Move all packages to root.

[people/ms/ipfire-3.x.git] / nss_ldap / patches / nss_ldap-257-mozldap.patch

Go back to using AC_TRY_COMPILE to detect <ldap_ssl.h>, which requires
that <ldap.h> be included before it.

Use the draft-specified value "0" instead of a preprocessor define which
mozldap doesn't provide (LDAP_OPT_SUCCESS).

Don't fail to compile if libldap doesn't provide ldap_create_control(),
just fail at run-time if we try to use it.

Only try to set non-portable options that the libldap which is being used
supports.

Don't depend on ldap_alloc_ber_with_options() being there; fall back to
either ber_alloc_t() or the deprecated der_alloc().

Learn about Mozilla LDAP 6.

Prefer </usr/include/nss.h> to <nss.h>, because <nss.h> can also be the
security toolkit used by Mozilla's LDAP SDK rather than libc's nsswitch
header, and if we've set the include path, we could be screwed.

Strip off any '/' which appears in our hostname before passing it to
ldap_init().

diff -up nss_ldap/configure.in nss_ldap/configure.in
--- nss_ldap/configure.in       2007-11-14 14:21:54.000000000 -0500
+++ nss_ldap/configure.in       2007-11-14 15:01:32.000000000 -0500
@@ -41,7 +41,7 @@ dnl
 AC_ARG_ENABLE(configurable-krb5-ccname-env, [  --enable-configurable-krb5-ccname-env   enable configurable Kerberos V credentials cache name (putenv method)], [AC_DEFINE(CONFIGURE_KRB5_CCNAME) AC_DEFINE(CONFIGURE_KRB5_CCNAME_ENV)])
 AC_ARG_ENABLE(configurable-krb5-ccname-gssapi, [  --enable-configurable-krb5-ccname-gssapi   enable configurable Kerberos V credentials cache name (gssapi method)], [AC_DEFINE(CONFIGURE_KRB5_CCNAME) AC_DEFINE(CONFIGURE_KRB5_CCNAME_GSSAPI)])
 
-AC_ARG_WITH(ldap-lib, [  --with-ldap-lib=type      select ldap library [auto|netscape5|netscape4|netscape3|umich|openldap]])
+AC_ARG_WITH(ldap-lib, [  --with-ldap-lib=type      select ldap library [auto|mozilla|netscape5|netscape4|netscape3|umich|openldap]])
 AC_ARG_WITH(ldap-dir, [  --with-ldap-dir=DIR       base directory of LDAP SDK])
 AC_ARG_WITH(ldap-conf-file, [  --with-ldap-conf-file     path to LDAP configuration file],
            [ NSS_LDAP_PATH_CONF="$with_ldap_conf_file" ],
@@ -132,17 +132,18 @@ AC_SUBST(NSS_LDAP_LDFLAGS)
 
 AC_CHECK_HEADERS(lber.h)
 AC_CHECK_HEADERS(ldap.h, , AC_MSG_ERROR(could not locate <ldap.h>))
-AC_CHECK_HEADERS(ldap_ssl.h)
+dnl AC_CHECK_HEADERS(ldap_ssl.h)
 
-dnl AC_MSG_CHECKING(for ldap_ssl.h)
-dnl AC_TRY_COMPILE([#include <sys/types.h>
-dnl    #include <ldap.h>
-dnl    #include <ldap_ssl.h>], ,
-dnl    [
-dnl            AC_MSG_RESULT(yes),
-dnl            AC_DEFINE(HAVE_LDAP_SSL_H, 1)
-dnl    ],
-dnl    AC_MSG_RESULT(no))
+AC_MSG_CHECKING(for ldap_ssl.h)
+AC_TRY_COMPILE([
+       #include <sys/types.h>
+       #include <ldap.h>
+       #include <ldap_ssl.h>],[],
+       [
+               AC_MSG_RESULT(yes)
+               AC_DEFINE(HAVE_LDAP_SSL_H,1,[Define if you have <ldap_ssl.h>.])
+       ],
+       AC_MSG_RESULT(no))
 
