diff options
Diffstat (limited to 'net-nds/openldap')
36 files changed, 4087 insertions, 0 deletions
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest new file mode 100644 index 000000000000..44c4f8fead29 --- /dev/null +++ b/net-nds/openldap/Manifest @@ -0,0 +1,40 @@ +AUX DB_CONFIG.fast.example 746 SHA256 69fc9aa6e4f0b888bc02d3f75642fe1ebf9345c685257a5c1236b2e79ed56e0b SHA512 07199416b7c91864a1dd5ad45642367c4f79ee8b694214305289c47afb5b53420f0fb81cf7c8b117400c903535e88a2dd47bda28d57e969aeeec669debf6dc9e WHIRLPOOL 1d6a2adcdbbac2698d8d5ab1867ecfafee23c8561c34addaea30f59bde8b4bfad88c576ffd7df102aa428c2588ed3b9376de49606eb6608c8e873f8119326c5a +AUX openldap-2.2.14-perlthreadsfix.patch 614 SHA256 bb719cc1fed47ff0f111c960f3295781ae6f0d9e98b4266a87751044b4bb3175 SHA512 e2579de72194c63e445108a39a85635622c1a629cec9d276df84ce9d770dbe7e2df2057663bac192558af3dee60fa2f0ae92f4cc34145c300fe141ae7f3f13b3 WHIRLPOOL 24cab36ff0368f81f555ba0fa0ea0f78d245d1863bf4c6c6d291536b16bdbe628a9a204ffccce12a6014b71717f3dd722c9f95061c1a519e273c0535316ad97d +AUX openldap-2.2.6-ntlm.patch 5011 SHA256 1f7e766bcafb412ec336aad7e07295d6d62d2e2a62b6804b07b06a5056102243 SHA512 8140dba85c56f269c953b0b23b2ca7eecb42f8e5167f4d0f08511dc8c06c30bcb42c3e38ed3b77d5622780a94c0aa9eb65bb8e45af50075acab97e7f466a1a9d WHIRLPOOL 75c2394c46242f738b5ee0db8473b05b5e7e75821e89dcea3ca7a139e34cc61f5848d0601dc66499dad35beefdd02aed5486ed138cfd8e216041aa5ceb85c920 +AUX openldap-2.3.21-ppolicy.patch 402 SHA256 97feaaff03e839aaad402024082ba62fb2cbe0c721664a85af8674ebb28d7dbd SHA512 19d2fb2755f62d3b77851983645f6656f10078e983ac09c8de7b50ba2ce52f2c8e5379f066cf1b6e91921b8ca5c54852bacd1563f20e5004babe94db66e7d88e WHIRLPOOL 32a93bc7daa952313643a56533719963766f944f25abedb29568b4e32fe1f42ffd7631b922dd2395d42d81ca2addcce8ddd5fd11432a4217c5f76f5b1ff8ef66 +AUX openldap-2.3.24-contrib-smbk5pwd.patch 1631 SHA256 277990c6bc9e00c29bc5123d5074e1a741a224e884f92651b301375b02edc70e SHA512 7aaab44cdf84233bfd78555db3af7c5a435cb3f37cb8f243b57b32391381835ce1efff7604f80cdf58fee429f6ecedc486f88addec15b6d32ef78f526c6c8826 WHIRLPOOL fbb14366c31ff97b9a706b9ceb0073e45affcf513a1c58966548537dfa3d3185ce5d8f0b38b627a5a729a3084b38f5681565bea2c46d369179879223e66adc37 +AUX openldap-2.3.34-slapd-conf 2067 SHA256 f7611233b83fa70dac313b4e734041dfe1ddac07c804bdb12a775d7cf88c36a1 SHA512 fa1c6051c8285cd8f91dd236289a7492efd30fe172d269b35a4941945623f87fd4ff0c8b47dae36e55e395e4d931cf680ab15c5f44fd7279be686678661971aa WHIRLPOOL 55384866d25d016a6135b443e9b25a8a321118a4e33214950f7f3ea51c357ba5a4b335d2f77aa941c04ebfd6131fcf48c87f29df8dc4fe685bad9f3aae61642a +AUX openldap-2.3.37-libldap_r.patch 862 SHA256 82471cc13806a9260e441aea90c8dfe9ce21b6d3edabb71766a2afcff6f80dfb SHA512 b49260b4a1583e1084f695e55e80aa90b301c9d56cd9cc04f0a78c0beb2e7d645e4b2163cae2be940f3918802b5d766e30f8550fd7fe723f365829c415fe364c WHIRLPOOL b22350b4ee9a3505b7b78ae915e82d3c84b19e7140047733cecd37818c57606097bd5d199d670ecf0d3bc350c08703bcaa126ed359b7930ab0a9b58e66f4aa50 +AUX openldap-2.3.43-fix-hang.patch 645 SHA256 48d1f63a303142e535413b3a42e1fdfea89abaf3265de801c147ef3bdcf3c27e SHA512 3cc7f46bd69634844c5fdf893120928e2d8b6c93011aebfb01786608bbb40351fab3f5e346857ab95724d5199b4b0270d56d56c7f1a43be07951f26fb82b018e WHIRLPOOL ddb6314f72a70a92d2cdc96548a8d0f783e97b91c9d71971566d3028d8ef1527b6897e5cdd6557fcd223f317b510dfbd12666c5bce0e8c9f06451e077a766bd5 +AUX openldap-2.3.XY-gcc44.patch 1169 SHA256 c799ad2adde0e0801bfd641c1a43860180121a04897b8e2a01ad000ea31e2a8d SHA512 9e7b726b384390dbf85c50cd344b6a614d09823293f1af2642cfb50c25f4f39254ae0b19cd0da0b30e6fbd270f61646487e1643406438bd2ec6b37883b03f9f2 WHIRLPOOL c5881dac9b095c28f3dd75fd71dfada84705bd42d643172389854f0c65e548a0f8721abef50568f63ebd85ac7bfeff68c64703dfdec0f7b42a57b92cf2f95097 +AUX openldap-2.4.11-libldap_r.patch 515 SHA256 3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e SHA512 44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 WHIRLPOOL f0c115c60a1405bb6d34090d878ba82b454cced4a7718e1132bc8d118032ae656dcd0207640142740ea4f547403edf2b95c97ae2c7f67a2b656b83cb3a508e45 +AUX openldap-2.4.15-ppolicy.patch 418 SHA256 98269fa1e8a1a0e62dad9acd36fd9a33614fca9a5830d6e7e606db8eb7f85de5 SHA512 59db36c9b4d16e7ccf4b318af2a8d0c6e29cda7e567641b3bcc6069bb7d610a8ac8b56e16ca72165b3e50841abb1ef693b9e2958f16997ac637554f3a67b7146 WHIRLPOOL ae52ce30b17e0413ee87db55070d64e06e4ab5e14adf96f808a0cfba39c3f946fc5b4e4431d8fc6123c025261acd6a16e2245a1b46e1eb7a131444e5ffc7825f +AUX openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch 3542 SHA256 31e816eb9f3b52f5f9d183f82adebff75892e45e764187e579a92204c90889cb SHA512 6e4d3d04344433967ae099471e2af9d706e77206fc5e8d84d63681c5b975110f9abbee5d29be0a51e4cf8bc8ee157d8f386d99ffcebd059ef1be660530aaa096 WHIRLPOOL 38d4e60faff9d3a5f21e0783e688b4716d8d04976f549958798becad3e03b06eec2eeeac1b7491fe361e077b4aca5b75506bd45d65668746ab67db3a20d86a28 +AUX openldap-2.4.17-gcc44.patch 509 SHA256 33345882f601050ecaa6bb3dd7458e6b5f8e3684345847f7a53d4a1b0f514bda SHA512 ea2c862c7a7b8bc17c31ece694c010dd648840cb4facd48d5640767d859bf3c9108d547007984cb759f4a8810ff99ab8295c82dc2ad069f568d037d8448e6ff4 WHIRLPOOL 5f597463b6e92b43e0d6beabf426f5d6000fb204dfe8080ebcf57ec71391712fb24f728f6e61d205dd3ef9e78c7eb8a443994c68469f80b2536cfea3cd75eed4 +AUX openldap-2.4.28-fix-dash.patch 1101 SHA256 fddaad5f49cce39bf5492bb1dda10f2ce83419c48f128fe536661dde703b5d1b SHA512 f9b3a50eb972f746878afe4a8cda8d7e2a2807932ad2faf602f43e5a1b81166bea4fde764b4e1ae4be0000cc0713ee90a4620afab5809b8460f60ae39a716e9e WHIRLPOOL ba3856cd1008431025811aaa21d0a0ce94896590a16eee8cd27bdc84fd89884b0d27e8dce31bc79e4b4a91884bc90624f1a6afb38efb847839a036b4a2196af5 +AUX openldap-2.4.28-gnutls-gcrypt.patch 340 SHA256 26dc29a502e45f6b1003674c1ef5bc6c79b71d00fc9b2fc7a145291a314370c0 SHA512 53441707e9b24e774c0541ad8b63295eea6dc0352ae2ef3bf389f381da18f1df05fb2f7b41c816e1f697d8f1b208643d05891c03d8fba42d85e3b7689e5ee94f WHIRLPOOL 6be9eda56fd68c9e0818443ca70ee6c1e904aa6126576477d402c9abd2ee44952a0a313efc89f603b02cac35cbfea3c987de5b6ec3625a92bc691386edd85aa5 +AUX openldap-2.4.31-gcc47.patch 480 SHA256 6a0bef52a8681e30c4be7c11df88f5c73d2ab90f0bbbb79c550b6174d3978060 SHA512 a35113fe3f5e9ae5b9631976415df41d53a99ae1ca4c4dcdcfd89e6ccc6ba906cf5cfe2ee4901033dba29d62b6607d4a93ca74645eb6ceba38e67c5d8521816a WHIRLPOOL bf1315bebf8b16a625d55ac1d040a1ab831c25c87fe6f9bb9ff4b1b54f621a36e75e6055955e60617823fbf78244cd4aec7f702ea0d7a8d85a164f550d2675e7 +AUX openldap-2.4.35-contrib-samba4.patch 1400 SHA256 64ca91d3edae25d392f39a7f538e269b26de4e09923f872014e84ec388bda911 SHA512 332c4b2daa3eba165cfdcd479b1012e139d60095aaa628f8f5750fffb722d39395935bd7d7e56272e98fd234ab0be1c6568a71feeda5d88ba24b91b385defdad WHIRLPOOL c472dc75bbc1261b84ce0bfe8dd0a749200d7540647733ca13c0b1ccd8330739278f83eea3c91b3b29e5982eb6c9f9fb920ffdd9a6faaf4c0e66a97a1d16db55 +AUX openldap-2.4.35-contrib-smbk5pwd.patch 1626 SHA256 377b9204f51bb751d7311de3ee789386496372db2964ed2a929733099c23688a SHA512 c045c7605d25bab9eef8c12752f4952e3e6358124764ded91f5f98210686bc371f32ac20c56a63de80410f882f20e0889eec95474f1ee9d4c5bb4ed303ec8da0 WHIRLPOOL 64feead042fe22ec8bd36a23a11ea1af513702de2ab063324f0e49802635ca53b9f2f662159c8784877f6342d0a15cb231710be2ea69031c3df7459cd150cc47 +AUX openldap-2.4.40-slapd-conf 2059 SHA256 306602d38cbbdc2203e9f838348cbe9b264738cf86bbebc60272658b92a1eff9 SHA512 7ce8a8262db74d86449a3d31b96b2efa9e8dae2f9992a1c3a6d6899fb65531eaf917f410d8728852cb74338d7ba3c8c3b52d2f6cdcbba4cb3b97f6c733099fa2 WHIRLPOOL 979a2802501ec22dd93032eb3bc1a3df322558013cd8038736bac436b33fdb666df5d93fbfcc4d99762c10aa9e1a1edef496fa364d2b4f0019b5dd702174b6f4 +AUX openldap-2.4.42-mdb-unbundle.patch 3589 SHA256 43be88ef0810608232b2490e7f06f66272d17059c581f76d4de79c415365dd97 SHA512 ec123ff8cef6c32b1f29c2d0643433dd88dfa8ab62b4d7536de829475ff8b45b5c7376f3e17f3424aab326a573aa36a593630feecbd40c3e574c6c24f5dd83ec WHIRLPOOL 0eadd603e016506d3365f81c802561a0201122b989033935a5a6b4737db75ff6c1517bcca1c7c127b54bfd7c1ea2db0c11f65228ea6c4cbacf2f783af98dfddb +AUX openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch 3542 SHA256 026f2865c907c23249648cba03ea8e1ca5de0c48306865c17512378d40df63bf SHA512 326e73df430eb152fa5c53deb12071795f5958e6c48167021ebab83c6b1c4320ed56b0dfe5dd3475de463ff24e43cc8fe2c7cbf905e11cc1d48a70e350cb0ebc WHIRLPOOL bdc0808fd27c0b00c151ee3ee76a43fdea6e274abdae7d0278b69ec3455c4bb19ec917c489e2632b30736508f838b5f3a47bc697e8c6235d3e2aa5e96d9d9be9 +AUX openldap-2.4.45-libressl.patch 2276 SHA256 762f03261558cad884c25d166a9a4ae7bc3463e12798c7c90505cc6b5f68a206 SHA512 72d5177f67ce62053a66c241bedcc3a301544726c6ebf7055482c58337cf2a9fdab89336f910e039f90ef7f23fade4fdc167b8caab91acfb5ca5754780c962ab WHIRLPOOL 2be8ca186c538ffb9c773ebfeb1004c934f70860e257e6bcacb71755bc109fefe5080c5501ae54b9e7e799a91089aa97ad63905f419d6ceffc5b4b765ab15be6 +AUX openldap-2.4.6-evolution-ntlm.patch 5161 SHA256 3b79d9afaa7c76ca20c5e7aa856dea49931741a1022ae6c3bb264c38f4c22edb SHA512 a553231ad3e2d2ca3a3a195b20da6163c135a723e0a3ed39afcad5601ed4ef01e692533df3f8f96d5ec8cc74ca27cbd16508818007dc1343899a42b5595b980b WHIRLPOOL 624f11c996825bb248dd7c33f64afd3a4e8b9edbbe79c6fdffc7f2d8e57c5d8ac4c651eae7763dbc0a06144b916131b70e599771034bcb6bd8c586a9bf6a8209 +AUX slapd-confd 614 SHA256 901044908fbbbbf333f7f0f1efccd1f0e213aa1a9156b3e659eaf0a0c7fdfc89 SHA512 e4ae52d10294da787016cf39adfd68c6ad812ac1758b00845810ee7936d21734d2ef3793252b878d88f21788414071adffb5f484381d4dc6a29f71a8729486b7 WHIRLPOOL d45df7487a952f899e9098779edda82afd9fb5ca66e42bbaf4a94f9ebdda9be58a026c0358a521a2feb4cc04c1f8477fb034896054ca4575d717bec367e1e2e8 +AUX slapd-confd-2.4.28-r1 1072 SHA256 5bca003ec3b67c7c78519aede1d82002579006ccfecce8f87b559df719f82e92 SHA512 7426c04ee689bcfb29a9a3956367c571eac6bc9620efda938591d09382a05527454458f7a25bdc2fa2ac920f93bae516121e085408ffefbe8ace0c7d8c5da315 WHIRLPOOL b9cb4e249f224ce2435184922df8d053d4c6d058a6408b72ac3c393563bdc0d413f7310e74ef7dcdab6dedc3d25a77d5af0581334356a9b55be5c516d6ee71d4 +AUX slapd-initd 1168 SHA256 6b2039adf33b9dbfcce644631f4e8d1c0517327123ad875e102bcafe6c30b364 SHA512 52dec305f990de797cfe12a9b0d5b306f4b5baedec1597879151a492a1743ea46d83bf659f7695e07b8652fddb8a5a2ea11339991432075907fc088edd9a8bd5 WHIRLPOOL b2b29b8571976fafdf3c801b744b86ce9f2bb460bedf736ea912e6c97739c3cc57a64dee45b4fbc15382d26571cd1540b9ac3e609e25ce97973e80fd8bb77ff3 +AUX slapd-initd-2.4.40-r2 1726 SHA256 bcd84fca8efc1eec3aea489f238b51ce7226ffcdb1562044e48106897bc5a6fc SHA512 3945dc4cff9b20bddd2ac4f38d045f8caabb59368ab0b5e952d4194d06a1bdd9871546b84e9a54b692d2e3ca699aa065e5fa909a29ae80e102ed9635c94bcfd5 WHIRLPOOL 1be86d1dcd863077fa77a98e56b5dded097d34afabaebb29d3d37f39c818cca246067fdab4aaffddc64c02fbe01e7000ece6da6e7b9015dcf3248b5325d7ed84 +AUX slapd.service 284 SHA256 106563991611b44717cf93c10473edef39b4f0b4b391e29b9d5bdd3059c7a64a SHA512 450c93b320101e1c28681cad6694c24332fbe424ac98283b621a2f6e1eb01e9e2dbd80a4142e6e8d01d95c55018b44e847d4f4c55f11d7e0e0a11ae1827daa82 WHIRLPOOL d1ff7b8c672d9b38116cc8984567179a743b140211ae99bebd00729d8dc3cfcd4ed7c0833a18b071c9fa20eeb2cce4e053e7b6805474fc3ca8442167254c1e35 +AUX slapd.service.conf 443 SHA256 462adb8f6fc1a9f742c792b4392346d30949eed523453dd19b64afc9dc448145 SHA512 be9cf4bf19111bd77c0ce481428e6f3cc183a6939775ed1a2d7606a5162da34178cb139d666288f6a35b8413bd4dc5f8f1bd60b39f3cca8f749557674b93910b WHIRLPOOL 8697c1c1c82c5c3fbb5d3fffc43e56f1a05a8bf23443270f2a051fde7d6ca0d1c5102611ac62d244b2c190c6bd1fb675cc46a5978a715d2df4e72f13c58db3c8 +AUX slapd.tmpfilesd 90 SHA256 8039a0190bd5b701f29661c63e03e4fb439a8eb50fdd7be5ce96a7f7f3aaeb1b SHA512 c462c92911635a2a6a30eb7239e74b529062224f9798351f53dca9a2e25cbc7f9fbb3743f98a015b7ccac0823ab85adb42d91d980f053bc3f12fdce760ce4bec WHIRLPOOL 2fb28068fa2b8113041544bd88a58060aa309b012b58bd903b58e2ff853fec0882de2f2b0fa28da76eaa5550dcccbe7ed6e8b792df7f788b6bf0d324a0dc0e52 +AUX slurpd-initd 386 SHA256 f63742fd5f4192e8c676d3634b3947f48dffc2d37ebc82d50a3eec19178c51f0 SHA512 f6f5ede73eb1290673f1d4c9605d8806c759d68568610660eaa1cdcacf2926c728387b5e70885acdec0eea0e15a734c730af49550c4ffc8f121fffc3d9b7ed8c WHIRLPOOL 8f6fe3bb1e2221438e546b766368f76cb6dec18aa3b3b997cf3867b058f0d0d0ca1690a0fb10ae2aac28917d0803c4d2d6663e7993e3eeac3589b4f407befc0f +DIST openldap-2.4.44.tgz 5658830 SHA256 d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400 SHA512 132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136 WHIRLPOOL 37399793d681a6489c369d663772970c62a4e1e370d4dc306bcb6fa3b9cb680139c9d940d9218aaac4618f50a63bc391b10f2aec0a134f84094ce4f7378c88ff +DIST openldap-2.4.45.tgz 5672845 SHA256 cdd6cffdebcd95161a73305ec13fc7a78e9707b46ca9f84fb897cd5626df3824 SHA512 1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab WHIRLPOOL b5855bfe2b2c3856a98fb8b07ab94e51ef995ff80d4f39f0e7edae64f9774f0af9987db3673e25f98df8a5856a3f8839f28f1aa9184c92862a4df22540b3ab49 +DIST rfc2307bis.schema-20140524 12262 SHA256 6cd8154ad86be1d6bb88a79c303dc10a49bce4ce7d21bb417a951d6496df30b1 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e WHIRLPOOL 40cef24529fb4bfc1661d03088eccdb17d9056d696b2bf0e698fa248d03f508ba776784bf8abbaffb5f4c2c59b59b29525b4be2babc978fed681e5e3c88073de +EBUILD openldap-2.4.44-r1.ebuild 27259 SHA256 a7f12b250076f6bab4dbdad4c73f2d283adbab9620a2221234645dfce94d6894 SHA512 c63699f455d26a1c0845eb5529ef0d2fd272621e4fba52810838795025129e20a1e1d98277430be31cd82a24f72ebd07c36f0ab77ea4a6a07d97e2f05c6531d4 WHIRLPOOL acf2d55ed8793c7c8ac062811b14030e880f3065acfb6c0d028733f30119d88aa3943b1a08ba411adebf3a88240ba3958a35454fc95f1843ebca8db16cbe036f +EBUILD openldap-2.4.44.ebuild 26590 SHA256 23aa7efd290c1a6bb580835378de582ac334d17a5839038a9831267aca70f4e7 SHA512 d53b72491b7d32986da5a62888bc4c5a5b642fc45376679e8538dee2c5dcae80c298697e285bf9d8ffd92ca046a1ceb8e173bfa6b49f53d738d78dbc08ada85c WHIRLPOOL 87ae87e4a46a8e728eae90c6377f72803a17019835cc217efb4e17c6b19787b871f3023a654c90f8ba425bc57411c2526f838d29d04d99c863c39de4ab0738e5 +EBUILD openldap-2.4.45.ebuild 28136 SHA256 82d39dacdb5993f24087404a44c4e7d1a58402064c30358f3b0a7597c4c23b2e SHA512 df7534b9fa4982e9bfe99cf62ad24117952ff1540c135c6adb7ed7dc40b279c411fc876dd2ac8e9540c81e05128b5247a7a3e9b011581ef5c59ddb738817fc88 WHIRLPOOL 3b2b8d89fe00050154fe5c7ebe00c9874119e4b1da961b2c79eb7ea6f3b02ed0bb4400594a45424b2276a6bfaa178104ea0a023786f8ee4ae39b501792eadb0a +MISC ChangeLog 8175 SHA256 3e40d412ae900631f1ff6666ca53a00c645d846d17e85dda64f2307af9a8b51b SHA512 5758f053e916ff51f0af336a4c1ab5068827334b441b5904be35968bb6be7efd078682360e41f7ba2bbbdf0302e0cf0e9b3e51bf466efd8a4a5ef61ff890258e WHIRLPOOL 0d7b6d7f534bdeca1aa97339e69a2705ab96abf678d910e6cdf994956553dc9ad25b935903e938991bf79b4986692912e846989e7a1f9d4fa96c8a82c331d432 +MISC ChangeLog-2015 87821 SHA256 29dc9d2d86f5c0de89ee44162332ee4390220ea9e546895100bd413bc60a0a30 SHA512 7c98e1dfe9ea30d7a31a7187cd913e6997bd8f8d5d74747c85f989a61b702272ce120588874257f2653343c2134c94dc405710f82957169a6f7bac01854d3611 WHIRLPOOL 2b657cb4f1f302e90eea233e401c6ca379b605c697443b36280153eb7419695ed2040ada6505b2c38c86832bda3efa74a4bfeda267d644639148ca6954cd10e9 +MISC metadata.xml 939 SHA256 dbed34e13c441b16f14e2ddb4a415b343e7148c9ebbd294b8d825f5abad9b350 SHA512 2cb744d3e29b0a3e8418b47df6c4d64a606d9a5e021e64104b8644da4977b0ad030b7d2e6c74259799c5ee1aa64984b779fa7966f6a77402574150f6756df1c1 WHIRLPOOL 2febb19b808bb5eea0040655b745c44cddd89f25f8c74091fb63371bec1e4b99d41fce6e5a1e1b699706e1a14634ccc7b49f8d022d3b4cc3a544680e728773fa diff --git a/net-nds/openldap/files/DB_CONFIG.fast.example b/net-nds/openldap/files/DB_CONFIG.fast.example new file mode 100644 index 000000000000..8b52062c9c22 --- /dev/null +++ b/net-nds/openldap/files/DB_CONFIG.fast.example @@ -0,0 +1,25 @@ +# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1 2004/06/18 02:49:08 kurt Exp $ +# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. +# +# See Sleepycat Berkeley DB documentation +# <http://www.sleepycat.com/docs/ref/env/db_config.html> +# for detail description of DB_CONFIG syntax and semantics. +# +# Hints can also be found in the OpenLDAP Software FAQ +# <http://www.openldap.org/faq/index.cgi?file=2> + +# one 0.25 GB cache +set_cachesize 0 16777216 0 + +# Data Directory +#set_data_dir db + +# Transaction Log settings +set_lg_regionmax 262144 +set_lg_bsize 524288 +#set_lg_dir logs + +# When using (and only when using) slapadd(8) or slapindex(8), +# the following flags may be useful: +#set_flags DB_TXN_NOSYNC +#set_flags DB_TXN_NOT_DURABLE diff --git a/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch b/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch new file mode 100644 index 000000000000..ddb6672a5fa7 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch @@ -0,0 +1,12 @@ +diff -ur openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in openldap-2.2.14/servers/slapd/back-perl/Makefile.in +--- openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in 2004-04-12 11:20:14.000000000 -0700 ++++ openldap-2.2.14/servers/slapd/back-perl/Makefile.in 2004-06-20 18:43:41.000000000 -0700 +@@ -31,7 +31,7 @@ + + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) +-UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ++UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) `perl -MExtUtils::Embed -e ldopts` + + LIBBASE = back_perl + diff --git a/net-nds/openldap/files/openldap-2.2.6-ntlm.patch b/net-nds/openldap/files/openldap-2.2.6-ntlm.patch new file mode 100644 index 000000000000..1e52f99f1988 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.2.6-ntlm.patch @@ -0,0 +1,199 @@ +(Note that this patch is not useful on its own... it just