Cleaned up LDAP_CRYPT support.
# uncomment this line to enable support for LDAP referrals in libldap
LDAP_REFERRALS=-DLDAP_REFERRALS
-# uncomment this line to enable support for CRYPT passwords in LDBM.
-# Requires UNIX crypt(3), you may have to add -lcrypt (or whatever)
-# to your PLATFORMLIBS (build/platform/your-platform)
+# uncomment these lines to enable support for CRYPT passwords in LDBM.
#LDAP_CRYPT=-DLDAP_CRYPT
+#LDAP_CRYPT_LIB=-lcrypt
+
+# uncomment these lines to enable support fro tcp_wrappers in servers.
+# Requires tcp_wrappers.
+#LDAP_TCP_WRAPPERS=-DTCP_WRAPPERS -I/usr/local/include
+#LDAP_TCP_WRAPPERS_LIB=-L/usr/local/lib -lwrap
# uncomment this line to use soundex for approximate matches in slapd.
# the default is to use the metaphone algorithm.
# DEFS are included in CFLAGS
DEFS = $(PLATFORMCFLAGS) $(LDAP_DEBUG) $(KERBEROS) $(AFSKERBEROS) \
$(UOFM) $(UOFA) $(NO_USERINTERFACE) $(CLDAP) $(NO_CACHE) \
- $(LDAP_REFERRALS) $(LDAP_CRYPT) $(LDAP_DNS) $(STR_TRANSLATION) \
+ $(LDAP_REFERRALS) $(LDAP_DNS) $(STR_TRANSLATION) \
$(LIBLDAP_CHARSETS) $(LIBLDAP_DEF_CHARSET) \
$(SLAPD_BACKENDS) $(LDBMBACKEND) $(LDBMINCLUDE) $(PHONETIC)
PLATFORMCFLAGS= -Dfreebsd
-# uncomment this line if using for LDAP_CRYPT
-#PLATFORMLIBS= -lcrypt
PLATFORMCFLAGS= -Dlinux
-# uncomment this if -DLDAP_CRYPT is defined
-#PLATFORMLIBS= -lcrypt
#include <unistd.h>
#endif /* USE_SYSCONF */
+#ifdef TCP_WRAPPERS
+#include <tcpd.h>
+
+int allow_severity = LOG_INFO;
+int deny_severity = LOG_NOTICE;
+#endif /* TCP_WRAPPERS */
+
void log_and_exit();
static set_socket();
static do_queries();
hp = gethostbyaddr( (char *) &(from.sin_addr.s_addr),
sizeof(from.sin_addr.s_addr), AF_INET );
+
+#ifdef TCP_WRAPPERS
+ if ( !hosts_ctl("ldapd", (hp == NULL) ? "unknown" : hp->h_name,
+ inet_ntoa( from.sin_addr ), STRING_UNKNOWN ) {
+
+ Debug( LDAP_DEBUG_ARGS, "connection from %s (%s) denied.\n",
+ (hp == NULL) ? "unknown" : hp->h_name,
+ inet_ntoa( from.sin_addr ), 0 );
+
+ if ( dosyslog ) {
+ syslog( LOG_NOTICE, "connection from %s (%s) denied.",
+ (hp == NULL) ? "unknown" : hp->h_name,
+ inet_ntoa( from.sin_addr ) );
+ }
+
+ close(ns);
+ continue;
+ }
+#endif /* TCP_WRAPPERS */
+
Debug( LDAP_DEBUG_ARGS, "connection from %s (%s)\n",
(hp == NULL) ? "unknown" : hp->h_name,
inet_ntoa( from.sin_addr ), 0 );
+
if ( dosyslog ) {
syslog( LOG_INFO, "connection from %s (%s)",
(hp == NULL) ? "unknown" : hp->h_name,
schema.o schemaparse.o monitor.o configinfo.o
INCLUDES= -I. -I$(HDIR) $(KRBINCLUDEFLAG)
-DEFINES = $(DEFS) $(SERVERDEFS)
+DEFINES = $(DEFS) $(LDAP_CRYPT) $(LDAP_TCP_WRAPPERS) $(SERVERDEFS)
CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) $(THREADS)
LDFLAGS = -L$(LDIR) $(KRBLIBFLAG)
LIBS = $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif $(THREADSLIB) \
- $(LDBMLIB) $(ALIBS)
+ $(LDBMLIB) $(LDAP_CRYPT_LIB) $(LDAP_TCP_WRAPPERS_LIB) $(ALIBS)
all: FORCE
@if [ -z "$(MAKESLAPD)" ]; then \
filterindex.o unbind.o kerberos.o close.o
INCLUDES= -I. -I.. -I$(HDIR) $(KRBINCLUDEFLAG)
-DEFINES = $(DEFS) $(THREADS)
+DEFINES = $(DEFS) $(LDAP_CRYPT) $(THREADS)
CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS)
-LDFLAGS = -L$(LDIR) $(KRBLIBFLAG)
+LDFLAGS = -L$(LDIR) $(KRBLIBFLAG) $(LDAP_CRYPT_LIB)
all: FORCE
-@echo "$(SLAPD_BACKENDS)" | grep LDAP_LDBM 2>&1 > /dev/null; \
#include <unistd.h>
#endif /* USE_SYSCONF */
+#ifdef TCP_WRAPPERS
+#include <tcpd.h>