 # For HP-UX and AIX we use private API, the headers for which
 # are included locally. We need to do something to stop both
@@ -150,7 +151,8 @@ dnl AC_MSG_RESULT(no))
 case "$target_os" in
   aix*) AC_CHECK_HEADERS(irs.h usersec.h) ;;
   hpux*) AC_CHECK_HEADERS(nsswitch.h) ;;
-  *) AC_CHECK_HEADERS(nss.h)
+  *) AC_CHECK_HEADERS(/usr/include/nss.h)
+     AC_CHECK_HEADERS(nss.h)
      AC_CHECK_HEADERS(nsswitch.h)
      AC_CHECK_HEADERS(irs.h) ;;
 esac
@@ -297,6 +299,9 @@ if test -z "$found_ldap_lib" -a \( $with
   AC_CHECK_LIB(lber, main)
   AC_CHECK_LIB(ldap, main, [LIBS="-lldap $LIBS" found_ldap_lib=yes],,$LIBS)
 fi
+if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = mozilla \); then
+AC_CHECK_LIB(ldap60, main, LIBS="-lssldap60 -lprldap60 -lldap60 -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 $LIBS" found_ldap_lib=yes need_pthread=yes,, -lpthread)
+fi
 if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = netscape5 \); then
 AC_CHECK_LIB(ldap50, main, LIBS="-lldap50 -lssldap50 -lssl3 -lnss3 -lnspr4 -lprldap50 -lplc4 -lplds4 $LIBS" found_ldap_lib=yes need_pthread=yes,, -lpthread)
 fi
@@ -331,6 +336,7 @@ AC_CHECK_FUNCS(ldap_init ldap_get_lderrn
 AC_CHECK_FUNCS(ldap_ld_free ldap_explode_rdn ldap_set_option ldap_get_option)
 AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s ldap_initialize ldap_search_ext)
 AC_CHECK_FUNCS(ldap_create_control ldap_create_page_control ldap_parse_page_control)
+AC_CHECK_FUNCS(ldap_alloc_ber_with_options ber_alloc_t der_alloc)
 if test "$enable_ssl" \!= "no"; then
   AC_CHECK_FUNCS(ldapssl_client_init ldap_start_tls_s ldap_pvt_tls_set_option ldap_start_tls)
 fi
diff -up nss_ldap/ldap-nss.h nss_ldap/ldap-nss.h
--- nss_ldap/ldap-nss.h 2007-11-14 14:21:54.000000000 -0500
+++ nss_ldap/ldap-nss.h 2007-11-14 15:05:57.000000000 -0500
@@ -58,6 +58,8 @@
 #include <nss_common.h>
 #include <nss_dbdefs.h>
 #include <nsswitch.h>
+#elif defined(HAVE__USR_INCLUDE_NSS_H)
+#include </usr/include/nss.h>
 #elif defined(HAVE_NSS_H)
 #include <nss.h>
 #elif defined(HAVE_IRS_H)
diff -up nss_ldap/ldap-nss.c nss_ldap/ldap-nss.c
--- nss_ldap/ldap-nss.c 2007-11-14 14:21:54.000000000 -0500
+++ nss_ldap/ldap-nss.c 2007-11-14 14:21:54.000000000 -0500
@@ -1069,6 +1069,23 @@ do_init_session (LDAP ** ld, const char 
       defport = atoi (p + 1);
       uri = uribuf;
     }
+  else
+    {
+      size_t urilen = strlen(uri);
+
+      if (urilen >= sizeof (uribuf))
+       {
+         return NSS_UNAVAIL;
+       }
+
+      memcpy (uribuf, uri, urilen);
+      uribuf[urilen] = '\0';
+
+      if ((urilen > 0) && (uribuf[urilen - 1] == '/'))
+        uribuf[urilen - 1] = '\0';
+
+      uri = uribuf;
+    }
 
 # ifdef HAVE_LDAP_INIT
   *ld = ldap_init (uri, defport);
@@ -1537,7 +1554,7 @@ do_open (void)
 
       if (ldap_get_option
          (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
-          &version) == LDAP_OPT_SUCCESS)
+          &version) == 0)
        {
          if (version < LDAP_VERSION3)
            {
@@ -1697,6 +1714,7 @@ do_ssl_options (ldap_config_t * cfg)
     }
 #endif /* LDAP_OPT_X_TLS_RANDOM_FILE */
 
+#ifdef LDAP_OPT_X_TLS_CACERTFILE
   if (cfg->ldc_tls_cacertfile != NULL)
     {
       /* ca cert file */
@@ -1709,7 +1727,9 @@ do_ssl_options (ldap_config_t * cfg)
          return LDAP_OPERATIONS_ERROR;
        }
     }
+#endif
 
+#ifdef LDAP_OPT_X_TLS_CACERTDIR
   if (cfg->ldc_tls_cacertdir != NULL)
     {
       /* ca cert directory */
@@ -1722,7 +1742,9 @@ do_ssl_options (ldap_config_t * cfg)
          return LDAP_OPERATIONS_ERROR;
        }
     }
+#endif
 