adds some +hooks to work with the LDAP authentication process at a lower level +than the API otherwise allows. The code that calls these hooks and +actually drives the NTLM authentication process is in +lib/e2k-global-catalog.c, and the code that actually implements the +NTLM algorithms is in xntlm/.) + +This is a patch against OpenLDAP 2.2.6. Apply with -p0 + + +--- include/ldap.h.orig 2004-01-01 13:16:28.000000000 -0500 ++++ include/ldap.h 2004-07-14 11:58:49.000000000 -0400 +@@ -1753,5 +1753,26 @@ + LDAPControl **cctrls )); + + ++/* ++ * hacks for NTLM ++ */ ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) ++LDAP_F( int ) ++ldap_ntlm_bind LDAP_P(( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp )); ++LDAP_F( int ) ++ldap_parse_ntlm_bind_result LDAP_P(( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge)); ++ ++ + LDAP_END_DECL + #endif /* _LDAP_H */ +--- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500 ++++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400 +@@ -20,7 +20,7 @@ + SRCS = bind.c open.c result.c error.c compare.c search.c \ + controls.c messages.c references.c extended.c cyrus.c \ + modify.c add.c modrdn.c delete.c abandon.c \ +- sasl.c sbind.c kbind.c unbind.c cancel.c \ ++ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \ + filter.c free.c sort.c passwd.c whoami.c \ + getdn.c getentry.c getattr.c getvalues.c addentry.c \ + request.c os-ip.c url.c sortctrl.c vlvctrl.c \ +@@ -29,7 +29,7 @@ + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ + controls.lo messages.lo references.lo extended.lo cyrus.lo \ + modify.lo add.lo modrdn.lo delete.lo abandon.lo \ +- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \ ++ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \ + filter.lo free.lo sort.lo passwd.lo whoami.lo \ + getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ + request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \ +--- /dev/null 2004-06-30 15:04:37.000000000 -0400 ++++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400 +@@ -0,0 +1,137 @@ ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ ++/* ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file ++ */ ++ ++/* Mostly copied from sasl.c */ ++ ++#include "portable.h" ++ ++#include <stdlib.h> ++#include <stdio.h> ++ ++#include <ac/socket.h> ++#include <ac/string.h> ++#include <ac/time.h> ++#include <ac/errno.h> ++ ++#include "ldap-int.h" ++ ++int ++ldap_ntlm_bind( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp ) ++{ ++ BerElement *ber; ++ int rc; ++ ber_int_t id; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( msgidp != NULL ); ++ ++ if( msgidp == NULL ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ /* create a message to send */ ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ assert( LBER_VALID( ber ) ); ++ ++ LDAP_NEXT_MSGID( ld, id ); ++ rc = ber_printf( ber, "{it{istON}" /*}*/, ++ id, LDAP_REQ_BIND, ++ ld->ld_version, dn, tag, ++ cred ); ++ ++ /* Put Server Controls */ ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ++ ld->ld_errno = LDAP_ENCODING_ERROR; ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ /* send the message */ ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); ++ ++ if(*msgidp < 0) ++ return ld->ld_errno; ++ ++ return LDAP_SUCCESS; ++} ++ ++int ++ldap_parse_ntlm_bind_result( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge) ++{ ++ ber_int_t errcode; ++ ber_tag_t tag; ++ BerElement *ber; ++ ber_len_t len; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( res != NULL ); ++ ++ if ( ld == NULL || res == NULL ) { ++ return LDAP_PARAM_ERROR; ++ } ++ ++ if( res->lm_msgtype != LDAP_RES_BIND ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ if ( ld->ld_error ) { ++ LDAP_FREE( ld->ld_error ); ++ ld->ld_error = NULL; ++ } ++ if ( ld->ld_matched ) { ++ LDAP_FREE( ld->ld_matched ); ++ ld->ld_matched = NULL; ++ } ++ ++ /* parse results */ ++ ++ ber = ber_dup( res->lm_ber ); ++ ++ if( ber == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ tag = ber_scanf( ber, "{ioa" /*}*/, ++ &errcode, challenge, &ld->ld_error ); ++ ber_free( ber, 0 ); ++ ++ if( tag == LBER_ERROR ) { ++ ld->ld_errno = LDAP_DECODING_ERROR; ++ return ld->ld_errno; ++ } ++ ++ ld->ld_errno = errcode; ++ ++ return( ld->ld_errno ); ++} diff --git a/net-nds/openldap/files/openldap-2.3.21-ppolicy.patch b/net-nds/openldap/files/openldap-2.3.21-ppolicy.patch new file mode 100644 index 000000000000..06bbee86f1c9 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.21-ppolicy.patch @@ -0,0 +1,13 @@ +--- clients.orig/tools/common.c 2006-05-05 00:24:01.000000000 -0700 ++++ clients/tools/common.c 2006-05-05 00:24:13.000000000 -0700 +@@ -904,8 +904,8 @@ + tool_bind( LDAP *ld ) + { + #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST +- if ( ppolicy ) { + LDAPControl *ctrls[2], c; ++ if ( ppolicy ) { + c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST; + c.ldctl_value.bv_val = NULL; + c.ldctl_value.bv_len = 0; + diff --git a/net-nds/openldap/files/openldap-2.3.24-contrib-smbk5pwd.patch b/net-nds/openldap/files/openldap-2.3.24-contrib-smbk5pwd.patch new file mode 100644 index 000000000000..091ff26a17b0 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.24-contrib-smbk5pwd.patch @@ -0,0 +1,53 @@ +--- contrib/slapd-modules/smbk5pwd/Makefile.ORIG 2006-05-17 13:11:57.194660019 +0300 ++++ contrib/slapd-modules/smbk5pwd/Makefile 2006-05-17 13:11:14.503082288 +0300 +@@ -9,29 +9,39 @@ + # top-level directory of the distribution or, alternatively, at + # <http://www.OpenLDAP.org/license.html>. + ++#libexecdir=/usr/lib/openldap ++moduledir=$(libexecdir)/openldap + LIBTOOL=../../../libtool +-OPT=-g -O2 ++#OPT= + CC=gcc + + # Omit DO_KRB5 or DO_SAMBA if you don't want to support it. +-DEFS=-DDO_KRB5 -DDO_SAMBA ++#DEFS= + +-HEIMDAL_INC=-I/usr/heimdal/include ++#KRB5_INC= + SSL_INC= + LDAP_INC=-I../../../include -I../../../servers/slapd +-INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC) ++INCS=$(LDAP_INC) $(SSL_INC) $(KRB5_INC) + +-HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv ++KRB5_LIB=-lkrb5 -lkadm5srv + SSL_LIB=-lcrypto +-LDAP_LIB=-lldap_r -llber +-LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB) +- ++LDAP_LIB=-L../../../libraries/libldap_r -lldap_r -llber ++ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS))) ++ LIBS=$(LDAP_LIB) $(SSL_LIB) ++else ++ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB) ++endif ++ + all: smbk5pwd.la + + + smbk5pwd.lo: smbk5pwd.c +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $? ++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(DEFS) $(INCS) -c $? + + smbk5pwd.la: smbk5pwd.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \ +- -rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS) ++ $(LIBTOOL) --mode=link $(CC) $(CFLAGS) -version-info 0:0:0 \ ++ -rpath $(moduledir) -module -o $@ $? $(LIBS) ++ ++install-mod: ++ $(LIBTOOL) --mode=install ../../../build/shtool install -c \ ++ -m 755 smbk5pwd.la $(DESTDIR)$(moduledir) diff --git a/net-nds/openldap/files/openldap-2.3.34-slapd-conf b/net-nds/openldap/files/openldap-2.3.34-slapd-conf new file mode 100644 index 000000000000..ad767cfdeb7c --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.34-slapd-conf @@ -0,0 +1,64 @@ +# +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +include /etc/openldap/schema/core.schema + +# Define global ACLs to disable default read access. + +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#referral ldap://root.openldap.org + +pidfile /var/run/openldap/slapd.pid +argsfile /var/run/openldap/slapd.args + +# Load dynamic backend modules: +###INSERTDYNAMICMODULESHERE### + +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 63-bit encryption for simple bind +# security ssf=1 update_ssf=112 simple_bind=64 + +# Sample access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# Directives needed to implement policy: +# access to dn.base="" by * read +# access to dn.base="cn=Subschema" by * read +# access to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! + +####################################################################### +# BDB database definitions +####################################################################### + +database hdb +suffix "dc=my-domain,dc=com" +# <kbyte> <min> +checkpoint 32 30 +rootdn "cn=Manager,dc=my-domain,dc=com" +# Cleartext passwords, especially for the rootdn, should +# be avoid. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +rootpw secret +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory /var/lib/openldap-data +# Indices to maintain +index objectClass eq diff --git a/net-nds/openldap/files/openldap-2.3.37-libldap_r.patch b/net-nds/openldap/files/openldap-2.3.37-libldap_r.patch new file mode 100644 index 000000000000..d015bda2abbe --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.37-libldap_r.patch @@ -0,0 +1,21 @@ +--- libraries/libldap_r/Makefile.in.old 2007-01-02 22:43:50.000000000 +0100 ++++ libraries/libldap_r/Makefile.in 2007-08-22 13:32:20.000000000 +0200 +@@ -56,7 +56,7 @@ + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) + XXXLIBS = $(LTHREAD_LIBS) + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) +-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) ++UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS) + + .links : Makefile + @for i in $(XXSRCS); do \ +--- servers/slapd/slapi/Makefile.in.old 2007-01-02 22:44:10.000000000 +0100 ++++ servers/slapd/slapi/Makefile.in 2007-08-22 14:58:51.000000000 +0200 +@@ -37,6 +37,7 @@ + XLIBS = $(LIBRARY) + XXLIBS = + NT_LINK_LIBS = $(AC_LIBS) ++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS) + + XINCPATH = -I$(srcdir)/.. -I$(srcdir) + XDEFS = $(MODULES_CPPFLAGS) diff --git a/net-nds/openldap/files/openldap-2.3.43-fix-hang.patch b/net-nds/openldap/files/openldap-2.3.43-fix-hang.patch new file mode 100644 index 000000000000..7e1f4457bd94 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.43-fix-hang.patch @@ -0,0 +1,19 @@ +commit a3f40e5601c0c522f2bda418374fb415bdcbd75c +Author: Quanah Gibson-Mount <quanah@openldap.org> +Date: Thu Mar 24 02:25:49 2011 +0000 + + sl_busy is used as a boolean so just set it, don't increment it + +diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c +index 2a7a48e..df6d096 100644 +--- a/servers/slapd/daemon.c ++++ b/servers/slapd/daemon.c +@@ -2098,7 +2098,7 @@ slap_listener_activate( + Debug( LDAP_DEBUG_TRACE, "slap_listener_activate(%d): %s\n", + sl->sl_sd, sl->sl_busy ? "busy" : "", 0 ); + +- sl->sl_busy++; ++ sl->sl_busy = 1; + + rc = ldap_pvt_thread_pool_submit( &connection_pool, + slap_listener_thread, (void *) sl ); diff --git a/net-nds/openldap/files/openldap-2.3.XY-gcc44.patch b/net-nds/openldap/files/openldap-2.3.XY-gcc44.patch new file mode 100644 index 000000000000..0213d81dc85c --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.XY-gcc44.patch @@ -0,0 +1,30 @@ +--- include/ldap_pvt_thread.h 2009-04-03 08:51:30.000000000 -0400 ++++ include/ldap_pvt_thread.h 2009-04-03 08:56:36.000000000 -0400 +@@ -57,12 +57,12 @@ + + #ifndef LDAP_PVT_THREAD_H_DONE + #define LDAP_PVT_THREAD_SET_STACK_SIZE +-#ifndef LDAP_PVT_THREAD_STACK_SIZE +- /* LARGE stack. Will be twice as large on 64 bit machine. */ +-#define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) ) + /* May be explicitly defined to zero to disable it */ +-#elif LDAP_PVT_THREAD_STACK_SIZE == 0 ++#if defined( LDAP_PVT_THREAD_STACK_SIZE ) && LDAP_PVT_THREAD_STACK_SIZE == 0 + #undef LDAP_PVT_THREAD_SET_STACK_SIZE ++#elif !defined(LDAP_PVT_THREAD_STACK_SIZE) ++ /* LARGE stack. Will be twice as large on 64 bit machine. */ ++#define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) ) + #endif + #endif /* !LDAP_PVT_THREAD_H_DONE */ + +--- libraries/libldap/os-ip.c 2009-04-03 08:51:30.000000000 -0400 ++++ libraries/libldap/os-ip.c 2009-04-03 08:54:47.000000000 -0400 +@@ -652,7 +652,7 @@ + char *herr; + #ifdef NI_MAXHOST + char hbuf[NI_MAXHOST]; +-#elif defined( MAXHOSTNAMELEN ++#elif defined( MAXHOSTNAMELEN ) + char hbuf[MAXHOSTNAMELEN]; + #else + char hbuf[256]; diff --git a/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch b/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch new file mode 100644 index 000000000000..448249a3b583 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch @@ -0,0 +1,11 @@ +diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in +--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in 2008-02-11 15:26:49.000000000 -0800 ++++ openldap-2.4.11/servers/slapd/slapi/Makefile.in 2008-10-14 02:10:18.402799262 -0700 +@@ -37,6 +37,7 @@ + XLIBS = $(LIBRARY) + XXLIBS = + NT_LINK_LIBS = $(AC_LIBS) ++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS) + + XINCPATH = -I$(srcdir)/.. -I$(srcdir) + XDEFS = $(MODULES_CPPFLAGS) diff --git a/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch new file mode 100644 index 000000000000..3195ee550f68 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch @@ -0,0 +1,12 @@ +--- openldap-2.4.15/clients/tools/common.c.orig 2009-02-05 15:05:03.000000000 -0800 ++++ openldap-2.4.15/clients/tools/common.c 2009-03-21 01:45:14.000000000 -0700 +@@ -1315,8 +1315,8 @@ + int nsctrls = 0; + + #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST ++ LDAPControl c; + if ( ppolicy ) { +- LDAPControl c; + c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST; + c.ldctl_value.bv_val = NULL; + c.ldctl_value.bv_len = 0; diff --git a/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch b/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch new file mode 100644 index 000000000000..e5117468f809 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch @@ -0,0 +1,109 @@ +If GnuTLS is used, the lmpasswd module for USE=samba does not compile. +Forward-port an old Debian patch that upstream never applied. + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> +Signed-off-by: Steffen Hau <steffen@hauihau.de> +X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633 +X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997 +X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341 + +--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700 ++++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700 +@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8]; + typedef PK11Context *des_context[1]; + #define DES_ENCRYPT CKA_ENCRYPT + ++#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++# include <gcrypt.h> ++static int gcrypt_init = 0; ++ ++typedef const void* des_key; ++typedef unsigned char des_cblock[8]; ++typedef des_cblock des_data_block; ++typedef int des_key_schedule; /* unused */ ++typedef des_key_schedule des_context; /* unused */ ++#define des_failed(encrypted) 0 ++#define des_finish(key, schedule) ++ ++#define des_set_key_unchecked( key, key_sched ) \ ++ gcry_cipher_setkey( hd, key, 8 ) ++ ++#define des_ecb_encrypt( input, output, key_sched, enc ) \ ++ gcry_cipher_encrypt( hd, *output, 8, *input, 8 ) ++ ++#define des_set_odd_parity( key ) do {} while(0) ++ + #endif + + #endif /* SLAPD_LMHASH */ +@@ -651,7 +671,7 @@ static int chk_md5( + + #ifdef SLAPD_LMHASH + +-#if defined(HAVE_OPENSSL) ++#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H) + + /* + * abstract away setting the parity. +@@ -841,6 +861,19 @@ static int chk_lanman( + des_data_block StdText = "KGS!