* [PATCH] starttls for autofs-ldap-auto-master.c (actually attaching it this time.)
@ 2006-03-23 17:55 Anthony M. Martinez
2006-03-27 17:34 ` Jeff Moyer
0 siblings, 1 reply; 3+ messages in thread
From: Anthony M. Martinez @ 2006-03-23 17:55 UTC (permalink / raw)
To: autofs
[-- Attachment #1: Type: text/plain, Size: 151 bytes --]
Grr. Don't you hate it when you do that?
Pi
--
Within C++, there is a much smaller and cleaner language struggling to get out.
-- Bjarne Stroustrup
[-- Attachment #2: starttls.patch --]
[-- Type: text/plain, Size: 1659 bytes --]
--- autofs-4.1.4_beta2/samples/autofs-ldap-auto-master.c 2006-03-23 10:21:54.764752622 -0700
+++ autofs-4.1.4_beta2-starttls/samples/autofs-ldap-auto-master.c 2006-03-23 10:28:06.371758942 -0700
@@ -160,6 +160,7 @@
LDAP *ld = NULL;
int result;
int c;
+ int starttls = 1; /* By default, start TLS */
const char *map_key = MAPKEY, *entry_key = ENTRYKEY, *value = VALUE;
const char *map_oc = MAPOC, *entry_oc = ENTRYOC;
const char *map = MAP;
@@ -167,7 +168,7 @@
setlocale(LC_ALL, "");
/* Scan through the argument list. */
- while((c = getopt(argc, argv, "m:e:n:k:v:")) != -1) {
+ while((c = getopt(argc, argv, "m:e:n:k:v:s")) != -1) {
switch(c) {
case 'm':
/* This is the object class we expect maps to
@@ -198,6 +199,10 @@
* VALUE attribute. */
value = optarg;
break;
+ case 's':
+ /* Disable starttls on the LDAP link */
+ starttls = 0;
+ break;
default:
fprintf(stderr, "syntax: %s\n"
"\t[-m %s] (map object class)\n"
@@ -205,6 +210,7 @@
"\t[-n %s] (attribute used as map key)\n"
"\t[-k %s] (attribute used as entry key)\n"
"\t[-v %s] (attribute used as value)\n"
+ "\t[-s] (disable starttls)\n"
"\t[%s] (map name)\n",
strchr(argv[0], '/') ?
strrchr(argv[0], '/') + 1 : argv[0],
@@ -235,6 +241,12 @@
ld = ldap_init(NULL, LDAP_PORT);
}
+ if(starttls && (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)) {
+ /* Ooops. We failed to start TLS. Bomb out. */
+ ldap_perror(ld, "Couldn't start TLS");
+ return 3;
+ }
+
/* Connect to the server anonymously. */
result = ldap_simple_bind_s(ld, NULL, NULL);
if(result != LDAP_SUCCESS) {
[-- Attachment #3: Type: text/plain, Size: 140 bytes --]
_______________________________________________
autofs mailing list
autofs@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/autofs
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] starttls for autofs-ldap-auto-master.c (actually attaching it this time.)
2006-03-23 17:55 [PATCH] starttls for autofs-ldap-auto-master.c (actually attaching it this time.) Anthony M. Martinez
@ 2006-03-27 17:34 ` Jeff Moyer
2006-03-30 17:00 ` Anthony M. Martinez
0 siblings, 1 reply; 3+ messages in thread
From: Jeff Moyer @ 2006-03-27 17:34 UTC (permalink / raw)
To: Anthony M. Martinez; +Cc: autofs
==> Regarding [autofs] [PATCH] starttls for autofs-ldap-auto-master.c (actually attaching it this time.); "Anthony M. Martinez" <twopir@nmt.edu> adds:
twopir> Since our LDAP server is configured to require confidentiality, I made
twopir> the program default to using it.
That's great for your environment, but breaks most everyone else. How
about making this configurable and not changing the default? For Debian,
I'm guessing the configuration would be stored in /etc/default/autofs. For
Red Hat systems, it would use /etc/sysconfig/autofs.
-Jeff
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] starttls for autofs-ldap-auto-master.c (actually attaching it this time.)
