Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon Add an option to pass a l...
details: https://anonhg.NetBSD.org/src/rev/a913a37ba151
branches: trunk
changeset: 1016635:a913a37ba151
user: bouyer <bouyer%NetBSD.org@localhost>
date: Wed Nov 25 16:42:53 2020 +0000
description:
Add an option to pass a ldap uri, instead of just server and port.
uri takes precedence.
diffstat:
crypto/dist/ipsec-tools/src/racoon/cfparse.y | 17 +++++++++-
crypto/dist/ipsec-tools/src/racoon/cftoken.l | 3 +-
crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c | 37 +++++++++++++++-------
crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h | 3 +-
4 files changed, 44 insertions(+), 16 deletions(-)
diffs (132 lines):
diff -r 8c9a9c2d7c3b -r a913a37ba151 crypto/dist/ipsec-tools/src/racoon/cfparse.y
--- a/crypto/dist/ipsec-tools/src/racoon/cfparse.y Wed Nov 25 16:41:39 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cfparse.y Wed Nov 25 16:42:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cfparse.y,v 1.51 2018/05/19 20:14:56 maxv Exp $ */
+/* $NetBSD: cfparse.y,v 1.52 2020/11/25 16:42:53 bouyer Exp $ */
/* Id: cfparse.y,v 1.66 2006/08/22 18:17:17 manubsd Exp */
@@ -296,7 +296,7 @@
/* listen */
%token LISTEN X_ISAKMP X_ISAKMP_NATT X_ADMIN STRICT_ADDRESS ADMINSOCK DISABLED
/* ldap config */
-%token LDAPCFG LDAP_HOST LDAP_PORT LDAP_TLS LDAP_PVER LDAP_BASE LDAP_BIND_DN LDAP_BIND_PW LDAP_SUBTREE
+%token LDAPCFG LDAP_URI LDAP_HOST LDAP_PORT LDAP_TLS LDAP_PVER LDAP_BASE LDAP_BIND_DN LDAP_BIND_PW LDAP_SUBTREE
%token LDAP_ATTR_USER LDAP_ATTR_ADDR LDAP_ATTR_MASK LDAP_ATTR_GROUP LDAP_ATTR_MEMBER
/* radius config */
%token RADCFG RAD_AUTH RAD_ACCT RAD_TIMEOUT RAD_RETRIES
@@ -773,6 +773,19 @@
#endif
}
EOS
+ | LDAP_URI QUOTEDSTRING
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ if (xauth_ldap_config.uri != NULL)
+ vfree(xauth_ldap_config.uri);
+
+ xauth_ldap_config.uri = vdup($2);
+#endif
+#endif
+ vfree($2);
+ }
+ EOS
| LDAP_HOST QUOTEDSTRING
{
#ifdef ENABLE_HYBRID
diff -r 8c9a9c2d7c3b -r a913a37ba151 crypto/dist/ipsec-tools/src/racoon/cftoken.l
--- a/crypto/dist/ipsec-tools/src/racoon/cftoken.l Wed Nov 25 16:41:39 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cftoken.l Wed Nov 25 16:42:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cftoken.l,v 1.27 2012/11/29 15:31:24 vanhu Exp $ */
+/* $NetBSD: cftoken.l,v 1.28 2020/11/25 16:42:53 bouyer Exp $ */
/* Id: cftoken.l,v 1.53 2006/08/22 18:17:17 manubsd Exp */
@@ -224,6 +224,7 @@
<S_INI>ldapcfg { BEGIN S_LDAP; YYDB; return(LDAPCFG); }
<S_LDAP>{bcl} { return(BOC); }
<S_LDAP>version { YYD; return(LDAP_PVER); }
+<S_LDAP>uri { YYD; return(LDAP_URI); }
<S_LDAP>host { YYD; return(LDAP_HOST); }
<S_LDAP>port { YYD; return(LDAP_PORT); }
<S_LDAP>tls { YYD; return(LDAP_TLS); }
diff -r 8c9a9c2d7c3b -r a913a37ba151 crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Nov 25 16:41:39 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Nov 25 16:42:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_xauth.c,v 1.31 2020/11/25 16:41:39 bouyer Exp $ */
+/* $NetBSD: isakmp_xauth.c,v 1.32 2020/11/25 16:42:53 bouyer Exp $ */
/* Id: isakmp_xauth.c,v 1.38 2006/08/22 18:17:17 manubsd Exp */
@@ -803,6 +803,7 @@
int error = -1;
xauth_ldap_config.pver = 3;
+ xauth_ldap_config.uri = NULL;
xauth_ldap_config.host = NULL;
xauth_ldap_config.port = LDAP_PORT;
xauth_ldap_config.tls = 0;
@@ -894,19 +895,31 @@
atlist[1] = NULL;
atlist[2] = NULL;
- /* build our initialization url */
- tmplen = strlen("ldap://:";) + 17;
- tmplen += strlen(xauth_ldap_config.host->v);
- init = racoon_malloc(tmplen);
- if (init == NULL) {
- plog(LLV_ERROR, LOCATION, NULL,
- "unable to alloc ldap init url\n");
- goto ldap_end;
+ if (xauth_ldap_config.uri != NULL) {
+ tmplen = strlen(xauth_ldap_config.host->v);
+ init = racoon_malloc(tmplen);
+ if (init == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "unable to alloc ldap init url\n");
+ goto ldap_end;
+ }
+ sprintf(init,"%s", xauth_ldap_config.uri->v);
+ } else {
+ /* build our initialization url */
+ tmplen = strlen("ldap://:";) + 17;
+ tmplen += strlen(xauth_ldap_config.host->v);
+ init = racoon_malloc(tmplen);
+ if (init == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "unable to alloc ldap init url\n");
+ goto ldap_end;
+ }
+ sprintf(init,"ldap://%s:%d";,
+ xauth_ldap_config.host->v,
+ xauth_ldap_config.port );
}
- sprintf(init,"ldap://%s:%d";,
- xauth_ldap_config.host->v,
- xauth_ldap_config.port );
+ plog(LLV_DEBUG, LOCATION, NULL, "ldap URI: %s\n", init);
/* initialize the ldap handle */
res = ldap_initialize(&ld, init);
if (res != LDAP_SUCCESS) {
diff -r 8c9a9c2d7c3b -r a913a37ba151 crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h Wed Nov 25 16:41:39 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h Wed Nov 25 16:42:53 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_xauth.h,v 1.8 2011/11/15 13:51:23 tteras Exp $ */
+/* $NetBSD: isakmp_xauth.h,v 1.9 2020/11/25 16:42:53 bouyer Exp $ */
/* $KAME$ */
@@ -158,6 +158,7 @@
struct xauth_ldap_config {
int pver;
+ vchar_t *uri;
vchar_t *host;
int port;
int tls;
Home |
Main Index |
Thread Index |
Old Index