@#$%"; + des_data_block PasswordHash1, PasswordHash2; + char PasswordHash[33], storedPasswordHash[33]; ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_hd_t hd; ++ ++ if ( !gcrypt_init ) { ++ gcry_check_version( GCRYPT_VERSION ); ++ gcrypt_init = 1; ++ } ++ ++ schedule = schedule; /* unused - avoid warning */ ++ ++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + for( i=0; i<cred->bv_len; i++) { + if(cred->bv_val[i] == '\0') { +@@ -883,6 +916,10 @@ static int chk_lanman( + strncpy( storedPasswordHash, passwd->bv_val, 32 ); + storedPasswordHash[32] = '\0'; + ldap_pvt_str2lower( storedPasswordHash ); ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_close( hd ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; + } +@@ -1138,6 +1175,19 @@ static int hash_lanman( + des_data_block PasswordHash1, PasswordHash2; + char PasswordHash[33]; + ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_hd_t hd; ++ ++ if ( !gcrypt_init ) { ++ gcry_check_version( GCRYPT_VERSION ); ++ gcrypt_init = 1; ++ } ++ ++ schedule = schedule; /* unused - avoid warning */ ++ ++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ ++ + for( i=0; i<passwd->bv_len; i++) { + if(passwd->bv_val[i] == '\0') { + return LUTIL_PASSWD_ERR; /* NUL character in password */ +@@ -1168,6 +1218,10 @@ static int hash_lanman( + + hash->bv_val = PasswordHash; + hash->bv_len = 32; ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_close( hd ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + return pw_string( scheme, hash ); + } diff --git a/net-nds/openldap/files/openldap-2.4.17-gcc44.patch b/net-nds/openldap/files/openldap-2.4.17-gcc44.patch new file mode 100644 index 000000000000..aa7fe7ac35f6 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.17-gcc44.patch @@ -0,0 +1,11 @@ +diff -ur openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp +--- openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp 2008-04-15 02:09:26.000000000 +0300 ++++ openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp 2009-08-10 13:21:24.000000000 +0300 +@@ -13,6 +13,7 @@ + #include <termios.h> + #endif + ++#include <stdio.h> + #include <string.h> + #include "SaslInteractionHandler.h" + #include "SaslInteraction.h" diff --git a/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch b/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch new file mode 100644 index 000000000000..d15c3d2231f4 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch @@ -0,0 +1,26 @@ +Our libtool needs bash to work properly. +Patch unbreaks build when /bin/sh points to dash: + + Entering subdirectory liblber + /bin/sh ../../libtool --mode=compile x86_64-pc-linux-gnu-gcc -O0 -D_GNU_SOURCE -I../../include -I../../include -I/usr/include/db4.8 -DLDAP_CONNECTIONLESS -DLBER_LIBRARY -c assert.c + ../../build/mkversion -v "2.4.28" liblber.la > version.c + /bin/sh ../../libtool --mode=compile x86_64-pc-linux-gnu-gcc -O0 -D_GNU_SOURCE -I../../include -I../../include -I/usr/include/db4.8 -DLDAP_CONNECTIONLESS -DLBER_LIBRARY -c decode.c + eval: 1: base_compile+= x86_64-pc-linux-gnu-gcc: not found + eval: 1: base_compile+= -O0: not found + eval: 1: base_compile+= -D_GNU_SOURCE: not found + eval: 1: base_compile+= x86_64-pc-linux-gnu-gcc: not found + ... + make[2]: *** [decode.lo] Error 1 +diff --git a/build/top.mk b/build/top.mk +index 6fea488..ea324e3 100644 +--- a/build/top.mk ++++ b/build/top.mk +@@ -20,7 +20,7 @@ VERSION= @VERSION@ + RELEASEDATE= @OPENLDAP_RELEASE_DATE@ + + @SET_MAKE@ +-SHELL = /bin/sh ++SHELL = @SHELL@ + + top_builddir = @top_builddir@ + diff --git a/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch b/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch new file mode 100644 index 000000000000..aeecb0f40132 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch @@ -0,0 +1,11 @@ +--- openldap-2.4.28/configure.in.orig 2012-02-11 22:40:36.004360795 +0000 ++++ openldap-2.4.28/configure.in 2012-02-11 22:40:13.410986851 +0000 +@@ -1214,7 +1214,7 @@ + ol_with_tls=gnutls + ol_link_tls=yes + +- TLS_LIBS="-lgnutls" ++ TLS_LIBS="-lgnutls -lgcrypt" + + AC_DEFINE(HAVE_GNUTLS, 1, + [define if you have GNUtls]) diff --git a/net-nds/openldap/files/openldap-2.4.31-gcc47.patch b/net-nds/openldap/files/openldap-2.4.31-gcc47.patch new file mode 100644 index 000000000000..5b6af4b29564 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.31-gcc47.patch @@ -0,0 +1,16 @@ +Fix building with gcc-4.7 + +https://bugs.gentoo.org/show_bug.cgi?id=420959 +http://www.openldap.org/its/index.cgi/Incoming?id=7304;page=16 #ITS 7304 + +Patch written by Kacper Kowalik <xarthisius@gentoo.org> +--- a/contrib/ldapc++/src/SaslInteractionHandler.cpp ++++ b/contrib/ldapc++/src/SaslInteractionHandler.cpp +@@ -16,6 +16,7 @@ + + #include <stdio.h> + #include <string.h> ++#include <unistd.h> + #include "SaslInteractionHandler.h" + #include "SaslInteraction.h" + #include "debug.h" diff --git a/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch b/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch new file mode 100644 index 000000000000..4312dc7c55ea --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch @@ -0,0 +1,38 @@ +diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile openldap-2.4.35/contrib/slapd-modules/samba4/Makefile +--- openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile 2013-03-28 15:41:51.000000000 +0000 ++++ openldap-2.4.35/contrib/slapd-modules/samba4/Makefile 2013-04-16 02:16:40.651868432 +0000 +@@ -20,7 +20,8 @@ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 -Wall ++#OPT = -g -O2 -Wall ++OPT = -Wall + DEFS = -DSLAPD_OVER_RDNVAL=SLAPD_MOD_DYNAMIC \ + -DSLAPD_OVER_PGUID=SLAPD_MOD_DYNAMIC \ + -DSLAPD_OVER_VERNUM=SLAPD_MOD_DYNAMIC +@@ -41,20 +42,20 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + pguid.la: pguid.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + rdnval.la: rdnval.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + vernum.la: vernum.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: diff --git a/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch b/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch new file mode 100644 index 000000000000..4383802a0ead --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch @@ -0,0 +1,48 @@ +diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile +--- openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile 2013-03-28 15:41:51.000000000 +0000 ++++ openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile 2013-04-16 02:13:38.939913119 +0000 +@@ -21,16 +21,23 @@ + SSL_INC = + SSL_LIB = -lcrypto + +-HEIMDAL_INC = -I/usr/heimdal/include +-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv ++#HEIMDAL_INC = -I/usr/heimdal/include ++#HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv ++KRB5_INC = $(HEIMDAL_INC) ++KRB5_LIB = $(HEIMDAL_LIB) -lkrb5 -lkadm5srv + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 -Wall ++#OPT = -g -O2 -Wall ++OPT = -Wall + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. +-DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW +-INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC) +-LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB) ++#DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW ++INCS = $(LDAP_INC) $(KRB5_INC) $(SSL_INC) ++ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS))) ++ LIBS=$(LDAP_LIB) $(SSL_LIB) ++else ++ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB) ++endif + + PROGRAMS = smbk5pwd.la + LTVER = 0:0:0 +@@ -46,12 +53,12 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + smbk5pwd.la: smbk5pwd.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: diff --git a/net-nds/openldap/files/openldap-2.4.40-slapd-conf b/net-nds/openldap/files/openldap-2.4.40-slapd-conf new file mode 100644 index 000000000000..8ecc732b9672 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.40-slapd-conf @@ -0,0 +1,64 @@ +# +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +include /etc/openldap/schema/core.schema + +# Define global ACLs to disable default read access. + +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#referral ldap://root.openldap.org + +pidfile /run/openldap/slapd.pid +argsfile /run/openldap/slapd.args + +# Load dynamic backend modules: +###INSERTDYNAMICMODULESHERE### + +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 63-bit encryption for simple bind +# security ssf=1 update_ssf=112 simple_bind=64 + +# Sample access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# Directives needed to implement policy: +# access to dn.base="" by * read +# access to dn.base="cn=Subschema" by * read +# access to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! + +####################################################################### +# BDB database definitions +####################################################################### + +database hdb +suffix "dc=my-domain,dc=com" +# <kbyte> <min> +checkpoint 32 30 +rootdn "cn=Manager,dc=my-domain,dc=com" +# Cleartext passwords, especially for the rootdn, should +# be avoid. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +rootpw secret +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory /var/lib/openldap-data +# Indices to maintain +index objectClass eq diff --git a/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch b/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch new file mode 100644 index 000000000000..9265a01701ab --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch @@ -0,0 +1,136 @@ +--- ./build/top.mk.orig 2014-10-24 14:34:59.260827298 +0200 ++++ ./build/top.mk 2014-10-24 14:35:25.281168893 +0200 +@@ -160,6 +160,7 @@ + LTHREAD_LIBS = @LTHREAD_LIBS@ + + BDB_LIBS = @BDB_LIBS@ ++MDB_LIBS = @MDB_LIBS@ + SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@ + + LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la +--- ./build/openldap.m4.orig 2014-10-24 10:52:02.837221734 +0200 ++++ ./build/openldap.m4 2014-10-24 11:31:02.748087966 +0200 +@@ -563,6 +563,38 @@ + ], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])]) + ]) + ++dnl -------------------------------------------------------------------- ++dnl Check for version compatility with back-mdb ++AC_DEFUN([OL_MDB_COMPAT], ++[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[ ++ AC_EGREP_CPP(__mdb_version_compat,[ ++#include <lmdb.h> ++ ++/* require 0.9.14 or later */ ++#if MDB_VERSION_FULL >= 0x00000009000E ++ __mdb_version_compat ++#endif ++ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])]) ++]) ++ ++dnl ++dnl -------------------------------------------------------------------- ++dnl Find any MDB ++AC_DEFUN([OL_MDB], ++[ol_cv_mdb=no ++AC_CHECK_HEADERS(lmdb.h) ++if test $ac_cv_header_lmdb_h = yes; then ++ OL_MDB_COMPAT ++ ++ if test $ol_cv_mdb_compat != yes ; then ++ AC_MSG_ERROR([LMDB version incompatible with MDB backends]) ++ fi ++ ++ ol_cv_lib_mdb=-llmdb ++ ol_cv_mdb=yes ++fi ++]) ++ + dnl + dnl ==================================================================== + dnl Check POSIX Thread version +--- ./servers/slapd/back-mdb/Makefile.in.orig 2014-10-24 10:31:30.860931076 +0200 ++++ ./servers/slapd/back-mdb/Makefile.in 2014-10-24 14:33:33.803705424 +0200 +@@ -25,11 +25,10 @@ + extended.lo operational.lo \ + attr.lo index.lo key.lo filterindex.lo \ + dn2entry.lo dn2id.lo id2entry.lo idl.lo \ +- nextid.lo monitor.lo mdb.lo midl.lo ++ nextid.lo monitor.lo + + LDAP_INCDIR= ../../../include + LDAP_LIBDIR= ../../../libraries +-MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb + + BUILD_OPT = "--enable-mdb" + BUILD_MOD = @BUILD_MDB@ +@@ -44,7 +43,7 @@ + + LIBBASE = back_mdb + +-XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR) ++XINCPATH = -I.. -I$(srcdir)/.. + XDEFS = $(MODULES_CPPFLAGS) + + all-local-lib: ../.backend +@@ -52,11 +51,5 @@ + ../.backend: lib$(LIBBASE).a + @touch $@ + +-mdb.lo: $(MDB_SUBDIR)/mdb.c +- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c +- +-midl.lo: $(MDB_SUBDIR)/midl.c +- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c +- + veryclean-local-lib: FORCE + $(RM) $(XXHEADERS) $(XXSRCS) .links +--- ./configure.in.orig 2014-10-24 10:46:53.289139847 +0200 ++++ ./configure.in 2014-10-24 10:51:34.372846374 +0200 +@@ -519,6 +519,7 @@ + dnl Initialize vars + LDAP_LIBS= + BDB_LIBS= ++MDB_LIBS= + SLAPD_NDB_LIBS= + SLAPD_NDB_INCS= + LTHREAD_LIBS= +@@ -1905,6 +1906,30 @@ + fi + + dnl ---------------------------------------------------------------- ++ol_link_mdb=no ++ ++if test $ol_enable_mdb != no; then ++ OL_MDB ++ ++ if test $ol_cv_mdb = no ; then ++ AC_MSG_ERROR(MDB: LMDB not available) ++ fi ++ ++ AC_DEFINE(HAVE_MDB,1, ++ [define this if LMDB is available]) ++ ++ dnl $ol_cv_lib_mdb should be yes or -llmdb ++ dnl (it could be no, but that would be an error ++ if test $ol_cv_lib_mdb != yes ; then ++ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb" ++ fi ++ ++ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)" ++ ++ ol_link_mdb=yes ++fi ++ ++dnl ---------------------------------------------------------------- + + if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then + BUILD_LIBS_DYNAMIC=shared +@@ -3133,6 +3158,7 @@ + AC_SUBST(LDAP_LIBS) + AC_SUBST(SLAPD_LIBS) + AC_SUBST(BDB_LIBS) ++AC_SUBST(MDB_LIBS) + AC_SUBST(SLAPD_NDB_LIBS) + AC_SUBST(SLAPD_NDB_INCS) + AC_SUBST(LTHREAD_LIBS) diff --git a/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch b/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch new file mode 100644 index 000000000000..29688fcb14c8 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch @@ -0,0 +1,109 @@ +If GnuTLS is used, the lmpasswd module for USE=samba does not compile. +Forward-port an old Debian patch that upstream never applied. + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> +Signed-off-by: Steffen Hau <steffen@hauihau.de> +X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633 +X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997 +X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341 + +--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700 ++++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700 +@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8]; + typedef PK11Context *des_context[1]; + #define DES_ENCRYPT CKA_ENCRYPT + ++#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++# include <gcrypt.h> ++static int gcrypt_init = 0; ++ ++typedef const void* des_key; ++typedef unsigned char DES_cblock[8]; ++typedef DES_cblock des_data_block; ++typedef int DES_key_schedule; /* unused */ ++typedef DES_key_schedule des_context; /* unused */ ++#define des_failed(encrypted) 0 ++#define des_finish(key, schedule) ++ ++#define DES_set_key_unchecked( key, key_sched ) \ ++ gcry_cipher_setkey( hd, key, 8 ) ++ ++#define DES_ecb_encrypt( input, output, key_sched, enc ) \ ++ gcry_cipher_encrypt( hd, *output, 8, *input, 8 ) ++ ++#define DES_set_odd_parity( key ) do {} while(0) ++ + #endif + + #endif /* SLAPD_LMHASH */ +@@ -651,7 +671,7 @@ static int chk_md5( + + #ifdef SLAPD_LMHASH + +-#if defined(HAVE_OPENSSL) ++#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H) + + /* + * abstract away setting the parity. +@@ -841,6 +861,19 @@ static int chk_lanman( + des_data_block StdText = "KGS!@#$%"; + des_data_block PasswordHash1, PasswordHash2; + char PasswordHash[33], storedPasswordHash[33]; ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_hd_t hd; ++ ++ if ( !gcrypt_init ) { ++ gcry_check_version( GCRYPT_VERSION ); ++ gcrypt_init = 1; ++ } ++ ++ schedule = schedule; /* unused - avoid warning */ ++ ++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + for( i=0; i<cred->bv_len; i++) { + if(cred->bv_val[i] == '\0') { +@@ -883,6 +916,10 @@ static int chk_lanman( + strncpy( storedPasswordHash, passwd->bv_val, 32 ); + storedPasswordHash[32] = '\0'; + ldap_pvt_str2lower( storedPasswordHash ); ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_close( hd ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; + } +@@ -1138,6 +1175,19 @@ static int hash_lanman( + des_data_block PasswordHash1, PasswordHash2; + char PasswordHash[33]; + ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_hd_t hd; ++ ++ if ( !gcrypt_init ) { ++ gcry_check_version( GCRYPT_VERSION ); ++ gcrypt_init = 1; ++ } ++ ++ schedule = schedule; /* unused - avoid warning */ ++ ++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ ++ + for( i=0; i<passwd->bv_len; i++) { + if(passwd->bv_val[i] == '\0') { + return LUTIL_PASSWD_ERR; /* NUL character in password */ +@@ -1168,6 +1218,10 @@ static int hash_lanman( + + hash->bv_val = PasswordHash; + hash->bv_len = 32; ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_close( hd ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + return pw_string( scheme, hash ); + } diff --git a/net-nds/openldap/files/openldap-2.4.45-libressl.patch b/net-nds/openldap/files/openldap-2.4.45-libressl.patch new file mode 100644 index 000000000000..20a65a4e0fd1 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.45-libressl.patch @@ -0,0 +1,65 @@ +--- libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC ++++ libraries/libldap/tls_o.c +@@ -47,7 +47,7 @@ + #include <ssl.h> + #endif + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) + #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) + #endif + +@@ -157,7 +157,7 @@ tlso_init( void ) + (void) tlso_seed_PRNG( lo->ldo_tls_randfile ); + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_digests(); +@@ -205,7 +205,7 @@ static void + tlso_ctx_ref( tls_ctx *ctx ) + { + tlso_ctx *c = (tlso_ctx *)ctx; +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX ) + #endif + SSL_CTX_up_ref( c ); +@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval * + if (!x) return LDAP_INVALID_CREDENTIALS; + + xn = X509_get_subject_name(x); +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + der_dn->bv_len = i2d_X509_NAME( xn, NULL ); + der_dn->bv_val = xn->bytes->data; + #else +@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval + return LDAP_INVALID_CREDENTIALS; + + xn = X509_get_subject_name(x); +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + der_dn->bv_len = i2d_X509_NAME( xn, NULL ); + der_dn->bv_val = xn->bytes->data; + #else +@@ -721,7 +721,7 @@ struct tls_data { + Sockbuf_IO_Desc *sbiod; + }; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + #define BIO_set_init(b, x) b->init = x + #define BIO_set_data(b, x) b->ptr = x + #define BIO_clear_flags(b, x) b->flags &= ~(x) +@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str ) + return tlso_bio_write( b, str, strlen( str ) ); + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) + struct bio_method_st { + int type; + const char *name; diff --git a/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch b/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch new file mode 100644 index 000000000000..33ff29e0aed2 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch @@ -0,0 +1,192 @@ +diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/include/ldap.h +--- evo-openldap-2.4.14/include/ldap.h.