+#ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
   /* require cert? */
   if (cfg->ldc_tls_checkpeer > -1)
     {
@@ -1735,7 +1757,9 @@ do_ssl_options (ldap_config_t * cfg)
          return LDAP_OPERATIONS_ERROR;
        }
     }
+#endif
 
+#ifdef LDAP_OPT_X_TLS_CIPHER_SUITE
   if (cfg->ldc_tls_ciphers != NULL)
     {
       /* set cipher suite, certificate and private key: */
@@ -1748,7 +1772,9 @@ do_ssl_options (ldap_config_t * cfg)
          return LDAP_OPERATIONS_ERROR;
        }
     }
+#endif
 
+#ifdef LDAP_OPT_X_TLS_CERTFILE
   if (cfg->ldc_tls_cert != NULL)
     {
       rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE, cfg->ldc_tls_cert);
@@ -1759,7 +1785,9 @@ do_ssl_options (ldap_config_t * cfg)
          return LDAP_OPERATIONS_ERROR;
        }
     }
+#endif
 
+#ifdef LDAP_OPT_X_TLS_CERTFILE
   if (cfg->ldc_tls_key != NULL)
     {
       rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE, cfg->ldc_tls_key);
@@ -1770,6 +1798,7 @@ do_ssl_options (ldap_config_t * cfg)
          return LDAP_OPERATIONS_ERROR;
        }
     }
+#endif
 
   debug ("<== do_ssl_options");
 
diff -up nss_ldap/pagectrl.c nss_ldap/pagectrl.c
--- nss_ldap/pagectrl.c 2007-08-03 00:51:09.000000000 -0400
+++ nss_ldap/pagectrl.c 2007-11-14 14:21:54.000000000 -0500
@@ -38,6 +38,17 @@ static char rcsId[] = "$Id: pagectrl.c,v
 #define LDAP_CONTROL_PAGE_OID           "1.2.840.113556.1.4.319"
 #endif
 
+#ifndef HAVE_LDAP_CREATE_CONTROL
+#define ldap_create_control _nss_ldap_fail_to_create_control
+static int
+ldap_create_control(const char *oid, BerElement *value,
+                   int iscritical, LDAPControl ** ctrlp)
+{
+  *ctrlp = NULL;
+  return LDAP_ENCODING_ERROR;
+}
+#endif
+
 #ifndef HAVE_LDAP_CREATE_PAGE_CONTROL
 /*---
    ldap_create_page_control
@@ -78,9 +89,6 @@ static char rcsId[] = "$Id: pagectrl.c,v
 
  ---*/
 
-#ifndef HAVE_LDAP_CREATE_CONTROL
-#error LDAP client library does not support ldap_create_control()
-#else
 int
 ldap_create_page_control (LDAP * ld,
                          unsigned long pagesize,
@@ -97,10 +105,24 @@ ldap_create_page_control (LDAP * ld,
       return (LDAP_PARAM_ERROR);
     }
 
+#ifdef HAVE_LDAP_ALLOC_BER_WITH_OPTIONS
   if ((ber = ldap_alloc_ber_with_options (ld)) == NULL)
     {
       return (LDAP_NO_MEMORY);
     }
+#elif defined(HAVE_BER_ALLOC_T) && defined(LBER_USE_DER)
+  if ((ber = ber_alloc_t(LBER_USE_DER)) == NULL)
+    {
+      return (LDAP_NO_MEMORY);
+    }
+#elif defined(HAVE_DER_ALLOC)
+  if ((ber = der_alloc()) == NULL)
+    {
+      return (LDAP_NO_MEMORY);
+    }
+#else
+  return (LDAP_NO_MEMORY);
+#endif
 
   tag = ber_printf (ber, "{i", pagesize);
   if (tag == LBER_ERROR)
@@ -126,7 +148,6 @@ exit:
   ber_free (ber, 1);
   return (LDAP_ENCODING_ERROR);
 }
-#endif /* HAVE_LDAP_CREATE_CONTROL */
 #endif /* HAVE_LDAP_CREATE_PAGE_CONTROL */
 
 #ifndef HAVE_LDAP_PARSE_PAGE_CONTROL
@@ -154,9 +175,6 @@ exit:
    
 ---*/
 
-#ifndef HAVE_LDAP_CREATE_CONTROL
-#error LDAP client library does not support ldap_create_control()
-#else
 int
 ldap_parse_page_control (LDAP * ld,
                         LDAPControl ** ctrls,
@@ -222,5 +240,4 @@ foundPageControl:
 
   return (LDAP_SUCCESS);
 }
-#endif /* HAVE_LDAP_CREATE_CONTROL */
 #endif /* HAVE_LDAP_PARSE_PAGE_CONTROL */