2006-03-27 17:34 ` Jeff Moyer
@ 2006-03-30 17:00 ` Anthony M. Martinez
0 siblings, 0 replies; 3+ messages in thread
From: Anthony M. Martinez @ 2006-03-30 17:00 UTC (permalink / raw)
To: Jeff Moyer; +Cc: autofs
[-- Attachment #1: Type: text/plain, Size: 1170 bytes --]
On Mon, Mar 27, 2006 at 12:34:36PM -0500, Jeff Moyer wrote:
> ==> Regarding [autofs] [PATCH] starttls for autofs-ldap-auto-master.c (actually attaching it this time.); "Anthony M. Martinez" <twopir@nmt.edu> adds:
>
> twopir> Since our LDAP server is configured to require confidentiality, I made
> twopir> the program default to using it.
>
> That's great for your environment, but breaks most everyone else. How
> about making this configurable and not changing the default? For Debian,
> I'm guessing the configuration would be stored in /etc/default/autofs. For
> Red Hat systems, it would use /etc/sysconfig/autofs.
Okay. I modified the patch such that passing the -s option to
autofs-ldap-auto-master will cause it to require confidentiality,
otherwise it behaves normally.
I'll look at the distro-specific stuff later.
Pi
>
> -Jeff
>
> _______________________________________________
> autofs mailing list
> autofs@linux.kernel.org
> http://linux.kernel.org/mailman/listinfo/autofs
--
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
-- Bjarne Stroustrup
[-- Attachment #2: starttls_4.1.4.patch --]
[-- Type: text/plain, Size: 1664 bytes --]
--- autofs-4.1.4_beta2/samples/autofs-ldap-auto-master.c 2006-03-23 10:21:54.764752622 -0700
+++ autofs-4.1.4_beta2-starttls/samples/autofs-ldap-auto-master.c 2006-03-23 10:28:06.371758942 -0700
@@ -160,6 +160,7 @@
LDAP *ld = NULL;
int result;
int c;
+ int starttls = 0; /* By default, do not start TLS */
const char *map_key = MAPKEY, *entry_key = ENTRYKEY, *value = VALUE;
const char *map_oc = MAPOC, *entry_oc = ENTRYOC;
const char *map = MAP;
@@ -167,7 +168,7 @@
setlocale(LC_ALL, "");
/* Scan through the argument list. */
- while((c = getopt(argc, argv, "m:e:n:k:v:")) != -1) {
+ while((c = getopt(argc, argv, "m:e:n:k:v:s")) != -1) {
switch(c) {
case 'm':
/* This is the object class we expect maps to
@@ -198,6 +199,10 @@
* VALUE attribute. */
value = optarg;
break;
+ case 's':
+ /* Enable starttls on the LDAP link */
+ starttls = 1;
+ break;
default:
fprintf(stderr, "syntax: %s\n"
"\t[-m %s] (map object class)\n"
@@ -205,6 +210,7 @@
"\t[-n %s] (attribute used as map key)\n"
"\t[-k %s] (attribute used as entry key)\n"
"\t[-v %s] (attribute used as value)\n"
+ "\t[-s] (enable starttls)\n"
"\t[%s] (map name)\n",
strchr(argv[0], '/') ?
strrchr(argv[0], '/') + 1 : argv[0],
@@ -235,6 +241,12 @@
ld = ldap_init(NULL, LDAP_PORT);
}
+ if(starttls && (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)) {
+ /* Ooops. We failed to start TLS. Bomb out. */
+ ldap_perror(ld, "Couldn't start TLS");
+ return 3;
+ }
+
/* Connect to the server anonymously. */
result = ldap_simple_bind_s(ld, NULL, NULL);
if(result != LDAP_SUCCESS) {
[-- Attachment #3: Type: text/plain, Size: 140 bytes --]
_______________________________________________
autofs mailing list
autofs@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/autofs
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-03-30 17:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-23 17:55 [PATCH] starttls for autofs-ldap-auto-master.c (actually attaching it this time.) Anthony M. Martinez
2006-03-27 17:34 ` Jeff Moyer
2006-03-30 17:00 ` Anthony M. Martinez
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.