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100 ++++ evo-openldap-2.4.14/include/ldap.h 2009-02-17 10:10:00.000000000 +0100 +@@ -2461,5 +2461,26 @@ ldap_parse_deref_control LDAP_P(( + LDAPControl **ctrls, + LDAPDerefRes **drp )); + ++/* ++ * hacks for NTLM ++ */ ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) ++LDAP_F( int ) ++ldap_ntlm_bind LDAP_P(( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp )); ++LDAP_F( int ) ++ldap_parse_ntlm_bind_result LDAP_P(( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge)); ++ ++ + LDAP_END_DECL + #endif /* _LDAP_H */ +diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-openldap-2.4.14/libraries/libldap/Makefile.in +--- evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100 ++++ evo-openldap-2.4.14/libraries/libldap/Makefile.in 2009-02-17 10:10:00.000000000 +0100 +@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur + SRCS = bind.c open.c result.c error.c compare.c search.c \ + controls.c messages.c references.c extended.c cyrus.c \ + modify.c add.c modrdn.c delete.c abandon.c \ +- sasl.c gssapi.c sbind.c unbind.c cancel.c \ ++ sasl.c ntlm.c gssapi.c sbind.c unbind.c cancel.c \ + filter.c free.c sort.c passwd.c whoami.c \ + getdn.c getentry.c getattr.c getvalues.c addentry.c \ + request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \ +@@ -33,7 +33,7 @@ SRCS = bind.c open.c result.c error.c co + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ + controls.lo messages.lo references.lo extended.lo cyrus.lo \ + modify.lo add.lo modrdn.lo delete.lo abandon.lo \ +- sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \ ++ sasl.lo ntlm.lo gssapi.lo sbind.lo unbind.lo cancel.lo \ + filter.lo free.lo sort.lo passwd.lo whoami.lo \ + getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ + request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \ +diff -up /dev/null evo-openldap-2.4.14/libraries/libldap/ntlm.c +--- /dev/null 2009-02-17 09:19:52.829004420 +0100 ++++ evo-openldap-2.4.14/libraries/libldap/ntlm.c 2009-02-17 10:10:00.000000000 +0100 +@@ -0,0 +1,137 @@ ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ ++/* ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file ++ */ ++ ++/* Mostly copied from sasl.c */ ++ ++#include "portable.h" ++ ++#include <stdlib.h> ++#include <stdio.h> ++ ++#include <ac/socket.h> ++#include <ac/string.h> ++#include <ac/time.h> ++#include <ac/errno.h> ++ ++#include "ldap-int.h" ++ ++int ++ldap_ntlm_bind( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp ) ++{ ++ BerElement *ber; ++ int rc; ++ ber_int_t id; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( msgidp != NULL ); ++ ++ if( msgidp == NULL ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ /* create a message to send */ ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ assert( LBER_VALID( ber ) ); ++ ++ LDAP_NEXT_MSGID( ld, id ); ++ rc = ber_printf( ber, "{it{istON}" /*}*/, ++ id, LDAP_REQ_BIND, ++ ld->ld_version, dn, tag, ++ cred ); ++ ++ /* Put Server Controls */ ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ++ ld->ld_errno = LDAP_ENCODING_ERROR; ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ /* send the message */ ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); ++ ++ if(*msgidp < 0) ++ return ld->ld_errno; ++ ++ return LDAP_SUCCESS; ++} ++ ++int ++ldap_parse_ntlm_bind_result( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge) ++{ ++ ber_int_t errcode; ++ ber_tag_t tag; ++ BerElement *ber; ++ ber_len_t len; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( res != NULL ); ++ ++ if ( ld == NULL || res == NULL ) { ++ return LDAP_PARAM_ERROR; ++ } ++ ++ if( res->lm_msgtype != LDAP_RES_BIND ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ if ( ld->ld_error ) { ++ LDAP_FREE( ld->ld_error ); ++ ld->ld_error = NULL; ++ } ++ if ( ld->ld_matched ) { ++ LDAP_FREE( ld->ld_matched ); ++ ld->ld_matched = NULL; ++ } ++ ++ /* parse results */ ++ ++ ber = ber_dup( res->lm_ber ); ++ ++ if( ber == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ tag = ber_scanf( ber, "{ioa" /*}*/, ++ &errcode, challenge, &ld->ld_error ); ++ ber_free( ber, 0 ); ++ ++ if( tag == LBER_ERROR ) { ++ ld->ld_errno = LDAP_DECODING_ERROR; ++ return ld->ld_errno; ++ } ++ ++ ld->ld_errno = errcode; ++ ++ return( ld->ld_errno ); ++} diff --git a/net-nds/openldap/files/slapd-confd b/net-nds/openldap/files/slapd-confd new file mode 100644 index 000000000000..28e9d23520b7 --- /dev/null +++ b/net-nds/openldap/files/slapd-confd @@ -0,0 +1,14 @@ +# conf.d file for openldap +# +# To enable both the standard unciphered server and the ssl encrypted +# one uncomment this line or set any other server starting options +# you may desire. +# +# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# Uncomment the below to use the new slapd configuration for openldap 2.3 +#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# +# If you change the above listen statement to bind on a specific IP for +# listening, you should ensure that interface is up here (change eth0 as +# needed). +#rc_need="net.eth0" diff --git a/net-nds/openldap/files/slapd-confd-2.4.28-r1 b/net-nds/openldap/files/slapd-confd-2.4.28-r1 new file mode 100644 index 000000000000..ef19899a3796 --- /dev/null +++ b/net-nds/openldap/files/slapd-confd-2.4.28-r1 @@ -0,0 +1,26 @@ +# conf.d file for openldap +# +# To enable both the standard unciphered server and the ssl encrypted +# one uncomment this line or set any other server starting options +# you may desire. + +# If you have multiple slapd instances per #376699, this will provide a default config +INSTANCE="openldap${SVCNAME#slapd}" + +# If you use the classical configuration file: +OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf" +# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3 +#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d" +# (the OPTS_CONF variable is also passed to slaptest during startup) + +OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# Optional connectionless LDAP: +#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'" + +# If you change the above listen statement to bind on a specific IP for +# listening, you should ensure that interface is up here (change eth0 as +# needed). +#rc_need="net.eth0" + +# Specify the kerberos keytab file +#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab diff --git a/net-nds/openldap/files/slapd-initd b/net-nds/openldap/files/slapd-initd new file mode 100644 index 000000000000..ecd8f650a217 --- /dev/null +++ b/net-nds/openldap/files/slapd-initd @@ -0,0 +1,29 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net.lo + before hald avahi-daemon +} + +start() { + checkpath -q -d /var/run/openldap/ -o ldap:ldap + if ! checkconfig ; then + eerror "There is a problem with your slapd.conf!" + return 1 + fi + ebegin "Starting ldap-server" + eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}" + eend $? +} + +stop() { + ebegin "Stopping ldap-server" + start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid + eend $? +} + +checkconfig() { + /usr/sbin/slaptest -u "$@" ${OPTS_CONF} +} diff --git a/net-nds/openldap/files/slapd-initd-2.4.40-r2 b/net-nds/openldap/files/slapd-initd-2.4.40-r2 new file mode 100644 index 000000000000..722b6c20de79 --- /dev/null +++ b/net-nds/openldap/files/slapd-initd-2.4.40-r2 @@ -0,0 +1,64 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="checkconfig" + +[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}" +PIDDIR=/run/openldap +PIDFILE=$PIDDIR/$SVCNAME.pid + +depend() { + need net + before dbus hald avahi-daemon + provide ldap +} + +start() { + checkpath -q -d ${PIDDIR} -o ldap:ldap + if ! checkconfig -Q ; then + eerror "There is a problem with your slapd.conf!" + return 1 + fi + ebegin "Starting ldap-server" + [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME + eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}" + eend $? +} + +stop() { + ebegin "Stopping ldap-server" + start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE} + eend $? +} + +checkconfig() { + # checks requested by bug #502948 + # Step 1: extract the last valid config file or config dir + set -- $OPTS + while [ -n "$*" ]; do + opt=$1 ; shift + if [ "$opt" = "-f" -o "$opt" = "-F" ] ; then + CONF=$1 + shift + fi + done + set -- + # Fallback + CONF=${CONF-/etc/openldap/slapd.conf} + [ -d $CONF ] && CONF=${CONF}/* + DBDIRS=`eval awk '"/^(directory|olcDbDirectory:)/{print \\$2}"' $CONF` + for d in $DBDIRS; do + if [ ! -d $d ]; then + eerror "Directory $d in config does not exist!" + return 1 + fi + /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq . + if [ $? -ne 0 ]; then + ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!" + fi + [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal" + done + # now test the config fully + /usr/sbin/slaptest -u "$@" ${OPTS_CONF} +} diff --git a/net-nds/openldap/files/slapd.service b/net-nds/openldap/files/slapd.service new file mode 100644 index 000000000000..3427b87e936e --- /dev/null +++ b/net-nds/openldap/files/slapd.service @@ -0,0 +1,12 @@ +[Unit] +Description=OpenLDAP Server Daemon +After=network.target + +[Service] +Type=forking +PIDFile=/run/openldap/slapd.pid +ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS +ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-nds/openldap/files/slapd.service.conf b/net-nds/openldap/files/slapd.service.conf new file mode 100644 index 000000000000..812ea68ed475 --- /dev/null +++ b/net-nds/openldap/files/slapd.service.conf @@ -0,0 +1,12 @@ +[Service] +# Use the classical configuration file: +#Environment="SLAPD_OPTIONS=-f /etc/openldap/slapd.conf" +# Use the slapd configuration directory: +#Environment="SLAPD_OPTIONS=-F /etc/openldap/slapd.d" + +Environment="SLAPD_URLS=ldaps:/// ldap:/// ldapi:///" +# Other examples: +#Environment="SLAPD_URLS=ldap://127.0.0.1/ ldap://10.0.0.1:1389/ cldap:///" + +# Specify the kerberos keytab file +#Environment=KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab diff --git a/net-nds/openldap/files/slapd.tmpfilesd b/net-nds/openldap/files/slapd.tmpfilesd new file mode 100644 index 000000000000..634cea1642a9 --- /dev/null +++ b/net-nds/openldap/files/slapd.tmpfilesd @@ -0,0 +1,2 @@ +# openldap runtime directory for slapd.arg and slapd.pid +d /run/openldap 0755 ldap ldap - diff --git a/net-nds/openldap/files/slurpd-initd b/net-nds/openldap/files/slurpd-initd new file mode 100644 index 000000000000..bb1b50dbb122 --- /dev/null +++ b/net-nds/openldap/files/slurpd-initd @@ -0,0 +1,21 @@ +#!/sbin/openrc-run +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net +} + +start() { + ebegin "Starting slurpd" + start-stop-daemon --start --quiet \ + --exec /usr/lib/openldap/slurpd + eend $? +} + +stop() { + ebegin "Stopping slurpd" + start-stop-daemon --stop --quiet \ + --exec /usr/lib/openldap/slurpd + eend $? +} diff --git a/net-nds/openldap/metadata.xml b/net-nds/openldap/metadata.xml new file mode 100644 index 000000000000..4e5e2c49039f --- /dev/null +++ b/net-nds/openldap/metadata.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>ldap-bugs@gentoo.org</email> + </maintainer> + <use> + <flag name="experimental">Enable experimental backend options</flag> + <flag name="kinit">Enable support for kerberos init</flag> + <flag name="odbc">Enable ODBC and SQL backend options</flag> + <flag name="overlays">Enable contributed OpenLDAP overlays</flag> + <flag name="smbkrb5passwd">Enable overlay for syncing ldap, unix and + lanman passwords</flag> + <flag name="minimal">Build libraries & userspace tools only. Does not install any server code.</flag> + <flag name="pbkdf2">Enable support for pbkdf2 passwords</flag> + <flag name="sha2">Enable support for pw-sha2 password hashes.</flag> + </use> + <upstream> + <remote-id type="cpe">cpe:/a:openldap:openldap</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-nds/openldap/openldap-2.4.44-r1.ebuild b/net-nds/openldap/openldap-2.4.44-r1.ebuild new file mode 100644 index 000000000000..b25baead93f8 --- /dev/null +++ b/net-nds/openldap/openldap-2.4.44-r1.ebuild @@ -0,0 +1,851 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd + +BIS_PN=rfc2307bis.schema +BIS_PV=20140524 +BIS_P="${BIS_PN}-${BIS_PV}" + +DESCRIPTION="LDAP suite of application and development tools" +HOMEPAGE="http://www.OpenLDAP.org/" + +# mirrors are mostly not working, using canonical URI +SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz + mirror://gentoo/${BIS_P}" + +LICENSE="OPENLDAP GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris" + +IUSE_DAEMON="crypt samba slp tcpd experimental minimal" +IUSE_BACKEND="+berkdb" +IUSE_OVERLAY="overlays perl" +IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs" +IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2" +IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" +IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" + +REQUIRED_USE="cxx? ( sasl ) + ?? ( gnutls libressl ) + pbkdf2? ( ssl )" + +# always list newer first +# Do not add any AGPL-3 BDB here! +# See bug 525110, comment 15. +# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build. +BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}" +BDB_PKGS='' +for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done + +# openssl is needed to generate lanman-passwords required by samba +CDEPEND=" + ssl? ( + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) + ) + gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] + libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) + >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) ) + sasl? ( dev-libs/cyrus-sasl:= ) + !minimal? ( + sys-devel/libtool + sys-libs/e2fsprogs-libs + >=dev-db/lmdb-0.9.18:= + tcpd? ( sys-apps/tcp-wrappers ) + odbc? ( !iodbc? ( dev-db/unixODBC ) + iodbc? ( dev-db/libiodbc ) ) + slp? ( net-libs/openslp ) + perl? ( dev-lang/perl:=[-build(-)] ) + samba? ( + !libressl? ( dev-libs/openssl:0 ) + libressl? ( dev-libs/libressl ) + ) + berkdb? ( + <sys-libs/db-6.0:= + || ( ${BDB_PKGS} ) + ) + smbkrb5passwd? ( + !libressl? ( dev-libs/openssl:0 ) + libressl? ( dev-libs/libressl ) + kerberos? ( app-crypt/heimdal ) + ) + kerberos? ( + virtual/krb5 + kinit? ( !app-crypt/heimdal ) + ) + cxx? ( dev-libs/cyrus-sasl:= ) + ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r3 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${CDEPEND} + sys-apps/groff" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-ldap ) +" +# for tracking versions +OPENLDAP_VERSIONTAG=".version-tag" +OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" + +MULTILIB_WRAPPED_HEADERS=( + # USE=cxx + /usr/include/LDAPAsynConnection.h + /usr/include/LDAPAttrType.h + /usr/include/LDAPAttribute.h + /usr/include/LDAPAttributeList.h + /usr/include/LDAPConnection.h + /usr/include/LDAPConstraints.h + /usr/include/LDAPControl.h + /usr/include/LDAPControlSet.h + /usr/include/LDAPEntry.h + /usr/include/LDAPEntryList.h + /usr/include/LDAPException.h + /usr/include/LDAPExtResult.h + /usr/include/LDAPMessage.h + /usr/include/LDAPMessageQueue.h + /usr/include/LDAPModList.h + /usr/include/LDAPModification.h + /usr/include/LDAPObjClass.h + /usr/include/LDAPRebind.h + /usr/include/LDAPRebindAuth.h + /usr/include/LDAPReferenceList.h + /usr/include/LDAPResult.h + /usr/include/LDAPSaslBindResult.h + /usr/include/LDAPSchema.h + /usr/include/LDAPSearchReference.h + /usr/include/LDAPSearchResult.h + /usr/include/LDAPSearchResults.h + /usr/include/LDAPUrl.h + /usr/include/LDAPUrlList.h + /usr/include/LdifReader.h + /usr/include/LdifWriter.h + /usr/include/SaslInteraction.h + /usr/include/SaslInteractionHandler.h + /usr/include/StringList.h + /usr/include/TlsOptions.h +) + +openldap_filecount() { + local dir="$1" + find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l +} + +openldap_find_versiontags() { + # scan for all datadirs + openldap_datadirs="" + if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then + openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)" + fi + openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}" + + einfo + einfo "Scanning datadir(s) from slapd.conf and" + einfo "the default installdir for Versiontags" + einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" + einfo + + # scan datadirs if we have a version tag + openldap_found_tag=0 + have_files=0 + for each in ${openldap_datadirs}; do + CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"` + CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG} + if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then + einfo "- Checking ${each}..." + if [ -r ${CURRENT_TAG} ] ; then + # yey, we have one :) + einfo " Found Versiontag in ${each}" + source ${CURRENT_TAG} + if [ "${OLDPF}" == "" ] ; then + eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" + eerror "Please delete it" + eerror + die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" + fi + + OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}` + + [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1 + + # are we on the same branch? + if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then + ewarn " Versiontag doesn't match current major release!" + if [[ "${have_files}" == "1" ]] ; then + eerror " Versiontag says other major and you (probably) have datafiles!" + echo + openldap_upgrade_howto + else + einfo " No real problem, seems there's no database." + fi + else + einfo " Versiontag is fine here :)" + fi + else + einfo " Non-tagged dir ${each}" + [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1 + if [[ "${have_files}" == "1" ]] ; then + einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" + echo + + eerror + eerror "Your OpenLDAP Installation has a non tagged datadir that" + eerror "possibly contains a database at ${CURRENT_TAGDIR}" + eerror + eerror "Please export data if any entered and empty or remove" + eerror "the directory, installation has been stopped so you" + eerror "can take required action" + eerror + eerror "For a HOWTO on exporting the data, see instructions in the ebuild" + eerror + openldap_upgrade_howto + die "Please move the datadir ${CURRENT_TAGDIR} away" + fi + fi + einfo + fi + done + [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present" + + # Now we must check for the major version of sys-libs/db linked against. + SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd + if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then + OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ + | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" + if use berkdb; then + # find which one would be used + for bdb_slot in $BDB_SLOTS ; do + NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")" + [[ -n "$NEWVER" ]] && break + done + fi + local fail=0 + if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then + : + # Nothing wrong here. + elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was not built against" + eerror " any version of sys-libs/db, but the new one will build" + eerror " against ${NEWVER} and your database may be inaccessible." + echo + fail=1 + elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will not be" + eerror " built against any version and your database may be" + eerror " inaccessible." + echo + fail=1 + elif [ "${OLDVER}" != "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will build against" + eerror " ${NEWVER} and your database would be inaccessible." + echo + fail=1 + fi + [ "${fail}" == "1" ] && openldap_upgrade_howto + fi + + echo + einfo + einfo "All datadirs are fine, proceeding with merge now..." + einfo +} + +openldap_upgrade_howto() { + eerror + eerror "A (possible old) installation of OpenLDAP was detected," + eerror "installation will not proceed for now." + eerror + eerror "As major version upgrades can corrupt your database," + eerror "you need to dump your database and re-create it afterwards." + eerror + eerror "Additionally, rebuilding against different major versions of the" + eerror "sys-libs/db libraries will cause your database to be inaccessible." + eerror "" + d="$(date -u +%s)" + l="/root/ldapdump.