lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1824 - in nss-pam-ldapd: man nslcd pynslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1824 - in nss-pam-ldapd: man nslcd pynslcd



Author: arthur
Date: Tue Nov 13 21:03:59 2012
New Revision: 1824
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1824&view=revision

Log:
to only set LDAP_OPT_X_SASL_NOCANON if the sasl_canonicalize option is 
explicitly set in the configuration file

Modified:
   nss-pam-ldapd/man/nslcd.conf.5.xml
   nss-pam-ldapd/nslcd/cfg.c
   nss-pam-ldapd/nslcd/myldap.c
   nss-pam-ldapd/pynslcd/cfg.py
   nss-pam-ldapd/pynslcd/pynslcd.py

Modified: nss-pam-ldapd/man/nslcd.conf.5.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.conf.5.xml  Sun Nov 11 23:46:23 2012        (r1823)
+++ nss-pam-ldapd/man/nslcd.conf.5.xml  Tue Nov 13 21:03:59 2012        (r1824)
@@ -289,7 +289,8 @@
        Determines whether the <acronym>LDAP</acronym> server host name should
        be canonicalised. If this is set to yes the <acronym>LDAP</acronym>
        library will do a reverse host name lookup.
-       By default this extra lookup is performed.
+       By default, it is left up to the <acronym>LDAP</acronym> library
+       whether this check is performed or not.
       </para>
      </listitem>
     </varlistentry>

Modified: nss-pam-ldapd/nslcd/cfg.c
==============================================================================
--- nss-pam-ldapd/nslcd/cfg.c   Sun Nov 11 23:46:23 2012        (r1823)
+++ nss-pam-ldapd/nslcd/cfg.c   Tue Nov 13 21:03:59 2012        (r1824)
@@ -112,7 +112,7 @@
   cfg->ldc_sasl_authzid=NULL;
   cfg->ldc_sasl_secprops=NULL;
 #ifdef LDAP_OPT_X_SASL_NOCANON
-  cfg->ldc_sasl_canonicalize=1;
+  cfg->ldc_sasl_canonicalize=-1;
 #endif /* LDAP_OPT_X_SASL_NOCANON */
   for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++)
     cfg->ldc_bases[i]=NULL;

Modified: nss-pam-ldapd/nslcd/myldap.c
==============================================================================
--- nss-pam-ldapd/nslcd/myldap.c        Sun Nov 11 23:46:23 2012        (r1823)
+++ nss-pam-ldapd/nslcd/myldap.c        Tue Nov 13 21:03:59 2012        (r1824)
@@ -668,8 +668,11 @@
   }
 #endif /* LDAP_OPT_X_TLS */
 #ifdef LDAP_OPT_X_SASL_NOCANON
-  
log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_SASL_NOCANON,%s)",nslcd_cfg->ldc_sasl_canonicalize?"LDAP_OPT_OFF":"LDAP_OPT_ON");
-  
LDAP_SET_OPTION(session->ld,LDAP_OPT_X_SASL_NOCANON,nslcd_cfg->ldc_sasl_canonicalize?LDAP_OPT_OFF:LDAP_OPT_ON);
+  if (nslcd_cfg->ldc_sasl_canonicalize>=0)
+  {
+    
log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_SASL_NOCANON,%s)",nslcd_cfg->ldc_sasl_canonicalize?"LDAP_OPT_OFF":"LDAP_OPT_ON");
+    
LDAP_SET_OPTION(session->ld,LDAP_OPT_X_SASL_NOCANON,nslcd_cfg->ldc_sasl_canonicalize?LDAP_OPT_OFF:LDAP_OPT_ON);
+  }
 #endif /* LDAP_OPT_X_SASL_NOCANON */
   /* if nothing above failed, everything should be fine */
   return LDAP_SUCCESS;

Modified: nss-pam-ldapd/pynslcd/cfg.py
==============================================================================
--- nss-pam-ldapd/pynslcd/cfg.py        Sun Nov 11 23:46:23 2012        (r1823)
+++ nss-pam-ldapd/pynslcd/cfg.py        Tue Nov 13 21:03:59 2012        (r1824)
@@ -52,7 +52,7 @@
 sasl_authcid = None
 sasl_authzid = None
 sasl_secprops = None
-sasl_canonicalize = True
+sasl_canonicalize = None
 
 # LDAP bases to search
 bases = []

Modified: nss-pam-ldapd/pynslcd/pynslcd.py
==============================================================================
--- nss-pam-ldapd/pynslcd/pynslcd.py    Sun Nov 11 23:46:23 2012        (r1823)
+++ nss-pam-ldapd/pynslcd/pynslcd.py    Tue Nov 13 21:03:59 2012        (r1824)
@@ -248,7 +248,8 @@
         session.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.timelimit)
     if cfg.referrals:
         session.set_option(ldap.OPT_REFERRALS, cfg.referrals)
-    session.set_option(ldap.OPT_X_SASL_NOCANON, not cfg.sasl_canonicalize)
+    if cfg.sasl_canonicalize is not None:
+        session.set_option(ldap.OPT_X_SASL_NOCANON, not cfg.sasl_canonicalize)
     session.set_option(ldap.OPT_RESTART, True)
     # TODO: register a connection callback (like dis?connect_cb() in myldap.c)
     if cfg.ssl or cfg.uri.startswith('ldaps://'):
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/