include -%global evolution_connector_libdir %{evolution_connector_prefix}/%{_lib} - %global systemctl_bin /usr/bin/systemctl %global check_password_version 1.1 Name: openldap Version: 2.4.35 -Release: 1%{?dist} +Release: 2%{?dist} Summary: LDAP support libraries Group: System Environment/Daemons License: OpenLDAP @@ -27,7 +23,6 @@ Source52: libexec-check-config.sh Source53: libexec-upgrade-db.sh Source54: libexec-create-certdb.sh Source55: libexec-generate-server-cert.sh -Source100: README.evolution # patches for 2.4 Patch0: openldap-manpages.patch @@ -52,9 +47,6 @@ Patch16: openldap-nss-pk11-freeslot.patch Patch100: openldap-autoconf-pkgconfig-nss.patch Patch102: openldap-fedora-systemd.patch -# patches for the evolution library (see README.evolution) -Patch200: openldap-evolution-ntlm.patch - BuildRequires: cyrus-sasl-devel, nss-devel, krb5-devel, tcp_wrappers-devel, unixODBC-devel BuildRequires: glibc-devel, libtool, libtool-ltdl-devel, groff, perl, perl-devel, perl(ExtUtils::Embed) # smbk5pwd overlay: @@ -74,7 +66,6 @@ libraries, and documentation for OpenLDAP. Summary: LDAP development libraries and header files Group: Development/Libraries Requires: openldap%{?_isa} = %{version}-%{release}, cyrus-sasl-devel%{?_isa} -Provides: openldap-evolution-devel%{?_isa} = %{version}-%{release} %description devel The openldap-devel package includes the development libraries and @@ -183,15 +174,6 @@ done popd -# patched static libraries for Evolution -if ! cp -al openldap-%{version} evo-openldap-%{version} ; then - rm -fr evo-openldap-%{version} - cp -a openldap-%{version} evo-openldap-%{version} -fi -pushd evo-openldap-%{version} -%patch200 -p1 -b .evolution-ntlm -popd - %build # avoid stray dependencies (linker flag --as-needed) @@ -244,34 +226,6 @@ pushd openldap-%{version} make %{_smp_mflags} popd -# build patched static library for Evolution -pushd evo-openldap-%{version} -%configure \ - --enable-debug \ - --disable-dynamic \ - --disable-syslog \ - --disable-proctitle \ - --enable-ipv6 \ - --disable-local \ - \ - --disable-slapd \ - \ - --enable-static \ - --disable-shared \ - \ - --with-cyrus-sasl \ - --without-fetch \ - --with-threads \ - --with-pic \ - --with-tls=moznss \ - --with-gnu-ld \ - \ - --includedir=%{evolution_connector_includedir} \ - --libdir=%{evolution_connector_libdir} - -make %{_smp_mflags} -popd - pushd ltb-project-openldap-ppolicy-check-password-%{check_password_version} make LDAP_INC="-I../openldap-%{version}/include \ -I../openldap-%{version}/servers/slapd \ @@ -282,12 +236,6 @@ popd mkdir -p %{buildroot}%{_libdir}/ -# install evolution-specific libraries (conflicting files will be overwriten by generic version) -pushd evo-openldap-%{version} -make install DESTDIR=%{buildroot} STRIP="" -install -m 644 %SOURCE100 %{buildroot}%{evolution_connector_prefix}/ -popd - pushd openldap-%{version} make install DESTDIR=%{buildroot} STRIP="" popd @@ -385,7 +333,6 @@ chmod 0644 %{buildroot}%{_datadir}/openldap-servers/DB_CONFIG.example # remove files which we don't want packaged rm -f %{buildroot}%{_libdir}/*.la -rm -f %{buildroot}%{evolution_connector_libdir}/*.la rm -f %{buildroot}%{_libdir}/openldap/*.so rm -f %{buildroot}%{_localstatedir}/openldap-data/DB_CONFIG.example @@ -643,9 +590,11 @@ exit 0 %{_libdir}/lib*.so %{_includedir}/* %{_mandir}/man3/* -%{evolution_connector_prefix}/ %changelog +* Fri Apr 05 2013 Jan Synáček 2.4.35-2 +- drop the evolution patch + * Tue Apr 02 2013 Jan Synáček 2.4.35-1 - new upstream release (#947235) - fix: slapd.service should ensure that network is up before starting (#946921)