Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon Add an option to pass a l...



details:   https://anonhg.NetBSD.org/src/rev/a700ef95c0c8
branches:  trunk
changeset: 946403:a700ef95c0c8
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Wed Nov 25 16:42:53 2020 +0000

description:
Add an option to pass a ldap uri, instead of just server and port.
uri takes precedence.

diffstat:

 crypto/dist/ipsec-tools/src/racoon/cfparse.y      |  17 +++++++++-
 crypto/dist/ipsec-tools/src/racoon/cftoken.l      |   3 +-
 crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c |  37 +++++++++++++++-------
 crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h |   3 +-
 4 files changed, 44 insertions(+), 16 deletions(-)

diffs (132 lines):

diff -r 1f46597c5bca -r a700ef95c0c8 crypto/dist/ipsec-tools/src/racoon/cfparse.y
--- a/crypto/dist/ipsec-tools/src/racoon/cfparse.y      Wed Nov 25 16:41:39 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cfparse.y      Wed Nov 25 16:42:53 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cfparse.y,v 1.51 2018/05/19 20:14:56 maxv Exp $        */
+/*     $NetBSD: cfparse.y,v 1.52 2020/11/25 16:42:53 bouyer Exp $      */
 
 /* Id: cfparse.y,v 1.66 2006/08/22 18:17:17 manubsd Exp */
 
@@ -296,7 +296,7 @@
        /* listen */
 %token LISTEN X_ISAKMP X_ISAKMP_NATT X_ADMIN STRICT_ADDRESS ADMINSOCK DISABLED
        /* ldap config */
-%token LDAPCFG LDAP_HOST LDAP_PORT LDAP_TLS LDAP_PVER LDAP_BASE LDAP_BIND_DN LDAP_BIND_PW LDAP_SUBTREE
+%token LDAPCFG LDAP_URI LDAP_HOST LDAP_PORT LDAP_TLS LDAP_PVER LDAP_BASE LDAP_BIND_DN LDAP_BIND_PW LDAP_SUBTREE
 %token LDAP_ATTR_USER LDAP_ATTR_ADDR LDAP_ATTR_MASK LDAP_ATTR_GROUP LDAP_ATTR_MEMBER
        /* radius config */
 %token RADCFG RAD_AUTH RAD_ACCT RAD_TIMEOUT RAD_RETRIES
@@ -773,6 +773,19 @@
 #endif
                }
                EOS
+       |       LDAP_URI QUOTEDSTRING
+               {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+                       if (xauth_ldap_config.uri != NULL)
+                               vfree(xauth_ldap_config.uri);
+
+                       xauth_ldap_config.uri = vdup($2);
+#endif
+#endif
+                       vfree($2);
+               }
+               EOS
        |       LDAP_HOST QUOTEDSTRING
                {
 #ifdef ENABLE_HYBRID
diff -r 1f46597c5bca -r a700ef95c0c8 crypto/dist/ipsec-tools/src/racoon/cftoken.l
--- a/crypto/dist/ipsec-tools/src/racoon/cftoken.l      Wed Nov 25 16:41:39 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cftoken.l      Wed Nov 25 16:42:53 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cftoken.l,v 1.27 2012/11/29 15:31:24 vanhu Exp $       */
+/*     $NetBSD: cftoken.l,v 1.28 2020/11/25 16:42:53 bouyer Exp $      */
 
 /* Id: cftoken.l,v 1.53 2006/08/22 18:17:17 manubsd Exp */
 
@@ -224,6 +224,7 @@
 <S_INI>ldapcfg         { BEGIN S_LDAP; YYDB; return(LDAPCFG); }
 <S_LDAP>{bcl}          { return(BOC); }
 <S_LDAP>version                { YYD; return(LDAP_PVER); }
+<S_LDAP>uri            { YYD; return(LDAP_URI); }
 <S_LDAP>host           { YYD; return(LDAP_HOST); }
 <S_LDAP>port           { YYD; return(LDAP_PORT); }
 <S_LDAP>tls            { YYD; return(LDAP_TLS); }
diff -r 1f46597c5bca -r a700ef95c0c8 crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Nov 25 16:41:39 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Nov 25 16:42:53 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp_xauth.c,v 1.31 2020/11/25 16:41:39 bouyer Exp $ */
+/*     $NetBSD: isakmp_xauth.c,v 1.32 2020/11/25 16:42:53 bouyer Exp $ */
 
 /* Id: isakmp_xauth.c,v 1.38 2006/08/22 18:17:17 manubsd Exp */
 
@@ -803,6 +803,7 @@
        int error = -1;
 
        xauth_ldap_config.pver = 3;
+       xauth_ldap_config.uri = NULL;
        xauth_ldap_config.host = NULL;
        xauth_ldap_config.port = LDAP_PORT;
        xauth_ldap_config.tls = 0;
@@ -894,19 +895,31 @@
        atlist[1] = NULL;
        atlist[2] = NULL;
 
-       /* build our initialization url */
-       tmplen = strlen("ldap://:";) + 17;
-       tmplen += strlen(xauth_ldap_config.host->v);
-       init = racoon_malloc(tmplen);
-       if (init == NULL) {
-               plog(LLV_ERROR, LOCATION, NULL,
-                       "unable to alloc ldap init url\n");
-               goto ldap_end;
+       if (xauth_ldap_config.uri != NULL) {
+               tmplen = strlen(xauth_ldap_config.host->v);
+               init = racoon_malloc(tmplen);
+               if (init == NULL) {
+                       plog(LLV_ERROR, LOCATION, NULL,
+                               "unable to alloc ldap init url\n");
+                       goto ldap_end;
+               }
+               sprintf(init,"%s", xauth_ldap_config.uri->v);
+       } else {
+               /* build our initialization url */
+               tmplen = strlen("ldap://:";) + 17;
+               tmplen += strlen(xauth_ldap_config.host->v);
+               init = racoon_malloc(tmplen);
+               if (init == NULL) {
+                       plog(LLV_ERROR, LOCATION, NULL,
+                               "unable to alloc ldap init url\n");
+                       goto ldap_end;
+               }
+               sprintf(init,"ldap://%s:%d";,
+                       xauth_ldap_config.host->v,
+                       xauth_ldap_config.port );
        }
-       sprintf(init,"ldap://%s:%d";,
-               xauth_ldap_config.host->v,
-               xauth_ldap_config.port );
 
+       plog(LLV_DEBUG, LOCATION, NULL, "ldap URI: %s\n", init);
        /* initialize the ldap handle */
        res = ldap_initialize(&ld, init);
        if (res != LDAP_SUCCESS) {
diff -r 1f46597c5bca -r a700ef95c0c8 crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h Wed Nov 25 16:41:39 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h Wed Nov 25 16:42:53 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp_xauth.h,v 1.8 2011/11/15 13:51:23 tteras Exp $  */
+/*     $NetBSD: isakmp_xauth.h,v 1.9 2020/11/25 16:42:53 bouyer Exp $  */
 
 /*     $KAME$ */
 
@@ -158,6 +158,7 @@
 
 struct xauth_ldap_config {
        int             pver;
+       vchar_t         *uri;
        vchar_t         *host;
        int             port;
        int             tls;



Home | Main Index | Thread Index | Old Index