net-nds/openldap: Bump to 2.4.23 with sammba4

git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@2444 6952d904-891a-0410-993b-d76249ca496b

net-nds/openldap/files/openldap-2.2.6-ntlm.patch

@@ -0,0 +1,199 @@
+(Note that this patch is not useful on its own... it just adds some
+hooks to work with the LDAP authentication process at a lower level
+than the API otherwise allows. The code that calls these hooks and
+actually drives the NTLM authentication process is in
+lib/e2k-global-catalog.c, and the code that actually implements the
+NTLM algorithms is in xntlm/.)
+
+This is a patch against OpenLDAP 2.2.6. Apply with -p0
+
+
+--- include/ldap.h.orig	2004-01-01 13:16:28.000000000 -0500
++++ include/ldap.h	2004-07-14 11:58:49.000000000 -0400
+@@ -1753,5 +1753,26 @@
+ 	LDAPControl **cctrls ));
+ 
+ 
++/*
++ * hacks for NTLM
++ */
++#define LDAP_AUTH_NTLM_REQUEST	((ber_tag_t) 0x8aU)
++#define LDAP_AUTH_NTLM_RESPONSE	((ber_tag_t) 0x8bU)
++LDAP_F( int )
++ldap_ntlm_bind LDAP_P((
++	LDAP		*ld,
++	LDAP_CONST char	*dn,
++	ber_tag_t	tag,
++	struct berval	*cred,
++	LDAPControl	**sctrls,
++	LDAPControl	**cctrls,
++	int		*msgidp ));
++LDAP_F( int )
++ldap_parse_ntlm_bind_result LDAP_P((
++	LDAP		*ld,
++	LDAPMessage	*res,
++	struct berval	*challenge));
++
++
+ LDAP_END_DECL
+ #endif /* _LDAP_H */
+--- libraries/libldap/Makefile.in.orig	2004-01-01 13:16:29.000000000 -0500
++++ libraries/libldap/Makefile.in	2004-07-14 13:37:23.000000000 -0400
+@@ -20,7 +20,7 @@
+ SRCS	= bind.c open.c result.c error.c compare.c search.c \
+ 	controls.c messages.c references.c extended.c cyrus.c \
+ 	modify.c add.c modrdn.c delete.c abandon.c \
+-	sasl.c sbind.c kbind.c unbind.c cancel.c  \
++	sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c  \
+ 	filter.c free.c sort.c passwd.c whoami.c \
+ 	getdn.c getentry.c getattr.c getvalues.c addentry.c \
+ 	request.c os-ip.c url.c sortctrl.c vlvctrl.c \
+@@ -29,7 +29,7 @@
+ OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
+ 	controls.lo messages.lo references.lo extended.lo cyrus.lo \
+ 	modify.lo add.lo modrdn.lo delete.lo abandon.lo \
+-	sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
++	sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ 	filter.lo free.lo sort.lo passwd.lo whoami.lo \
+ 	getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
+ 	request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
+--- /dev/null	2004-06-30 15:04:37.000000000 -0400
++++ libraries/libldap/ntlm.c	2004-07-14 13:44:18.000000000 -0400
+@@ -0,0 +1,137 @@
++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
++/*
++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
++ */
++
++/* Mostly copied from sasl.c */
++
++#include "portable.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++
++#include <ac/socket.h>
++#include <ac/string.h>
++#include <ac/time.h>
++#include <ac/errno.h>
++
++#include "ldap-int.h"
++
++int
++ldap_ntlm_bind(
++	LDAP		*ld,
++	LDAP_CONST char	*dn,
++	ber_tag_t	tag,
++	struct berval	*cred,
++	LDAPControl	**sctrls,
++	LDAPControl	**cctrls,
++	int		*msgidp )
++{
++	BerElement	*ber;
++	int rc;
++	ber_int_t id;
++
++	Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
++
++	assert( ld != NULL );
++	assert( LDAP_VALID( ld ) );
++	assert( msgidp != NULL );
++
++	if( msgidp == NULL ) {
++		ld->ld_errno = LDAP_PARAM_ERROR;
++		return ld->ld_errno;
++	}
++
++	/* create a message to send */
++	if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
++		ld->ld_errno = LDAP_NO_MEMORY;
++		return ld->ld_errno;
++	}
++
++	assert( LBER_VALID( ber ) );
++
++	LDAP_NEXT_MSGID( ld, id );
++	rc = ber_printf( ber, "{it{istON}" /*}*/,
++			 id, LDAP_REQ_BIND,
++			 ld->ld_version, dn, tag,
++			 cred );
++
++	/* Put Server Controls */
++	if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
++		ber_free( ber, 1 );
++		return ld->ld_errno;
++	}
++
++	if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
++		ld->ld_errno = LDAP_ENCODING_ERROR;
++		ber_free( ber, 1 );
++		return ld->ld_errno;
++	}
++
++	/* send the message */
++	*msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
++
++	if(*msgidp < 0)
++		return ld->ld_errno;
++
++	return LDAP_SUCCESS;
++}
++
++int
++ldap_parse_ntlm_bind_result(
++	LDAP		*ld,
++	LDAPMessage	*res,
++	struct berval	*challenge)
++{
++	ber_int_t	errcode;
++	ber_tag_t	tag;
++	BerElement	*ber;
++	ber_len_t	len;
++
++	Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
++
++	assert( ld != NULL );
++	assert( LDAP_VALID( ld ) );
++	assert( res != NULL );
++
++	if ( ld == NULL || res == NULL ) {
++		return LDAP_PARAM_ERROR;
++	}
++
++	if( res->lm_msgtype != LDAP_RES_BIND ) {
++		ld->ld_errno = LDAP_PARAM_ERROR;
++		return ld->ld_errno;
++	}
++
++	if ( ld->ld_error ) {
++		LDAP_FREE( ld->ld_error );
++		ld->ld_error = NULL;
++	}
++	if ( ld->ld_matched ) {
++		LDAP_FREE( ld->ld_matched );
++		ld->ld_matched = NULL;
++	}
++
++	/* parse results */
++
++	ber = ber_dup( res->lm_ber );
++
++	if( ber == NULL ) {
++		ld->ld_errno = LDAP_NO_MEMORY;
++		return ld->ld_errno;
++	}
++
++	tag = ber_scanf( ber, "{ioa" /*}*/,
++			 &errcode, challenge, &ld->ld_error );
++	ber_free( ber, 0 );
++
++	if( tag == LBER_ERROR ) {
++		ld->ld_errno = LDAP_DECODING_ERROR;
++		return ld->ld_errno;
++	}
++
++	ld->ld_errno = errcode;
++
++	return( ld->ld_errno );
++}

