Module Name: src
Committed By: bouyer
Date: Wed Nov 25 16:42:53 UTC 2020
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: cfparse.y cftoken.l
isakmp_xauth.c isakmp_xauth.h
Log Message:
Add an option to pass a ldap uri, instead of just server and port.
uri takes precedence.
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 src/crypto/dist/ipsec-tools/src/racoon/cfparse.y
cvs rdiff -u -r1.27 -r1.28 src/crypto/dist/ipsec-tools/src/racoon/cftoken.l
cvs rdiff -u -r1.31 -r1.32 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/cfparse.y
diff -u src/crypto/dist/ipsec-tools/src/racoon/cfparse.y:1.51 src/crypto/dist/ipsec-tools/src/racoon/cfparse.y:1.52
--- src/crypto/dist/ipsec-tools/src/racoon/cfparse.y:1.51 Sat May 19 20:14:56 2018
+++ src/crypto/dist/ipsec-tools/src/racoon/cfparse.y Wed Nov 25 16:42:53 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: cfparse.y,v 1.51 2018/05/19 20:14:56 maxv Exp $ */
+/* $NetBSD: cfparse.y,v 1.52 2020/11/25 16:42:53 bouyer Exp $ */
/* Id: cfparse.y,v 1.66 2006/08/22 18:17:17 manubsd Exp */
@@ -296,7 +296,7 @@ static const char error_message_dpd_not_
/* listen */
%token LISTEN X_ISAKMP X_ISAKMP_NATT X_ADMIN STRICT_ADDRESS ADMINSOCK DISABLED
/* ldap config */
-%token LDAPCFG LDAP_HOST LDAP_PORT LDAP_TLS LDAP_PVER LDAP_BASE LDAP_BIND_DN LDAP_BIND_PW LDAP_SUBTREE
+%token LDAPCFG LDAP_URI LDAP_HOST LDAP_PORT LDAP_TLS LDAP_PVER LDAP_BASE LDAP_BIND_DN LDAP_BIND_PW LDAP_SUBTREE
%token LDAP_ATTR_USER LDAP_ATTR_ADDR LDAP_ATTR_MASK LDAP_ATTR_GROUP LDAP_ATTR_MEMBER
/* radius config */
%token RADCFG RAD_AUTH RAD_ACCT RAD_TIMEOUT RAD_RETRIES
@@ -773,6 +773,19 @@ ldapcfg_stmt
#endif
}
EOS
+ | LDAP_URI QUOTEDSTRING
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.uri != NULL)
+ vfree(xauth_ldap_config.uri);
+
+ xauth_ldap_config.uri = vdup($2);
+#endif
+#endif
+ vfree($2);
+ }
+ EOS
| LDAP_HOST QUOTEDSTRING
{
#ifdef ENABLE_HYBRID
Index: src/crypto/dist/ipsec-tools/src/racoon/cftoken.l
diff -u src/crypto/dist/ipsec-tools/src/racoon/cftoken.l:1.27 src/crypto/dist/ipsec-tools/src/racoon/cftoken.l:1.28
--- src/crypto/dist/ipsec-tools/src/racoon/cftoken.l:1.27 Thu Nov 29 15:31:24 2012
+++ src/crypto/dist/ipsec-tools/src/racoon/cftoken.l Wed Nov 25 16:42:53 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: cftoken.l,v 1.27 2012/11/29 15:31:24 vanhu Exp $ */
+/* $NetBSD: cftoken.l,v 1.28 2020/11/25 16:42:53 bouyer Exp $ */
/* Id: cftoken.l,v 1.53 2006/08/22 18:17:17 manubsd Exp */
@@ -224,6 +224,7 @@ hexstring 0x{hexdigit}+
<S_INI>ldapcfg { BEGIN S_LDAP; YYDB; return(LDAPCFG); }
<S_LDAP>{bcl} { return(BOC); }
<S_LDAP>version { YYD; return(LDAP_PVER); }
+<S_LDAP>uri { YYD; return(LDAP_URI); }
<S_LDAP>host { YYD; return(LDAP_HOST); }
<S_LDAP>port { YYD; return(LDAP_PORT); }
<S_LDAP>tls { YYD; return(LDAP_TLS); }
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.31 src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.32
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.31 Wed Nov 25 16:41:39 2020
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Nov 25 16:42:53 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_xauth.c,v 1.31 2020/11/25 16:41:39 bouyer Exp $ */
+/* $NetBSD: isakmp_xauth.c,v 1.32 2020/11/25 16:42:53 bouyer Exp $ */
/* Id: isakmp_xauth.c,v 1.38 2006/08/22 18:17:17 manubsd Exp */
@@ -803,6 +803,7 @@ xauth_ldap_init_conf(void)
int error = -1;
xauth_ldap_config.pver = 3;
+ xauth_ldap_config.uri = NULL;
xauth_ldap_config.host = NULL;
xauth_ldap_config.port = LDAP_PORT;
xauth_ldap_config.tls = 0;
@@ -894,19 +895,31 @@ xauth_login_ldap(iph1, usr, pwd)
atlist[1] = NULL;
atlist[2] = NULL;
- /* build our initialization url */
- tmplen = strlen("ldap://:";) + 17;
- tmplen += strlen(xauth_ldap_config.host->v);
- init = racoon_malloc(tmplen);
- if (init == NULL) {
- plog(LLV_ERROR, LOCATION, NULL,
- "unable to alloc ldap init url\n");
- goto ldap_end;
+ if (xauth_ldap_config.uri != NULL) {
+ tmplen = strlen(xauth_ldap_config.host->v);
+ init = racoon_malloc(tmplen);
+ if (init == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "unable to alloc ldap init url\n");
+ goto ldap_end;
+ }
+ sprintf(init,"%s", xauth_ldap_config.uri->v);
+ } else {
+ /* build our initialization url */
+ tmplen = strlen("ldap://:";) + 17;
+ tmplen += strlen(xauth_ldap_config.host->v);
+ init = racoon_malloc(tmplen);
+ if (init == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "unable to alloc ldap init url\n");
+ goto ldap_end;
+ }
+ sprintf(init,"ldap://%s:%d";,
+ xauth_ldap_config.host->v,
+ xauth_ldap_config.port );
}
- sprintf(init,"ldap://%s:%d";,
- xauth_ldap_config.host->v,
- xauth_ldap_config.port );
+ plog(LLV_DEBUG, LOCATION, NULL, "ldap URI: %s\n", init);
/* initialize the ldap handle */
res = ldap_initialize(&ld, init);
if (res != LDAP_SUCCESS) {
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h:1.8 src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h:1.9
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h:1.8 Tue Nov 15 13:51:23 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h Wed Nov 25 16:42:53 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_xauth.h,v 1.8 2011/11/15 13:51:23 tteras Exp $ */
+/* $NetBSD: isakmp_xauth.h,v 1.9 2020/11/25 16:42:53 bouyer Exp $ */
/* $KAME$ */
@@ -158,6 +158,7 @@ int xauth_login_radius(struct ph1handle
struct xauth_ldap_config {
int pver;
+ vchar_t *uri;
vchar_t *host;
int port;
int tls;