${d}" + i="${l}.raw" + eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop" + eerror " 2. slapcat -l ${i}" + eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}" + eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" + eerror " 5. emerge --update \=net-nds/${PF}" + eerror " 6. etc-update, and ensure that you apply the changes" + eerror " 7. slapadd -l ${l}" + eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" + eerror " 9. /etc/init.d/slapd start" + eerror "10. check that your data is intact." + eerror "11. set up the new replication system." + eerror + if [ "${FORCE_UPGRADE}" != "1" ]; then + die "You need to upgrade your database first" + else + eerror "You have the magical FORCE_UPGRADE=1 in place." + eerror "Don't say you weren't warned about data loss." + fi +} + +pkg_setup() { + if ! use sasl && use cxx ; then + die "To build the ldapc++ library you must emerge openldap with sasl support" + fi + # Bug #322787 + if use minimal && ! has_version "net-nds/openldap" ; then + einfo "No datadir scan needed, openldap not installed" + elif use minimal && has_version 'net-nds/openldap[minimal]' ; then + einfo "Skipping scan for previous datadirs as requested by minimal useflag" + else + openldap_find_versiontags + fi + + # The user/group are only used for running daemons which are + # disabled in minimal builds, so elide the accounts too. + if ! use minimal ; then + enewgroup ldap 439 + enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap + fi +} + +src_prepare() { + # ensure correct SLAPI path by default + sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \ + "${S}"/include/ldap_defaults.h + + epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch + + epatch \ + "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ + "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch + + # bug #116045 - still present in 2.4.28 + epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch + # bug #408077 - samba4 + epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch + + # bug #189817 + epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch + + # bug #233633 + epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch + + # bug #281495 + epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch + + # bug #294350 + epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch + + # unbreak /bin/sh -> dash + epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch + + # bug #420959 + epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch + + # unbundle lmdb + epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch + rm -rf "${S}"/libraries/liblmdb + + cd "${S}"/build || die + einfo "Making sure upstream build strip does not do stripping too early" + sed -i.orig \ + -e '/^STRIP/s,-s,,g' \ + top.mk || die "Failed to block stripping" + + # wrong assumption that /bin/sh is /bin/bash + sed -i \ + -e 's|/bin/sh|/bin/bash|g' \ + "${S}"/tests/scripts/* || die "sed failed" + + cd "${S}" || die + + AT_NOEAUTOMAKE=yes eautoreconf +} + +build_contrib_module() { + # <dir> <sources> <outputname> + cd "${S}/contrib/slapd-modules/$1" || die + einfo "Compiling contrib-module: $3" + # Make sure it's uppercase + local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -D${define_name}=SLAPD_MOD_DYNAMIC \ + -I"${BUILD_DIR}"/include \ + -I../../../include -I../../../servers/slapd ${CFLAGS} \ + -o ${2%.c}.lo -c $2 || die "compiling $3 failed" + einfo "Linking contrib-module: $3" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o $3.la ${2%.c}.lo || die "linking $3 failed" +} + +src_configure() { + # Bug 408001 + use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync + + # connectionless ldap per bug #342439 + append-cppflags -DLDAP_CONNECTIONLESS + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=() + + use debug && myconf+=( $(use_enable debug) ) + + # ICU exists only in the configure, nowhere in the codebase, bug #510858 + export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no + + if ! use minimal && multilib_is_native_abi; then + local CPPFLAGS=${CPPFLAGS} + + # re-enable serverside overlay chains per bug #296567 + # see ldap docs chaper 12.3.1 for details + myconf+=( --enable-ldap ) + + # backends + myconf+=( --enable-slapd ) + if use berkdb ; then + einfo "Using Berkeley DB for local backend" + myconf+=( --enable-bdb --enable-hdb ) + DBINCLUDE=$(db_includedir $BDB_SLOTS) + einfo "Using $DBINCLUDE for sys-libs/db version" + # We need to include the slotted db.h dir for FreeBSD + append-cppflags -I${DBINCLUDE} + else + myconf+=( --disable-bdb --disable-hdb ) + fi + for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do + myconf+=( --enable-${backend}=mod ) + done + + myconf+=( $(use_enable perl perl mod) ) + + myconf+=( $(use_enable odbc sql mod) ) + if use odbc ; then + local odbc_lib="unixodbc" + if use iodbc ; then + odbc_lib="iodbc" + append-cppflags -I"${EPREFIX}"/usr/include/iodbc + fi + myconf+=( --with-odbc=${odbc_lib} ) + fi + + # slapd options + myconf+=( + $(use_enable crypt) + $(use_enable slp) + $(use_enable samba lmpasswd) + $(use_enable syslog) + ) + if use experimental ; then + myconf+=( + --enable-dynacl + --enable-aci=mod + ) + fi + for option in aci cleartext modules rewrite rlookups slapi; do + myconf+=( --enable-${option} ) + done + + # slapd overlay options + # Compile-in the syncprov, the others as module + myconf+=( --enable-syncprov=yes ) + use overlays && myconf+=( --enable-overlays=mod ) + + else + myconf+=( + --disable-backends + --disable-slapd + --disable-bdb + --disable-hdb + --disable-mdb + --disable-overlays + --disable-syslog + ) + fi + + # basic functionality stuff + myconf+=( + $(use_enable ipv6) + $(multilib_native_use_with sasl cyrus-sasl) + $(multilib_native_use_enable sasl spasswd) + $(use_enable tcpd wrappers) + ) + + # Some cross-compiling tests don't pan out well. + tc-is-cross-compiler && myconf+=( + --with-yielding-select=yes + ) + + local ssl_lib="no" + if use ssl || ( ! use minimal && use samba ) ; then + ssl_lib="openssl" + use gnutls && ssl_lib="gnutls" + fi + + myconf+=( --with-tls=${ssl_lib} ) + + for basicflag in dynamic local proctitle shared; do + myconf+=( --enable-${basicflag} ) + done + + tc-export AR CC CXX + ECONF_SOURCE=${S} \ + STRIP=/bin/true \ + econf \ + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \ + $(use_enable static-libs static) \ + "${myconf[@]}" + emake depend +} + +src_configure_cxx() { + # This needs the libraries built by the first build run. + # So we have to run it AFTER the main build, not just after the main + # configure. + local myconf_ldapcpp=( + --with-ldap-includes="${S}"/include + ) + + mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die + cd "${BUILD_DIR}/contrib/ldapc++" || die + + local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS} + append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \ + -L"${BUILD_DIR}"/libraries/libldap/.libs + append-cppflags -I"${BUILD_DIR}"/include + ECONF_SOURCE=${S}/contrib/ldapc++ \ + econf "${myconf_ldapcpp[@]}" \ + CC="${CC}" \ + CXX="${CXX}" +} + +multilib_src_compile() { + tc-export AR CC CXX + emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash + local lt="${BUILD_DIR}/libtool" + export echo="echo" + + if ! use minimal && multilib_is_native_abi ; then + if use cxx ; then + einfo "Building contrib library: ldapc++" + src_configure_cxx + cd "${BUILD_DIR}/contrib/ldapc++" || die + emake \ + CC="${CC}" CXX="${CXX}" + fi + + if use smbkrb5passwd ; then + einfo "Building contrib-module: smbk5pwd" + cd "${S}/contrib/slapd-modules/smbk5pwd" || die + + MY_DEFS="-DDO_SHADOW" + if use samba ; then + MY_DEFS="${MY_DEFS} -DDO_SAMBA" + MY_KRB5_INC="" + fi + if use kerberos ; then + MY_DEFS="${MY_DEFS} -DDO_KRB5" + MY_KRB5_INC="$(krb5-config --cflags)" + fi + + emake \ + DEFS="${MY_DEFS}" \ + KRB5_INC="${MY_KRB5_INC}" \ + LDAP_BUILD="${BUILD_DIR}" \ + CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" + fi + + if use overlays ; then + einfo "Building contrib-module: samba4" + cd "${S}/contrib/slapd-modules/samba4" || die + + emake \ + LDAP_BUILD="${BUILD_DIR}" \ + CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" + fi + + if use kerberos ; then + if use kinit ; then + build_contrib_module "kinit" "kinit.c" "kinit" + fi + cd "${S}/contrib/slapd-modules/passwd" || die + einfo "Compiling contrib-module: pw-kerberos" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I"${BUILD_DIR}"/include \ + -I../../../include \ + ${CFLAGS} \ + $(krb5-config --cflags) \ + -DHAVE_KRB5 \ + -o kerberos.lo \ + -c kerberos.c || die "compiling pw-kerberos failed" + einfo "Linking contrib-module: pw-kerberos" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-kerberos.la \ + kerberos.lo || die "linking pw-kerberos failed" + fi + + if use pbkdf2; then + cd "${S}/contrib/slapd-modules/passwd/pbkdf2" || die + einfo "Compiling contrib-module: pw-pbkdf2" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I"${BUILD_DIR}"/include \ + -I../../../../include \ + ${CFLAGS} \ + -o pbkdf2.lo \ + -c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed" + einfo "Linking contrib-module: pw-pbkdf2" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-pbkdf2.la \ + pbkdf2.lo || die "linking pw-pbkdf2 failed" + fi + + # We could build pw-radius if GNURadius would install radlib.h + cd "${S}/contrib/slapd-modules/passwd" || die + einfo "Compiling contrib-module: pw-netscape" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I"${BUILD_DIR}"/include \ + -I../../../include \ + ${CFLAGS} \ + -o netscape.lo \ + -c netscape.c || die "compiling pw-netscape failed" + einfo "Linking contrib-module: pw-netscape" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-netscape.la \ + netscape.lo || die "linking pw-netscape failed" + + #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only + #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos + build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" + build_contrib_module "allop" "allop.c" "overlay-allop" + build_contrib_module "allowed" "allowed.c" "allowed" + build_contrib_module "autogroup" "autogroup.c" "autogroup" + build_contrib_module "cloak" "cloak.c" "cloak" + # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand + build_contrib_module "denyop" "denyop.c" "denyop-overlay" + build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" + build_contrib_module "dupent" "dupent.c" "dupent" + build_contrib_module "lastbind" "lastbind.c" "lastbind" + # lastmod may not play well with other overlays + build_contrib_module "lastmod" "lastmod.c" "lastmod" + build_contrib_module "noopsrch" "noopsrch.c" "noopsrch" + build_contrib_module "nops" "nops.c" "nops-overlay" + #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER + build_contrib_module "trace" "trace.c" "trace" + # build slapi-plugins + cd "${S}/contrib/slapi-plugins/addrdnvalues" || die + einfo "Building contrib-module: addrdnvalues plugin" + "${CC}" -shared \ + -I"${BUILD_DIR}"/include \ + -I../../../include \ + ${CFLAGS} \ + -fPIC \ + ${LDFLAGS} \ + -o libaddrdnvalues-plugin.so \ + addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" + + fi +} + +multilib_src_test() { + if multilib_is_native_abi; then + cd tests || die + emake tests || die "make tests failed" + fi +} + +multilib_src_install() { + local lt="${BUILD_DIR}/libtool" + emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install + use static-libs || prune_libtool_files --all + + if ! use minimal && multilib_is_native_abi; then + # openldap modules go here + # TODO: write some code to populate slapd.conf with moduleload statements + keepdir /usr/$(get_libdir)/openldap/openldap/ + + # initial data storage dir + keepdir /var/lib/openldap-data + use prefix || fowners ldap:ldap /var/lib/openldap-data + fperms 0700 /var/lib/openldap-data + + echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + + # use our config + rm "${ED}"etc/openldap/slapd.conf + insinto /etc/openldap + newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf + configfile="${ED}"etc/openldap/slapd.conf + + # populate with built backends + ebegin "populate config with built backends" + for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do + einfo "Adding $(basename ${x})" + sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" + done + sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" + use prefix || fowners root:ldap /etc/openldap/slapd.conf + fperms 0640 /etc/openldap/slapd.conf + cp "${configfile}" "${configfile}".default + eend + + # install our own init scripts and systemd unit files + einfo "Install init scripts" + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die + doinitd "${T}"/slapd + newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd + + einfo "Install systemd service" + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die + systemd_dounit "${T}"/slapd.service + systemd_install_serviced "${FILESDIR}"/slapd.service.conf + systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf + + # If built without SLP, we don't need to be before avahi + use slp \ + || sed -i \ + -e '/before/{s/avahi-daemon//g}' \ + "${ED}"etc/init.d/slapd + + if use cxx ; then + einfo "Install the ldapc++ library" + cd "${BUILD_DIR}/contrib/ldapc++" || die + emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install + cd "${S}"/contrib/ldapc++ || die + newdoc README ldapc++-README + fi + + if use smbkrb5passwd ; then + einfo "Install the smbk5pwd module" + cd "${S}/contrib/slapd-modules/smbk5pwd" || die + emake DESTDIR="${D}" \ + LDAP_BUILD="${BUILD_DIR}" \ + libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install + newdoc README smbk5pwd-README + fi + + if use overlays ; then + einfo "Install the samba4 module" + cd "${S}/contrib/slapd-modules/samba4" || die + emake DESTDIR="${D}" \ + LDAP_BUILD="${BUILD_DIR}" \ + libexecdir="/usr/$(get_libdir)/openldap" install + newdoc README samba4-README + fi + + einfo "Installing contrib modules" + cd "${S}/contrib/slapd-modules" || die + for l in */*.la */*/*.la; do + [[ -e ${l} ]] || continue + "${lt}" --mode=install cp ${l} \ + "${ED}"usr/$(get_libdir)/openldap/openldap || \ + die "installing ${l} failed" + done + + dodoc "${FILESDIR}"/DB_CONFIG.fast.example + docinto contrib + doman */*.5 + #newdoc acl/README* + newdoc addpartial/README addpartial-README + newdoc allop/README allop-README + newdoc allowed/README allowed-README + newdoc autogroup/README autogroup-README + newdoc dsaschema/README dsaschema-README + newdoc passwd/README passwd-README + cd "${S}/contrib/slapi-plugins" || die + insinto /usr/$(get_libdir)/openldap/openldap + doins */*.so + docinto contrib + newdoc addrdnvalues/README addrdnvalues-README + + insinto /etc/openldap/schema + newins "${DISTDIR}"/${BIS_P} ${BIS_PN} + + docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample* + docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample* + docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm + + dosbin "${S}"/contrib/slapd-tools/statslog + newdoc "${S}"/contrib/slapd-tools/README README.statslog + fi +} + +multilib_src_install_all() { + dodoc ANNOUNCEMENT CHANGES COPYRIGHT README + docinto rfc ; dodoc doc/rfc/*.txt +} + +pkg_preinst() { + # keep old libs if any + preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0) + # bug 440470, only display the getting started help there was no openldap before, + # or we are going to a non-minimal build + ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]' + OPENLDAP_PRINT_MESSAGES=$((! $?)) +} + +pkg_postinst() { + if ! use minimal ; then + # You cannot build SSL certificates during src_install that will make + # binary packages containing your SSL key, which is both a security risk + # and a misconfiguration if multiple machines use the same key and cert. + if use ssl; then + install_cert /etc/openldap/ssl/ldap + use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.* + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "add 'TLS_REQCERT allow' if you want to use them." + fi + + if use prefix; then + # Warn about prefix issues with slapd + eerror "slapd might NOT be usable on Prefix systems as it requires root privileges" + eerror "to start up, and requires that certain files directories be owned by" + eerror "ldap:ldap. As Prefix does not support changing ownership of files and" + eerror "directories, you will have to manually fix this yourself." + fi + + # These lines force the permissions of various content to be correct + use prefix || chown ldap:ldap "${EROOT}"var/run/openldap + chmod 0755 "${EROOT}"var/run/openldap + use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default} + chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default} + use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data + fi + + if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then + elog "Getting started using OpenLDAP? There is some documentation available:" + elog "Gentoo Guide to OpenLDAP Authentication" + elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)" + elog "---" + elog "An example file for tuning BDB backends with openldap is" + elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" + fi + + preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0) +} diff --git a/net-nds/openldap/openldap-2.4.44.ebuild b/net-nds/openldap/openldap-2.4.44.ebuild new file mode 100644 index 000000000000..be14b0370f69 --- /dev/null +++ b/net-nds/openldap/openldap-2.4.44.ebuild @@ -0,0 +1,828 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd + +BIS_PN=rfc2307bis.schema +BIS_PV=20140524 +BIS_P="${BIS_PN}-${BIS_PV}" + +DESCRIPTION="LDAP suite of application and development tools" +HOMEPAGE="http://www.OpenLDAP.org/" + +# mirrors are mostly not working, using canonical URI +SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz + mirror://gentoo/${BIS_P}" + +LICENSE="OPENLDAP GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris" + +IUSE_DAEMON="crypt samba slp tcpd experimental minimal" +IUSE_BACKEND="+berkdb" +IUSE_OVERLAY="overlays perl" +IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs" +IUSE_CONTRIB="smbkrb5passwd kerberos kinit" +IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" +IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" + +REQUIRED_USE="cxx? ( sasl ) + ?? ( gnutls libressl )" + +# always list newer first +# Do not add any AGPL-3 BDB here! +# See bug 525110, comment 15. +# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build. +BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}" +BDB_PKGS='' +for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done + +# openssl is needed to generate lanman-passwords required by samba +CDEPEND=" + ssl? ( + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) + ) + gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] + libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) + >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) ) + sasl? ( dev-libs/cyrus-sasl:= ) + !minimal? ( + sys-devel/libtool + sys-libs/e2fsprogs-libs + >=dev-db/lmdb-0.9.18:= + tcpd? ( sys-apps/tcp-wrappers ) + odbc? ( !iodbc? ( dev-db/unixODBC ) + iodbc? ( dev-db/libiodbc ) ) + slp? ( net-libs/openslp ) + perl? ( dev-lang/perl:=[-build(-)] ) + samba? ( + !libressl? ( dev-libs/openssl:0 ) + libressl? ( dev-libs/libressl ) + ) + berkdb? ( + <sys-libs/db-6.0:= + || ( ${BDB_PKGS} ) + ) + smbkrb5passwd? ( + !libressl? ( dev-libs/openssl:0 ) + libressl? ( dev-libs/libressl ) + kerberos? ( app-crypt/heimdal ) + ) + kerberos? ( + virtual/krb5 + kinit? ( !app-crypt/heimdal ) + ) + cxx? ( dev-libs/cyrus-sasl:= ) + ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r3 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${CDEPEND} + sys-apps/groff" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-ldap ) +" +# for tracking versions +OPENLDAP_VERSIONTAG=".version-tag" +OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" + +MULTILIB_WRAPPED_HEADERS=( + # USE=cxx + /usr/include/LDAPAsynConnection.h + /usr/include/LDAPAttrType.h + /usr/include/LDAPAttribute.h + /usr/include/LDAPAttributeList.h + /usr/include/LDAPConnection.h + /usr/include/LDAPConstraints.h + /usr/include/LDAPControl.h + /usr/include/LDAPControlSet.h + /usr/include/LDAPEntry.h + /usr/include/LDAPEntryList.h + /usr/include/LDAPException.h + /usr/include/LDAPExtResult.h + /usr/include/LDAPMessage.h + /usr/include/LDAPMessageQueue.h + /usr/include/LDAPModList.h + /usr/include/LDAPModification.h + /usr/include/LDAPObjClass.h + /usr/include/LDAPRebind.h + /usr/include/LDAPRebindAuth.h + /usr/include/LDAPReferenceList.h + /usr/include/LDAPResult.h + /usr/include/LDAPSaslBindResult.h + /usr/include/LDAPSchema.h + /usr/include/LDAPSearchReference.h + /usr/include/LDAPSearchResult.h + /usr/include/LDAPSearchResults.h + /usr/include/LDAPUrl.h + /usr/include/LDAPUrlList.h + /usr/include/LdifReader.h + /usr/include/LdifWriter.h + /usr/include/SaslInteraction.h + /usr/include/SaslInteractionHandler.h + /usr/include/StringList.h + /usr/include/TlsOptions.h +) + +openldap_filecount() { + local dir="$1" + find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l +} + +openldap_find_versiontags() { + # scan for all datadirs + openldap_datadirs="" + if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then + openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)" + fi + openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}" + + einfo + einfo "Scanning datadir(s) from slapd.conf and" + einfo "the default installdir for Versiontags" + einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" + einfo + + # scan datadirs if we have a version tag + openldap_found_tag=0 + have_files=0 + for each in ${openldap_datadirs}; do + CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"` + CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG} + if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then + einfo "- Checking ${each}..." + if [ -r ${CURRENT_TAG} ] ; then + # yey, we have one :) + einfo " Found Versiontag in ${each}" + source ${CURRENT_TAG} + if [ "${OLDPF}" == "" ] ; then + eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" + eerror "Please delete it" + eerror + die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" + fi + + OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}` + + [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1 + + # are we on the same branch? + if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then + ewarn " Versiontag doesn't match current major release!" + if [[ "${have_files}" == "1" ]] ; then + eerror " Versiontag says other major and you (probably) have datafiles!" + echo + openldap_upgrade_howto + else + einfo " No real problem, seems there's no database." + fi + else + einfo " Versiontag is fine here :)" + fi + else + einfo " Non-tagged dir ${each}" + [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1 + if [[ "${have_files}" == "1" ]] ; then + einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" + echo + + eerror + eerror "Your OpenLDAP Installation has a non tagged datadir that" + eerror "possibly contains a database at ${CURRENT_TAGDIR}" + eerror + eerror "Please export data if any entered and empty or remove" + eerror "the directory, installation has been stopped so you" + eerror "can take required action" + eerror + eerror "For a HOWTO on exporting the data, see instructions in the ebuild" + eerror + openldap_upgrade_howto + die "Please move the datadir ${CURRENT_TAGDIR} away" + fi + fi + einfo + fi + done + [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present" + + # Now we must check for the major version of sys-libs/db linked against. + SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd + if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then + OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ + | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" + if use berkdb; then + # find which one would be used + for bdb_slot in $BDB_SLOTS ; do + NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")" + [[ -n "$NEWVER" ]] && break + done + fi + local fail=0 + if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then + : + # Nothing wrong here. + elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was not built against" + eerror " any version of sys-libs/db, but the new one will build" + eerror " against ${NEWVER} and your database may be inaccessible." + echo + fail=1 + elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will not be" + eerror " built against any version and your database may be" + eerror " inaccessible." + echo + fail=1 + elif [ "${OLDVER}" != "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will build against" + eerror " ${NEWVER} and your database would be inaccessible." + echo + fail=1 + fi + [ "${fail}" == "1" ] && openldap_upgrade_howto + fi + + echo + einfo + einfo "All datadirs are fine, proceeding with merge now..." + einfo +} + +openldap_upgrade_howto() { + eerror + eerror "A (possible old) installation of OpenLDAP was detected," + eerror "installation will not proceed for now." + eerror + eerror "As major version upgrades can corrupt your database," + eerror "you need to dump your database and re-create it afterwards." + eerror + eerror "Additionally, rebuilding against different major versions of the" + eerror "sys-libs/db libraries will cause your database to be inaccessible." + eerror "" + d="$(date -u +%s)" + l="/root/ldapdump.${d}" + i="${l}.raw" + eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop" + eerror " 2. slapcat -l ${i}" + eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}" + eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" + eerror " 5. emerge --update \=net-nds/${PF}" + eerror " 6. etc-update, and ensure that you apply the changes" + eerror " 7. slapadd -l ${l}" + eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" + eerror " 9. /etc/init.d/slapd start" + eerror "10. check that your data is intact." + eerror "11. set up the new replication system." + eerror + if [ "${FORCE_UPGRADE}" != "1" ]; then + die "You need to upgrade your database first" + else + eerror "You have the magical FORCE_UPGRADE=1 in place." + eerror "Don't say you weren't warned about data loss." + fi +} + +pkg_setup() { + if ! use sasl && use cxx ; then + die "To build the ldapc++ library you must emerge openldap with sasl support" + fi + # Bug #322787 + if use minimal && ! has_version "net-nds/openldap" ; then + einfo "No datadir scan needed, openldap not installed" + elif use minimal && has_version 'net-nds/openldap[minimal]' ; then + einfo "Skipping scan for previous datadirs as requested by minimal useflag" + else + openldap_find_versiontags + fi + + # The user/group are only used for running daemons which are + # disabled in minimal builds, so elide the accounts too. + if ! use minimal ; then + enewgroup ldap 439 + enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap + fi +} + +src_prepare() { + # ensure correct SLAPI path by default + sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \ + "${S}"/include/ldap_defaults.h + + epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch + + epatch \ + "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ + "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch + + # bug #116045 - still present in 2.4.28 + epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch + # bug #408077 - samba4 + epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch + + # bug #189817 + epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch + + # bug #233633 + epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch + + # bug #281495 + epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch + + # bug #294350 + epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch + + # unbreak /bin/sh -> dash + epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch + + # bug #420959 + epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch + + # unbundle lmdb + epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch + rm -rf "${S}"/libraries/liblmdb + + cd "${S}"/build || die + einfo "Making sure upstream build strip does not do stripping too early" + sed -i.orig \ + -e '/^STRIP/s,-s,,g' \ + top.mk || die "Failed to block stripping" + + # wrong assumption that /bin/sh is /bin/bash + sed -i \ + -e 's|/bin/sh|/bin/bash|g' \ + "${S}"/tests/scripts/* || die "sed failed" + + cd "${S}" || die + + AT_NOEAUTOMAKE=yes eautoreconf +} + +build_contrib_module() { + # <dir> <sources> <outputname> + cd "${S}/contrib/slapd-modules/$1" || die + einfo "Compiling contrib-module: $3" + # Make sure it's uppercase + local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -D${define_name}=SLAPD_MOD_DYNAMIC \ + -I"${BUILD_DIR}"/include \ + -I../../../include -I../../../servers/slapd ${CFLAGS} \ + -o ${2%.c}.lo -c $2 || die "compiling $3 failed" + einfo "Linking contrib-module: $3" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o $3.la ${2%.c}.lo || die "linking $3 failed" +} + +src_configure() { + # Bug 408001 + use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync + + # connectionless ldap per bug #342439 + append-cppflags -DLDAP_CONNECTIONLESS + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=() + + use debug && myconf+=( $(use_enable debug) ) + + # ICU exists only in the configure, nowhere in the codebase, bug #510858 + export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no + + if ! use minimal && multilib_is_native_abi; then + local CPPFLAGS=${CPPFLAGS} + + # re-enable serverside overlay chains per bug #296567 + # see ldap docs chaper 12.3.1 for details + myconf+=( --enable-ldap ) + + # backends + myconf+=( --enable-slapd ) + if use berkdb ; then + einfo "Using Berkeley DB for local backend" + myconf+=( --enable-bdb --enable-hdb ) + DBINCLUDE=$(db_includedir $BDB_SLOTS) + einfo "Using $DBINCLUDE for sys-libs/db version" + # We need to include the slotted db.h dir for FreeBSD + append-cppflags -I${DBINCLUDE} + else + myconf+=( --disable-bdb --disable-hdb ) + fi + for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do + myconf+=( --enable-${backend}=mod ) + done + + myconf+=( $(use_enable perl perl mod) ) + + myconf+=( $(use_enable odbc sql mod) ) + if use odbc ; then + local odbc_lib="unixodbc" + if use iodbc ; then + odbc_lib="iodbc" + append-cppflags -I"${EPREFIX}"/usr/include/iodbc + fi + myconf+=( --with-odbc=${odbc_lib} ) + fi + + # slapd options + myconf+=( + $(use_enable crypt) + $(use_enable slp) + $(use_enable samba lmpasswd) + $(use_enable syslog) + ) + if use experimental ; then + myconf+=( + --enable-dynacl + --enable-aci=mod + ) + fi + for option in aci cleartext modules rewrite rlookups slapi; do + myconf+=( --enable-${option} ) + done + + # slapd overlay options + # Compile-in the syncprov, the others as module + myconf+=( --enable-syncprov=yes ) + use overlays && myconf+=( --enable-overlays=mod ) + + else + myconf+=( + --disable-backends + --disable-slapd + --disable-bdb + --disable-hdb + --disable-mdb + --disable-overlays + --disable-syslog + ) + fi + + # basic functionality stuff + myconf+=( + $(use_enable ipv6) + $(multilib_native_use_with sasl cyrus-sasl) + $(multilib_native_use_enable sasl spasswd) + $(use_enable tcpd wrappers) + ) + + # Some cross-compiling tests don't pan out well. + tc-is-cross-compiler && myconf+=( + --with-yielding-select=yes + ) + + local ssl_lib="no" + if use ssl || ( ! use minimal && use samba ) ; then + ssl_lib="openssl" + use gnutls && ssl_lib="gnutls" + fi + + myconf+=( --with-tls=${ssl_lib} ) + + for basicflag in dynamic local proctitle shared; do + myconf+=( --enable-${basicflag} ) + done + + tc-export AR CC CXX + ECONF_SOURCE=${S} \ + STRIP=/bin/true \ + econf \ + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \ + $(use_enable static-libs static) \ + "${myconf[@]}" + emake depend +} + +src_configure_cxx() { + # This needs the libraries built by the first build run. + # So we have to run it AFTER the main build, not just after the main + # configure. + local myconf_ldapcpp=( + --with-ldap-includes="${S}"/include + ) + + mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die + cd "${BUILD_DIR}/contrib/ldapc++" || die + + local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS} + append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \ + -L"${BUILD_DIR}"/libraries/libldap/.libs + append-cppflags -I"${BUILD_DIR}"/include + ECONF_SOURCE=${S}/contrib/ldapc++ \ + econf "${myconf_ldapcpp[@]}" \ + CC="${CC}" \ + CXX="${CXX}" +} + +multilib_src_compile() { + tc-export AR CC CXX + emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash + local lt="${BUILD_DIR}/libtool" + export echo="echo" + + if ! use minimal && multilib_is_native_abi ; then + if use cxx ; then + einfo "Building contrib library: ldapc++" + src_configure_cxx + cd "${BUILD_DIR}/contrib/ldapc++" || die + emake \ + CC="${CC}" CXX="${CXX}" + fi + + if use smbkrb5passwd ; then + einfo "Building contrib-module: smbk5pwd" + cd "${S}/contrib/slapd-modules/smbk5pwd" || die + + MY_DEFS="-DDO_SHADOW" + if use samba ; then + MY_DEFS="${MY_DEFS} -DDO_SAMBA" + MY_KRB5_INC="" + fi + if use kerberos ; then + MY_DEFS="${MY_DEFS} -DDO_KRB5" + MY_KRB5_INC="$(krb5-config --cflags)" + fi + + emake \ + DEFS="${MY_DEFS}" \ + KRB5_INC="${MY_KRB5_INC}" \ + LDAP_BUILD="${BUILD_DIR}" \ + CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" + fi + + if use overlays ; then + einfo "Building contrib-module: samba4" + cd "${S}/contrib/slapd-modules/samba4" || die + + emake \ + LDAP_BUILD="${BUILD_DIR}" \ + CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" + fi + + if use kerberos ; then + if use kinit ; then + build_contrib_module "kinit" "kinit.c" "kinit" + fi + cd "${S}/contrib/slapd-modules/passwd" || die + einfo "Compiling contrib-module: pw-kerberos" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I"${BUILD_DIR}"/include \ + -I../../../include \ + ${CFLAGS} \ + $(krb5-config --cflags) \ + -DHAVE_KRB5 \ + -o kerberos.lo \ + -c kerberos.c || die "compiling pw-kerberos failed" + einfo "Linking contrib-module: pw-kerberos" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-kerberos.la \ + kerberos.lo || die "linking pw-kerberos failed" + fi + # We could build pw-radius if GNURadius would install radlib.h + cd "${S}/contrib/slapd-modules/passwd" || die + einfo "Compiling contrib-module: pw-netscape" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I"${BUILD_DIR}"/include \ + -I../../../include \ + ${CFLAGS} \ + -o netscape.lo \ + -c netscape.c || die "compiling pw-netscape failed" + einfo "Linking contrib-module: pw-netscape" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-netscape.la \ + netscape.lo || die "linking pw-netscape failed" + + #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only + #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos + build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" + build_contrib_module "allop" "allop.c" "overlay-allop" + build_contrib_module "allowed" "allowed.c" "allowed" + build_contrib_module "autogroup" "autogroup.c" "autogroup" + build_contrib_module "cloak" "cloak.c" "cloak" + # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand + build_contrib_module "denyop" "denyop.c" "denyop-overlay" + build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" + build_contrib_module "dupent" "dupent.c" "dupent" + build_contrib_module "lastbind" "lastbind.c" "lastbind" + # lastmod may not play well with other overlays + build_contrib_module "lastmod" "lastmod.c" "lastmod" + build_contrib_module "noopsrch" "noopsrch.c" "noopsrch" + build_contrib_module "nops" "nops.c" "nops-overlay" + #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER + build_contrib_module "trace" "trace.c" "trace" + # build slapi-plugins + cd "${S}/contrib/slapi-plugins/addrdnvalues" || die + einfo "Building contrib-module: addrdnvalues plugin" + "${CC}" -shared \ + -I"${BUILD_DIR}"/include \ + -I../../../include \ + ${CFLAGS} \ + -fPIC \ + ${LDFLAGS} \ + -o libaddrdnvalues-plugin.so \ + addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" + + fi +} + +multilib_src_test() { + if multilib_is_native_abi; then + cd tests || die + emake tests || die "make tests failed" + fi +} + +multilib_src_install() { + local lt="${BUILD_DIR}/libtool" + emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install + use static-libs || prune_libtool_files --all + + if ! use minimal && multilib_is_native_abi; then + # openldap modules go here + # TODO: write some code to populate slapd.conf with moduleload statements + keepdir /usr/$(get_libdir)/openldap/openldap/ + + # initial data storage dir + keepdir /var/lib/openldap-data + use prefix || fowners ldap:ldap /var/lib/openldap-data + fperms 0700 /var/lib/openldap-data + + echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + + # use our config + rm "${ED}"etc/openldap/slapd.conf + insinto /etc/openldap + newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf + configfile="${ED}"etc/openldap/slapd.conf + + # populate with built backends + ebegin "populate config with built backends" + for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do + einfo "Adding $(basename ${x})" + sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" + done + sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" + use prefix || fowners root:ldap /etc/openldap/slapd.conf + fperms 0640 /etc/openldap/slapd.conf + cp "${configfile}" "${configfile}".default + eend + + # install our own init scripts and systemd unit files + einfo "Install init scripts" + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die + doinitd "${T}"/slapd + newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd + + einfo "Install systemd service" + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die + systemd_dounit "${T}"/slapd.service + systemd_install_serviced "${FILESDIR}"/slapd.service.conf + systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf + + # If built without SLP, we don't need to be before avahi + use slp \ + || sed -i \ + -e '/before/{s/avahi-daemon//g}' \ + "${ED}"etc/init.d/slapd + + if use cxx ; then + einfo "Install the ldapc++ library" + cd "${BUILD_DIR}/contrib/ldapc++" || die + emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install + cd "${S}"/contrib/ldapc++ || die + newdoc README ldapc++-README + fi + + if use smbkrb5passwd ; then + einfo "Install the smbk5pwd module" + cd "${S}/contrib/slapd-modules/smbk5pwd" || die + emake DESTDIR="${D}" \ + LDAP_BUILD="${BUILD_DIR}" \ + libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install + newdoc README smbk5pwd-README + fi + + if use overlays ; then + einfo "Install the samba4 module" + cd "${S}/contrib/slapd-modules/samba4" || die + emake DESTDIR="${D}" \ + LDAP_BUILD="${BUILD_DIR}" \ + libexecdir="/usr/$(get_libdir)/openldap" install + newdoc README samba4-README + fi + + einfo "Installing contrib modules" + cd "${S}/contrib/slapd-modules" || die + for l in */*.la; do + "${lt}" --mode=install cp ${l} \ + "${ED}"usr/$(get_libdir)/openldap/openldap || \ + die "installing ${l} failed" + done + + dodoc "${FILESDIR}"/DB_CONFIG.fast.example + docinto contrib + doman */*.5 + #newdoc acl/README* + newdoc addpartial/README addpartial-README + newdoc allop/README allop-README + newdoc allowed/README allowed-README + newdoc autogroup/README autogroup-README + newdoc dsaschema/README dsaschema-README + newdoc passwd/README passwd-README + cd "${S}/contrib/slapi-plugins" || die + insinto /usr/$(get_libdir)/openldap/openldap + doins */*.so + docinto contrib + newdoc addrdnvalues/README addrdnvalues-README + + insinto /etc/openldap/schema + newins "${DISTDIR}"/${BIS_P} ${BIS_PN} + + docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample* + docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample* + docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm + + dosbin "${S}"/contrib/slapd-tools/statslog + newdoc "${S}"/contrib/slapd-tools/README README.statslog + fi +} + +multilib_src_install_all() { + dodoc ANNOUNCEMENT CHANGES COPYRIGHT README + docinto rfc ; dodoc doc/rfc/*.txt +} + +pkg_preinst() { + # keep old libs if any + preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0) + # bug 440470, only display the getting started help there was no openldap before, + # or we are going to a non-minimal build + ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]' + OPENLDAP_PRINT_MESSAGES=$((! $?)) +} + +pkg_postinst() { + if ! use minimal ; then + # You cannot build SSL certificates during src_install that will make + # binary packages containing your SSL key, which is both a security risk + # and a misconfiguration if multiple machines use the same key and cert. + if use ssl; then + install_cert /etc/openldap/ssl/ldap + use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.* + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "add 'TLS_REQCERT allow' if you want to use them." + fi + + if use prefix; then + # Warn about prefix issues with slapd + eerror "slapd might NOT be usable on Prefix systems as it requires root privileges" + eerror "to start up, and requires that certain files directories be owned by" + eerror "ldap:ldap. As Prefix does not support changing ownership of files and" + eerror "directories, you will have to manually fix this yourself." + fi + + # These lines force the permissions of various content to be correct + use prefix || chown ldap:ldap "${EROOT}"var/run/openldap + chmod 0755 "${EROOT}"var/run/openldap + use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default} + chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default} + use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data + fi + + if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then + elog "Getting started using OpenLDAP? There is some documentation available:" + elog "Gentoo Guide to OpenLDAP Authentication" + elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)" + elog "---" + elog "An example file for tuning BDB backends with openldap is" + elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" + fi + + preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0) +} diff --git a/net-nds/openldap/openldap-2.4.45.ebuild b/net-nds/openldap/openldap-2.4.45.ebuild new file mode 100644 index 000000000000..de36c98cf1a0 --- /dev/null +++ b/net-nds/openldap/openldap-2.4.45.ebuild @@ -0,0 +1,883 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd + +BIS_PN=rfc2307bis.schema +BIS_PV=20140524 +BIS_P="${BIS_PN}-${BIS_PV}" + +DESCRIPTION="LDAP suite of application and development tools" +HOMEPAGE="http://www.OpenLDAP.org/" + +# mirrors are mostly not working, using canonical URI +SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz + mirror://gentoo/${BIS_P}" + +LICENSE="OPENLDAP GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris" + +IUSE_DAEMON="crypt samba slp tcpd experimental minimal" +IUSE_BACKEND="+berkdb" +IUSE_OVERLAY="overlays perl" +IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs" +IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2" +IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" +IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" + +REQUIRED_USE="cxx? ( sasl ) + ?? ( gnutls libressl ) + pbkdf2? ( ssl )" + +# always list newer first +# Do not add any AGPL-3 BDB here! +# See bug 525110, comment 15. +# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build. +BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}" +BDB_PKGS='' +for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done + +# openssl is needed to generate lanman-passwords required by samba +CDEPEND=" + ssl? ( + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) + ) + gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] + libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) + >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) ) + sasl? ( dev-libs/cyrus-sasl:= ) + !minimal? ( + sys-devel/libtool + sys-libs/e2fsprogs-libs + >=dev-db/lmdb-0.9.18:= + tcpd? ( sys-apps/tcp-wrappers ) + odbc? ( !iodbc? ( dev-db/unixODBC ) + iodbc? ( dev-db/libiodbc ) ) + slp? ( net-libs/openslp ) + perl? ( dev-lang/perl:=[-build(-)] ) + samba? ( + !libressl? ( dev-libs/openssl:0 ) + libressl? ( dev-libs/libressl ) + ) + berkdb? ( + <sys-libs/db-6.0:= + || ( ${BDB_PKGS} ) + ) + smbkrb5passwd? ( + !libressl? ( dev-libs/openssl:0 ) + libressl? ( dev-libs/libressl ) + kerberos? ( app-crypt/heimdal ) + ) + kerberos? ( + virtual/krb5 + kinit? ( !app-crypt/heimdal ) + ) + cxx? ( dev-libs/cyrus-sasl:= ) + ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r3 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${CDEPEND} + sys-apps/groff" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-ldap ) +" +# for tracking versions +OPENLDAP_VERSIONTAG=".version-tag" +OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" + +MULTILIB_WRAPPED_HEADERS=( + # USE=cxx + /usr/include/LDAPAsynConnection.h + /usr/include/LDAPAttrType.h + /usr/include/LDAPAttribute.h + /usr/include/LDAPAttributeList.h + /usr/include/LDAPConnection.h + /usr/include/LDAPConstraints.h + /usr/include/LDAPControl.h + /usr/include/LDAPControlSet.h + /usr/include/LDAPEntry.h + /usr/include/LDAPEntryList.h + /usr/include/LDAPException.h + /usr/include/LDAPExtResult.h + /usr/include/LDAPMessage.h + /usr/include/LDAPMessageQueue.h + /usr/include/LDAPModList.h + /usr/include/LDAPModification.h + /usr/include/LDAPObjClass.h + /usr/include/LDAPRebind.h + /usr/include/LDAPRebindAuth.h + /usr/include/LDAPReferenceList.h + /usr/include/LDAPResult.h + /usr/include/LDAPSaslBindResult.h + /usr/include/LDAPSchema.h + /usr/include/LDAPSearchReference.h + /usr/include/LDAPSearchResult.h + /usr/include/LDAPSearchResults.h + /usr/include/LDAPUrl.h + /usr/include/LDAPUrlList.h + /usr/include/LdifReader.h + /usr/include/LdifWriter.h + /usr/include/SaslInteraction.h + /usr/include/SaslInteractionHandler.h + /usr/include/StringList.h + /usr/include/TlsOptions.h +) + +openldap_filecount() { + local dir="$1" + find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l +} + +openldap_find_versiontags() { + # scan for all datadirs + openldap_datadirs="" + if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then + openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)" + fi + openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}" + + einfo + einfo "Scanning datadir(s) from slapd.conf and" + einfo "the default installdir for Versiontags" + einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" + einfo + + # scan datadirs if we have a version tag + openldap_found_tag=0 + have_files=0 + for each in ${openldap_datadirs}; do + CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"` + CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG} + if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then + einfo "- Checking ${each}..." + if [ -r ${CURRENT_TAG} ] ; then + # yey, we have one :) + einfo " Found Versiontag in ${each}" + source ${CURRENT_TAG} + if [ "${OLDPF}" == "" ] ; then + eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" + eerror "Please delete it" + eerror + die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" + fi + + OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}` + + [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1 + + # are we on the same branch? + if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then + ewarn " Versiontag doesn't match current major release!" + if [[ "${have_files}" == "1" ]] ; then + eerror " Versiontag says other major and you (probably) have datafiles!" + echo + openldap_upgrade_howto + else + einfo " No real problem, seems there's no database." + fi + else + einfo " Versiontag is fine here :)" + fi + else + einfo " Non-tagged dir ${each}" + [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1 + if [[ "${have_files}" == "1" ]] ; then + einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" + echo + + eerror + eerror "Your OpenLDAP Installation has a non tagged datadir that" + eerror "possibly contains a database at ${CURRENT_TAGDIR}" + eerror + eerror "Please export data if any entered and empty or remove" + eerror "the directory, installation has been stopped so you" + eerror "can take required action" + eerror + eerror "For a HOWTO on exporting the data, see instructions in the ebuild" + eerror + openldap_upgrade_howto + die "Please move the datadir ${CURRENT_TAGDIR} away" + fi + fi + einfo + fi + done + [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present" + + # Now we must check for the major version of sys-libs/db linked against. + SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd + if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then + OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ + | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" + if use berkdb; then + # find which one would be used + for bdb_slot in $BDB_SLOTS ; do + NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")" + [[ -n "$NEWVER" ]] && break + done + fi + local fail=0 + if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then + : + # Nothing wrong here. + elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was not built against" + eerror " any version of sys-libs/db, but the new one will build" + eerror " against ${NEWVER} and your database may be inaccessible." + echo + fail=1 + elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will not be" + eerror " built against any version and your database may be" + eerror " inaccessible." + echo + fail=1 + elif [ "${OLDVER}" != "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will build against" + eerror " ${NEWVER} and your database would be inaccessible." + echo + fail=1 + fi + [ "${fail}" == "1" ] && openldap_upgrade_howto + fi + + echo + einfo + einfo "All datadirs are fine, proceeding with merge now..." + einfo +} + +openldap_upgrade_howto() { + eerror + eerror "A (possible old) installation of OpenLDAP was detected," + eerror "installation will not proceed for now." + eerror + eerror "As major version upgrades can corrupt your database," + eerror "you need to dump your database and re-create it afterwards." + eerror + eerror "Additionally, rebuilding against different major versions of the" + eerror "sys-libs/db libraries will cause your database to be inaccessible." + eerror "" + d="$(date -u +%s)" + l="/root/ldapdump.