+
+int allow_severity = LOG_INFO;
+int deny_severity = LOG_NOTICE;
+#endif /* TCP_WRAPPERS */
+
extern Operation *op_add();
#ifndef SYSERRLIST_IN_STDIO
struct timeval *tvp;
int len, pid;
+ char *client_name;
+ char *client_addr;
+
FD_ZERO( &writefds );
FD_ZERO( &readfds );
FD_SET( tcps, &readfds );
Debug( LDAP_DEBUG_ANY,
"FIONBIO ioctl on %d failed\n", ns, 0, 0 );
}
+
c[ns].c_sb.sb_sd = ns;
Debug( LDAP_DEBUG_CONNS, "new connection on %d\n", ns,
0, 0 );
pthread_mutex_lock( &ops_mutex );
c[ns].c_connid = num_conns++;
pthread_mutex_unlock( &ops_mutex );
+
len = sizeof(from);
+
if ( getpeername( ns, (struct sockaddr *) &from, &len )
== 0 ) {
- char *s;
-#ifdef REVERSE_LOOKUP
+ char *s;
+ client_addr = inet_ntoa( from.sin_addr );
+
+#if defined(REVERSE_LOOKUP) || defined(TCP_WRAPPERS)
hp = gethostbyaddr( (char *)
&(from.sin_addr.s_addr),
sizeof(from.sin_addr.s_addr), AF_INET );
-#else
- hp = NULL;
-#endif
- Statslog( LDAP_DEBUG_STATS,
- "conn=%d fd=%d connection from %s (%s)\n",
- c[ns].c_connid, ns, hp == NULL ? "unknown"
- : hp->h_name, inet_ntoa( from.sin_addr ),
- 0 );
+ if(hp) {
+ client_name = hp->h_name;
- if ( c[ns].c_addr != NULL ) {
- free( c[ns].c_addr );
- }
- c[ns].c_addr = strdup( inet_ntoa(
- from.sin_addr ) );
- if ( c[ns].c_domain != NULL ) {
- free( c[ns].c_domain );
- }
- c[ns].c_domain = strdup( hp == NULL ? "" :
- hp->h_name );
- /* normalize the domain */
- for ( s = c[ns].c_domain; *s; s++ ) {
- *s = TOLOWER( *s );
+ /* normalize the domain */
+ for ( s = client_name; *s; s++ ) {
+ *s = TOLOWER( *s );
+ }
+
+ } else {
+ client_name = NULL;
}
+#else
+ client_name = NULL;
+#endif
+
} else {
+ client_name = NULL;;
+ client_addr = NULL;
+ }
+
+#ifdef TCP_WRAPPERS
+ if(!hosts_ctl("slapd", client_name, client_addr,
+ STRING_UNKNOWN))
+ {
+ /* DENY ACCESS */
Statslog( LDAP_DEBUG_STATS,
- "conn=%d fd=%d connection from unknown\n",
- c[ns].c_connid, ns, 0, 0, 0 );
+ "conn=%d fd=%d connection from %s (%s) denied.\n",
+ c[ns].c_connid, ns,
+ client_name == NULL ? "unknown" : client_name,
+ client_addr == NULL ? "unknown" : client_addr,
+ 0 );
+
+ close(ns);
+ pthread_mutex_unlock( &new_conn_mutex );
+ continue;
}
+#endif /* TCP_WRAPPERS */
+
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%d fd=%d connection from %s (%s) accepted.\n",
+ c[ns].c_connid, ns,
+ client_name == NULL ? "unknown" : client_name,
+ client_addr == NULL ? "unknown" : client_addr,
+ 0 );
+
+ if ( c[ns].c_addr != NULL ) {
+ free( c[ns].c_addr );
+ }
+ c[ns].c_addr = strdup( client_addr );
+
+ if ( c[ns].c_domain != NULL ) {
+ free( c[ns].c_domain );
+ }
+
+ c[ns].c_domain = strdup( client_name == NULL
+ ? "" : client_name );
+
pthread_mutex_lock( &c[ns].c_dnmutex );
if ( c[ns].c_dn != NULL ) {
free( c[ns].c_dn );
../schemaparse.o ../regex.o ../strdup.o
INCLUDES= -I. -I$(HDIR) $(EXINCLUDES)
-DEFINES = $(DEFS) $(SERVERDEFS) $(THREADS)
+DEFINES = $(DEFS) $(LDAP_CRYPT) $(SERVERDEFS) $(THREADS)
CFLAGS = $(INCLUDES) $(DEFINES) $(ACFLAGS)
LDFLAGS = -L$(LDIR) $(EXLDFLAGS)
LIBS = -lldif -lldap -llber -lldbm -lavl $(LDBMLIB) $(EXLIBS) $(ALIBS)
LIBS2 = -lldif -lldbm -lavl $(LDBMLIB) -llber $(KRBLIBFLAG) $(KRBLIBS) \
- -llthread $(THREADSLIB) $(ALIBS)
+ -llthread $(THREADSLIB) $(ALIBS) $(LDAP_CRYPT_LIB)
all: build-edb2ldif ldif2index ldif2ldbm ldbmcat ldif2id2entry \
ldif2id2children centipede ldbmtest ldif
projects / openldap / commitdiff