Guenther Deschner
parent
276ea4746d
commit
143acfa110
37
0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch
Normal file
37
0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From d332da87068cd72489941010a33e372ab53d3bcc Mon Sep 17 00:00:00 2001
|
||||
From: Michael Adam <obnox@samba.org>
|
||||
Date: Thu, 29 Jan 2009 13:17:46 +0100
|
||||
Subject: [PATCH] fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested
|
||||
|
||||
This fixes "net ads join".
|
||||
It copes with the changed default "ldap ssl = start tls".
|
||||
A new boolean option "ldap ssl : ads" is added to allow for
|
||||
explicitly requesting ssl with ads.
|
||||
|
||||
Michael
|
||||
---
|
||||
source/libads/ldap.c | 8 +++++---
|
||||
1 files changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
|
||||
index f3bc2c5..5c95d4f 100644
|
||||
--- a/source/libads/ldap.c
|
||||
+++ b/source/libads/ldap.c
|
||||
@@ -672,9 +672,11 @@ got_connection:
|
||||
|
||||
ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
|
||||
|
||||
- status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
|
||||
- if (!ADS_ERR_OK(status)) {
|
||||
- goto out;
|
||||
+ if (lp_parm_bool(-1, "ldap ssl", "ads", false)) {
|
||||
+ status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
|
||||
+ if (!ADS_ERR_OK(status)) {
|
||||
+ goto out;
|
||||
+ }
|
||||
}
|
||||
|
||||
/* fill in the current time and offsets */
|
||||
--
|
||||
1.6.0.2
|
||||
|
||||
@ -43,6 +43,7 @@ Patch104: samba-3.0.0rc3-nmbd-netbiosname.patch
|
||||
# The passwd part has been applied, but not the group part
|
||||
Patch107: samba-3.2.0pre1-grouppwd.patch
|
||||
Patch200: samba-3.2.5-inotify.patch
|
||||
Patch201: 0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch
|
||||
|
||||
Requires(pre): samba-common = %{epoch}:%{samba_version}-%{release}
|
||||
Requires: pam >= 0:0.64
|
||||
@ -246,6 +247,7 @@ cp %{SOURCE11} packaging/Fedora/
|
||||
#%patch104 -p1 -b .nmbd-netbiosname # FIXME: does not apply
|
||||
%patch107 -p1 -b .grouppwd
|
||||
%patch200 -p0 -b .inotify
|
||||
%patch201 -p1 -b .ldap_ssl
|
||||
|
||||
mv source/VERSION source/VERSION.orig
|
||||
sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{samba_release}\"/' < source/VERSION.orig > source/VERSION
|
||||
@ -826,8 +828,9 @@ exit 0
|
||||
%{_datadir}/pixmaps/samba/logo-small.png
|
||||
|
||||
%changelog
|
||||
* Fri Jan 30 2009 Guenther Deschner <gdeschner@redhat.com> - 3.3.0-0.25
|
||||
* Sat Jan 31 2009 Guenther Deschner <gdeschner@redhat.com> - 3.3.0-0.25
|
||||
- Update to 3.3.0 final
|
||||
- Add upstream fix for ldap connections to AD (Bug #6073)
|
||||
|
||||
* Fri Nov 28 2008 Guenther Deschner <gdeschner@redhat.com> - 3.3.0-0rc1.24
|
||||
- Update to 3.3.0rc1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user