${d}" + i="${l}.raw" + eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop" + eerror " 2. slapcat -l ${i}" + eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}" + eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" + eerror " 5. emerge --update \=net-nds/${PF}" + eerror " 6. etc-update, and ensure that you apply the changes" + eerror " 7. slapadd -l ${l}" + eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" + eerror " 9. /etc/init.d/slapd start" + eerror "10. check that your data is intact." + eerror "11. set up the new replication system." + eerror + if [ "${FORCE_UPGRADE}" != "1" ]; then + die "You need to upgrade your database first" + else + eerror "You have the magical FORCE_UPGRADE=1 in place." + eerror "Don't say you weren't warned about data loss." + fi +} + +pkg_setup() { + if ! use sasl && use cxx ; then + die "To build the ldapc++ library you must emerge openldap with sasl support" + fi + # Bug #322787 + if use minimal && ! has_version "net-nds/openldap" ; then + einfo "No datadir scan needed, openldap not installed" + elif use minimal && has_version 'net-nds/openldap[minimal]' ; then + einfo "Skipping scan for previous datadirs as requested by minimal useflag" + else + openldap_find_versiontags + fi + + # The user/group are only used for running daemons which are + # disabled in minimal builds, so elide the accounts too. + if ! use minimal ; then + enewgroup ldap 439 + enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap + fi +} + +src_prepare() { + # ensure correct SLAPI path by default + sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \ + "${S}"/include/ldap_defaults.h + + epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch + + epatch \ + "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ + "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch + + # bug #116045 - still present in 2.4.28 + epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch + # bug #408077 - samba4 + epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch + + # bug #189817 + epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch + + # bug #233633 + epatch "${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch + + # bug #281495 + epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch + + # bug #294350 + epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch + + # unbreak /bin/sh -> dash + epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch + + # bug #420959 + epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch + + # bug #622464 + epatch "${FILESDIR}"/${PN}-2.4.45-libressl.patch + + # unbundle lmdb + epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch + rm -rf "${S}"/libraries/liblmdb + + epatch_user + + cd "${S}"/build || die + einfo "Making sure upstream build strip does not do stripping too early" + sed -i.orig \ + -e '/^STRIP/s,-s,,g' \ + top.mk || die "Failed to block stripping" + + # wrong assumption that /bin/sh is /bin/bash + sed -i \ + -e 's|/bin/sh|/bin/bash|g' \ + "${S}"/tests/scripts/* || die "sed failed" + + cd "${S}" || die + + AT_NOEAUTOMAKE=yes eautoreconf +} + +build_contrib_module() { + # <dir> <sources> <outputname> + cd "${S}/contrib/slapd-modules/$1" || die + einfo "Compiling contrib-module: $3" + # Make sure it's uppercase + local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -D${define_name}=SLAPD_MOD_DYNAMIC \ + -I"${BUILD_DIR}"/include \ + -I../../../include -I../../../servers/slapd ${CFLAGS} \ + -o ${2%.c}.lo -c $2 || die "compiling $3 failed" + einfo "Linking contrib-module: $3" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o $3.la ${2%.c}.lo || die "linking $3 failed" +} + +src_configure() { + # Bug 408001 + use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync + + # connectionless ldap per bug #342439 + append-cppflags -DLDAP_CONNECTIONLESS + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=() + + use debug && myconf+=( $(use_enable debug) ) + + # ICU exists only in the configure, nowhere in the codebase, bug #510858 + export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no + + if ! use minimal && multilib_is_native_abi; then + local CPPFLAGS=${CPPFLAGS} + + # re-enable serverside overlay chains per bug #296567 + # see ldap docs chaper 12.3.1 for details + myconf+=( --enable-ldap ) + + # backends + myconf+=( --enable-slapd ) + if use berkdb ; then + einfo "Using Berkeley DB for local backend" + myconf+=( --enable-bdb --enable-hdb ) + DBINCLUDE=$(db_includedir $BDB_SLOTS) + einfo "Using $DBINCLUDE for sys-libs/db version" + # We need to include the slotted db.h dir for FreeBSD + append-cppflags -I${DBINCLUDE} + else + myconf+=( --disable-bdb --disable-hdb ) + fi + for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do + myconf+=( --enable-${backend}=mod ) + done + + myconf+=( $(use_enable perl perl mod) ) + + myconf+=( $(use_enable odbc sql mod) ) + if use odbc ; then + local odbc_lib="unixodbc" + if use iodbc ; then + odbc_lib="iodbc" + append-cppflags -I"${EPREFIX}"/usr/include/iodbc + fi + myconf+=( --with-odbc=${odbc_lib} ) + fi + + # slapd options + myconf+=( + $(use_enable crypt) + $(use_enable slp) + $(use_enable samba lmpasswd) + $(use_enable syslog) + ) + if use experimental ; then + myconf+=( + --enable-dynacl + --enable-aci=mod + ) + fi + for option in aci cleartext modules rewrite rlookups slapi; do + myconf+=( --enable-${option} ) + done + + # slapd overlay options + # Compile-in the syncprov, the others as module + myconf+=( --enable-syncprov=yes ) + use overlays && myconf+=( --enable-overlays=mod ) + + else + myconf+=( + --disable-backends + --disable-slapd + --disable-bdb + --disable-hdb + --disable-mdb + --disable-overlays + --disable-syslog + ) + fi + + # basic functionality stuff + myconf+=( + $(use_enable ipv6) + $(multilib_native_use_with sasl cyrus-sasl) + $(multilib_native_use_enable sasl spasswd) + $(use_enable tcpd wrappers) + ) + + # Some cross-compiling tests don't pan out well. + tc-is-cross-compiler && myconf+=( + --with-yielding-select=yes + ) + + local ssl_lib="no" + if use ssl || ( ! use minimal && use samba ) ; then + ssl_lib="openssl" + use gnutls && ssl_lib="gnutls" + fi + + myconf+=( --with-tls=${ssl_lib} ) + + for basicflag in dynamic local proctitle shared; do + myconf+=( --enable-${basicflag} ) + done + + tc-export AR CC CXX + ECONF_SOURCE=${S} \ + STRIP=/bin/true \ + econf \ + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \ + $(use_enable static-libs static) \ + "${myconf[@]}" + emake depend +} + +src_configure_cxx() { + # This needs the libraries built by the first build run. + # So we have to run it AFTER the main build, not just after the main + # configure. + local myconf_ldapcpp=( + --with-ldap-includes="${S}"/include + ) + + mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die + cd "${BUILD_DIR}/contrib/ldapc++" || die + + local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS} + append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \ + -L"${BUILD_DIR}"/libraries/libldap/.libs + append-cppflags -I"${BUILD_DIR}"/include + ECONF_SOURCE=${S}/contrib/ldapc++ \ + econf "${myconf_ldapcpp[@]}" \ + CC="${CC}" \ + CXX="${CXX}" +} + +multilib_src_compile() { + tc-export AR CC CXX + emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash + local lt="${BUILD_DIR}/libtool" + export echo="echo" + + if ! use minimal && multilib_is_native_abi ; then + if use cxx ; then + einfo "Building contrib library: ldapc++" + src_configure_cxx + cd "${BUILD_DIR}/contrib/ldapc++" || die + emake \ + CC="${CC}" CXX="${CXX}" + fi + + if use smbkrb5passwd ; then + einfo "Building contrib-module: smbk5pwd" + cd "${S}/contrib/slapd-modules/smbk5pwd" || die + + MY_DEFS="-DDO_SHADOW" + if use samba ; then + MY_DEFS="${MY_DEFS} -DDO_SAMBA" + MY_KRB5_INC="" + fi + if use kerberos ; then + MY_DEFS="${MY_DEFS} -DDO_KRB5" + MY_KRB5_INC="$(krb5-config --cflags)" + fi + + emake \ + DEFS="${MY_DEFS}" \ + KRB5_INC="${MY_KRB5_INC}" \ + LDAP_BUILD="${BUILD_DIR}" \ + CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" + fi + + if use overlays ; then + einfo "Building contrib-module: samba4" + cd "${S}/contrib/slapd-modules/samba4" || die + + emake \ + LDAP_BUILD="${BUILD_DIR}" \ + CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" + fi + + if use kerberos ; then + if use kinit ; then + build_contrib_module "kinit" "kinit.c" "kinit" + fi + cd "${S}/contrib/slapd-modules/passwd" || die + einfo "Compiling contrib-module: pw-kerberos" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I"${BUILD_DIR}"/include \ + -I../../../include \ + ${CFLAGS} \ + $(krb5-config --cflags) \ + -DHAVE_KRB5 \ + -o kerberos.lo \ + -c kerberos.c || die "compiling pw-kerberos failed" + einfo "Linking contrib-module: pw-kerberos" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-kerberos.la \ + kerberos.lo || die "linking pw-kerberos failed" + fi + + if use pbkdf2; then + cd "${S}/contrib/slapd-modules/passwd/pbkdf2" || die + einfo "Compiling contrib-module: pw-pbkdf2" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I"${BUILD_DIR}"/include \ + -I../../../../include \ + ${CFLAGS} \ + -o pbkdf2.lo \ + -c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed" + einfo "Linking contrib-module: pw-pbkdf2" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-pbkdf2.la \ + pbkdf2.lo || die "linking pw-pbkdf2 failed" + fi + + if use sha2 ; then + cd "${S}/contrib/slapd-modules/passwd/sha2" || die + einfo "Compiling contrib-module: pw-sha2" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I"${BUILD_DIR}"/include \ + -I../../../../include \ + ${CFLAGS} \ + -o sha2.lo \ + -c sha2.c || die "compiling pw-sha2 failed" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I"${BUILD_DIR}"/include \ + -I../../../../include \ + ${CFLAGS} \ + -o slapd-sha2.lo \ + -c slapd-sha2.c || die "compiling pw-sha2 failed" + einfo "Linking contrib-module: pw-sha2" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-sha2.la \ + sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed" + fi + + # We could build pw-radius if GNURadius would install radlib.h + cd "${S}/contrib/slapd-modules/passwd" || die + einfo "Compiling contrib-module: pw-netscape" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I"${BUILD_DIR}"/include \ + -I../../../include \ + ${CFLAGS} \ + -o netscape.lo \ + -c netscape.c || die "compiling pw-netscape failed" + einfo "Linking contrib-module: pw-netscape" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-netscape.la \ + netscape.lo || die "linking pw-netscape failed" + + #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only + #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos + build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" + build_contrib_module "allop" "allop.c" "overlay-allop" + build_contrib_module "allowed" "allowed.c" "allowed" + build_contrib_module "autogroup" "autogroup.c" "autogroup" + build_contrib_module "cloak" "cloak.c" "cloak" + # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand + build_contrib_module "denyop" "denyop.c" "denyop-overlay" + build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" + build_contrib_module "dupent" "dupent.c" "dupent" + build_contrib_module "lastbind" "lastbind.c" "lastbind" + # lastmod may not play well with other overlays + build_contrib_module "lastmod" "lastmod.c" "lastmod" + build_contrib_module "noopsrch" "noopsrch.c" "noopsrch" + build_contrib_module "nops" "nops.c" "nops-overlay" + #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER + build_contrib_module "trace" "trace.c" "trace" + # build slapi-plugins + cd "${S}/contrib/slapi-plugins/addrdnvalues" || die + einfo "Building contrib-module: addrdnvalues plugin" + "${CC}" -shared \ + -I"${BUILD_DIR}"/include \ + -I../../../include \ + ${CFLAGS} \ + -fPIC \ + ${LDFLAGS} \ + -o libaddrdnvalues-plugin.so \ + addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" + + fi +} + +multilib_src_test() { + if multilib_is_native_abi; then + cd tests || die + emake tests || die "make tests failed" + fi +} + +multilib_src_install() { + local lt="${BUILD_DIR}/libtool" + emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install + use static-libs || prune_libtool_files --all + + if ! use minimal && multilib_is_native_abi; then + # openldap modules go here + # TODO: write some code to populate slapd.conf with moduleload statements + keepdir /usr/$(get_libdir)/openldap/openldap/ + + # initial data storage dir + keepdir /var/lib/openldap-data + use prefix || fowners ldap:ldap /var/lib/openldap-data + fperms 0700 /var/lib/openldap-data + + echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + + # use our config + rm "${ED}"etc/openldap/slapd.conf + insinto /etc/openldap + newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf + configfile="${ED}"etc/openldap/slapd.conf + + # populate with built backends + ebegin "populate config with built backends" + for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do + einfo "Adding $(basename ${x})" + sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" + done + sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" + use prefix || fowners root:ldap /etc/openldap/slapd.conf + fperms 0640 /etc/openldap/slapd.conf + cp "${configfile}" "${configfile}".default + eend + + # install our own init scripts and systemd unit files + einfo "Install init scripts" + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die + doinitd "${T}"/slapd + newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd + + einfo "Install systemd service" + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die + systemd_dounit "${T}"/slapd.service + systemd_install_serviced "${FILESDIR}"/slapd.service.conf + systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf + + # If built without SLP, we don't need to be before avahi + use slp \ + || sed -i \ + -e '/before/{s/avahi-daemon//g}' \ + "${ED}"etc/init.d/slapd + + if use cxx ; then + einfo "Install the ldapc++ library" + cd "${BUILD_DIR}/contrib/ldapc++" || die + emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install + cd "${S}"/contrib/ldapc++ || die + newdoc README ldapc++-README + fi + + if use smbkrb5passwd ; then + einfo "Install the smbk5pwd module" + cd "${S}/contrib/slapd-modules/smbk5pwd" || die + emake DESTDIR="${D}" \ + LDAP_BUILD="${BUILD_DIR}" \ + libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install + newdoc README smbk5pwd-README + fi + + if use overlays ; then + einfo "Install the samba4 module" + cd "${S}/contrib/slapd-modules/samba4" || die + emake DESTDIR="${D}" \ + LDAP_BUILD="${BUILD_DIR}" \ + libexecdir="/usr/$(get_libdir)/openldap" install + newdoc README samba4-README + fi + + einfo "Installing contrib modules" + cd "${S}/contrib/slapd-modules" || die + for l in */*.la */*/*.la; do + [[ -e ${l} ]] || continue + "${lt}" --mode=install cp ${l} \ + "${ED}"usr/$(get_libdir)/openldap/openldap || \ + die "installing ${l} failed" + done + + dodoc "${FILESDIR}"/DB_CONFIG.fast.example + docinto contrib + doman */*.5 + #newdoc acl/README* + newdoc addpartial/README addpartial-README + newdoc allop/README allop-README + newdoc allowed/README allowed-README + newdoc autogroup/README autogroup-README + newdoc dsaschema/README dsaschema-README + newdoc passwd/README passwd-README + cd "${S}/contrib/slapi-plugins" || die + insinto /usr/$(get_libdir)/openldap/openldap + doins */*.so + docinto contrib + newdoc addrdnvalues/README addrdnvalues-README + + insinto /etc/openldap/schema + newins "${DISTDIR}"/${BIS_P} ${BIS_PN} + + docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample* + docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample* + docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm + + dosbin "${S}"/contrib/slapd-tools/statslog + newdoc "${S}"/contrib/slapd-tools/README README.statslog + fi +} + +multilib_src_install_all() { + dodoc ANNOUNCEMENT CHANGES COPYRIGHT README + docinto rfc ; dodoc doc/rfc/*.txt +} + +pkg_preinst() { + # keep old libs if any + preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0) + # bug 440470, only display the getting started help there was no openldap before, + # or we are going to a non-minimal build + ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]' + OPENLDAP_PRINT_MESSAGES=$((! $?)) +} + +pkg_postinst() { + if ! use minimal ; then + # You cannot build SSL certificates during src_install that will make + # binary packages containing your SSL key, which is both a security risk + # and a misconfiguration if multiple machines use the same key and cert. + if use ssl; then + install_cert /etc/openldap/ssl/ldap + use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.* + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "add 'TLS_REQCERT allow' if you want to use them." + fi + + if use prefix; then + # Warn about prefix issues with slapd + eerror "slapd might NOT be usable on Prefix systems as it requires root privileges" + eerror "to start up, and requires that certain files directories be owned by" + eerror "ldap:ldap. As Prefix does not support changing ownership of files and" + eerror "directories, you will have to manually fix this yourself." + fi + + # These lines force the permissions of various content to be correct + use prefix || chown ldap:ldap "${EROOT}"var/run/openldap + chmod 0755 "${EROOT}"var/run/openldap + use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default} + chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default} + use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data + fi + + if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then + elog "Getting started using OpenLDAP? There is some documentation available:" + elog "Gentoo Guide to OpenLDAP Authentication" + elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)" + elog "---" + elog "An example file for tuning BDB backends with openldap is" + elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" + fi + + preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0) +} |