Add upstream fix for ldap connections to AD (Bug #6073).

Guenther
2009-01-31 16:44:06 +00:00 · 2009-01-31 16:44:06 +00:00 · 143acfa110
parent 276ea4746d
commit 143acfa110
2 changed files with 41 additions and 1 deletions
--- a/0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch
+++ b/0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch
@ -0,0 +1,37 @@
+From d332da87068cd72489941010a33e372ab53d3bcc Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Thu, 29 Jan 2009 13:17:46 +0100
+Subject: [PATCH] fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested
+
+This fixes "net ads join".
+It copes with the changed default "ldap ssl = start tls".
+A new boolean option "ldap ssl : ads" is added to allow for
+explicitly requesting ssl with  ads.
+
+Michael
+---
+ source/libads/ldap.c |    8 +++++---
+ 1 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/source/libads/ldap.c b/source/libads/ldap.c
+index f3bc2c5..5c95d4f 100644
+--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
+@@ -672,9 +672,11 @@ got_connection:
+ 
+ 	ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+ 
+-	status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
+-	if (!ADS_ERR_OK(status)) {
+-		goto out;
+	if (lp_parm_bool(-1, "ldap ssl", "ads", false)) {
+		status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
+		if (!ADS_ERR_OK(status)) {
+			goto out;
+		}
+ 	}
+ 
+ 	/* fill in the current time and offsets */
+-- 
+1.6.0.2
+
--- a/samba.spec
+++ b/samba.spec
@ -43,6 +43,7 @@ Patch104: samba-3.0.0rc3-nmbd-netbiosname.patch
 # The passwd part has been applied, but not the group part
 Patch107: samba-3.2.0pre1-grouppwd.patch
 Patch200: samba-3.2.5-inotify.patch
+Patch201: 0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch

 Requires(pre): samba-common = %{epoch}:%{samba_version}-%{release}
 Requires: pam >= 0:0.64
@ -246,6 +247,7 @@ cp %{SOURCE11} packaging/Fedora/
 #%patch104 -p1 -b .nmbd-netbiosname # FIXME: does not apply
 %patch107 -p1 -b .grouppwd
 %patch200 -p0 -b .inotify
+%patch201 -p1 -b .ldap_ssl

 mv source/VERSION source/VERSION.orig
 sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{samba_release}\"/' < source/VERSION.orig > source/VERSION
@ -826,8 +828,9 @@ exit 0
 %{_datadir}/pixmaps/samba/logo-small.png

 %changelog
-* Fri Jan 30 2009 Guenther Deschner <gdeschner@redhat.com> - 3.3.0-0.25
+* Sat Jan 31 2009 Guenther Deschner <gdeschner@redhat.com> - 3.3.0-0.25
 - Update to 3.3.0 final
+- Add upstream fix for ldap connections to AD (Bug #6073)

 * Fri Nov 28 2008 Guenther Deschner <gdeschner@redhat.com> - 3.3.0-0rc1.24
 - Update to 3.3.0rc1