diff options
author | Thomas Reim <reimth@gmail.com> | 2022-08-16 11:23:40 +0800 |
---|---|---|
committer | Ian Kent <raven@themaw.net> | 2022-08-22 10:26:16 +0800 |
commit | 38de2897606638fa1d600fc205ee4ccedf75ced6 (patch) | |
tree | 7d15348263eff3b0c13c916bd0e64180f04a0797 | |
parent | c81826043d04456f8d5c7b3d391b2768b9502eb6 (diff) | |
download | autofs-38de2897606638fa1d600fc205ee4ccedf75ced6.tar.gz |
autofs-5.1.8 - prepare for OpenLDAP SASL binding
autofs prefers OpenLDAP as LDAP client library and Cyrus as SASL library.
OpenLDAP also uses Cyrus SASL and is fully capable of providing SASL
authentication and binding to clients. OpenLDAP SASL interface is actively
maintained and provides latest security features, e. g. SASL data security
layer.
It does not make much sense to implement and use an own SASL interface in
autofs if OpenLDAP is used, which already has a powerful SASL implementation.
Prepare conditional compilation for use of OpenLDAP for SASL authentication
and binding.
Signed-off-by: Thomas Reim <reimth@gmail.com>
Signed-off-by: Ian Kent <raven@themaw.net>
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | aclocal.m4 | 43 | ||||
-rwxr-xr-x | configure | 55 | ||||
-rw-r--r-- | configure.in | 5 | ||||
-rw-r--r-- | include/config.h.in | 3 |
5 files changed, 105 insertions, 2 deletions
@@ -30,6 +30,7 @@ - fix missing unlock in sasl_do_kinit_ext_cc(). - fix a couple of null cache locking problems. - restore gcc flags after autoconf Kerberos 5 check. +- prepare for OpenLDAP SASL binding. 19/10/2021 autofs-5.1.8 - add xdr_exports(). @@ -326,6 +326,49 @@ LIBS="$af_check_hesiod_save_libs" ]) dnl -------------------------------------------------------------------------- +dnl AF_CHECK_FUNC_LDAP_SUPPORT_SASL +dnl +dnl Check for sasl support in ldap +dnl -------------------------------------------------------------------------- +AC_DEFUN( + [AF_CHECK_FUNC_LDAP_SUPPORT_SASL], + [AC_MSG_CHECKING(for cyrus sasl support in openldap) + have_openldap_cyrus_sasl=no + # save current libs + af_check_ldap_support_sasl_save_libs="$LIBS" + LIBS="$LIBLDAP" + + AC_RUN_IFELSE( + [ AC_LANG_SOURCE( + [ #include <stdlib.h> + #include <ldap.h> + int main (int argc, char **argv) { + LDAP *ldap = NULL; + int lret = 0; + + lret = ldap_initialize(&ldap, NULL); + if (lret != LDAP_OPT_SUCCESS) { + exit(1); + } + lret = ldap_set_option(ldap, LDAP_OPT_X_SASL_NOCANON, + LDAP_OPT_ON); + exit(lret == LDAP_OPT_SUCCESS ? 0 : 1); + } ])], + have_openldap_sasl=yes, + have_openldap_sasl=no, + have_openldap_sasl=yes) + + AC_MSG_RESULT($have_openldap_sasl) + if test "$have_openldap_sasl" = "yes"; then + AC_DEFINE(WITH_LDAP_CYRUS_SASL,1, + [Define if OpenLDAP was built with Cyrus SASL]) + fi + + # restore libs + LIBS="$af_check_ldap_parse_page_control_save_libs" + ]) + +dnl -------------------------------------------------------------------------- dnl AF_CHECK_FUNC_LDAP_CREATE_PAGE_CONTROL dnl dnl Check for function ldap_create_page_control @@ -4481,6 +4481,9 @@ _ACEOF fi done + + CFLAGS="$SAVE_CFLAGS" + LIBS="$SAVE_LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing versionsort" >&5 @@ -5347,6 +5350,7 @@ CFLAGS="$af_check_nis_header_save_cflags" # OpenLDAP support? Expect that this may have a special directory... # AF_tmp_ldflags="$LDFLAGS" +AF_tmp_libs="$LIBS" LIBLDAP='' HAVE_LDAP='' @@ -5413,7 +5417,54 @@ fi $as_echo "#define WITH_LDAP 1" >>confdefs.h - fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cyrus sasl support in openldap" >&5 +$as_echo_n "checking for cyrus sasl support in openldap... " >&6; } + have_openldap_cyrus_sasl=no + # save current libs + af_check_ldap_support_sasl_save_libs="$LIBS" + LIBS="$LIBLDAP" + + if test "$cross_compiling" = yes; then : + have_openldap_sasl=yes +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include <stdlib.h> + #include <ldap.h> + int main (int argc, char **argv) { + LDAP *ldap = NULL; + int lret = 0; + + lret = ldap_initialize(&ldap, NULL); + if (lret != LDAP_OPT_SUCCESS) { + exit(1); + } + lret = ldap_set_option(ldap, LDAP_OPT_X_SASL_NOCANON, + LDAP_OPT_ON); + exit(lret == LDAP_OPT_SUCCESS ? 0 : 1); + } +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + have_openldap_sasl=yes +else + have_openldap_sasl=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_openldap_sasl" >&5 +$as_echo "$have_openldap_sasl" >&6; } + if test "$have_openldap_sasl" = "yes"; then + +$as_echo "#define WITH_LDAP_CYRUS_SASL 1" >>confdefs.h + + fi + + # restore libs + LIBS="$af_check_ldap_parse_page_control_save_libs" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_create_page_control in -lldap" >&5 $as_echo_n "checking for ldap_create_page_control in -lldap... " >&6; } @@ -5500,12 +5551,14 @@ fi # restore libs LIBS="$af_check_ldap_parse_page_control_save_libs" + fi fi LDFLAGS="${AF_tmp_ldflags}" +LIBS="${AF_tmp_libs}" # # SASL support diff --git a/configure.in b/configure.in index 68cbd44a..45f32340 100644 --- a/configure.in +++ b/configure.in @@ -279,6 +279,7 @@ AF_CHECK_NIS_HEADER() # OpenLDAP support? Expect that this may have a special directory... # AF_tmp_ldflags="$LDFLAGS" +AF_tmp_libs="$LIBS" LIBLDAP='' HAVE_LDAP='' AC_ARG_WITH(openldap, @@ -303,15 +304,17 @@ if test -z "$HAVE_LDAP" -o "$HAVE_LDAP" != "0"; then if test "$HAVE_LDAP" = "1"; then AC_DEFINE(WITH_LDAP,1, [Define if using LDAP as a source of automount maps]) - fi + AF_CHECK_FUNC_LDAP_SUPPORT_SASL() AF_CHECK_FUNC_LDAP_CREATE_PAGE_CONTROL() AF_CHECK_FUNC_LDAP_PARSE_PAGE_CONTROL() + fi fi AC_SUBST(LDAP_FLAGS) AC_SUBST(HAVE_LDAP) AC_SUBST(LIBLDAP) LDFLAGS="${AF_tmp_ldflags}" +LIBS="${AF_tmp_libs}" # # SASL support diff --git a/include/config.h.in b/include/config.h.in index 4f8daa86..7dab82ee 100644 --- a/include/config.h.in +++ b/include/config.h.in @@ -162,6 +162,9 @@ /* Define if using LDAP as a source of automount maps */ #undef WITH_LDAP +/* Define if OpenLDAP was built with Cyrus SASL */ +#undef WITH_LDAP_CYRUS_SASL + /* Define to 1 if you have the libtirpc library installed */ #undef WITH_LIBTIRPC |