net-nds/openldap/files/openldap-2.3.21-ppolicy.patch

@@ -0,0 +1,13 @@
+--- clients.orig/tools/common.c	2006-05-05 00:24:01.000000000 -0700
++++ clients/tools/common.c	2006-05-05 00:24:13.000000000 -0700
+@@ -904,8 +904,8 @@
+ tool_bind( LDAP *ld )
+ {
+ #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+-	if ( ppolicy ) {
+ 		LDAPControl *ctrls[2], c;
++	if ( ppolicy ) {
+ 		c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+ 		c.ldctl_value.bv_val = NULL;
+ 		c.ldctl_value.bv_len = 0;
+

net-nds/openldap/files/openldap-2.3.24-contrib-smbk5pwd.patch

@@ -0,0 +1,53 @@
+--- contrib/slapd-modules/smbk5pwd/Makefile.ORIG	2006-05-17 13:11:57.194660019 +0300
++++ contrib/slapd-modules/smbk5pwd/Makefile	2006-05-17 13:11:14.503082288 +0300
+@@ -9,29 +9,39 @@
+ # top-level directory of the distribution or, alternatively, at
+ # <http://www.OpenLDAP.org/license.html>.
+ 
++#libexecdir=/usr/lib/openldap
++moduledir=$(libexecdir)/openldap
+ LIBTOOL=../../../libtool
+-OPT=-g -O2
++#OPT=
+ CC=gcc
+ 
+ # Omit DO_KRB5 or DO_SAMBA if you don't want to support it.
+-DEFS=-DDO_KRB5 -DDO_SAMBA
++#DEFS=
+ 
+-HEIMDAL_INC=-I/usr/heimdal/include
++#KRB5_INC=
+ SSL_INC=
+ LDAP_INC=-I../../../include -I../../../servers/slapd
+-INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
++INCS=$(LDAP_INC) $(SSL_INC) $(KRB5_INC)
+ 
+-HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv
++KRB5_LIB=-lkrb5 -lkadm5srv
+ SSL_LIB=-lcrypto
+-LDAP_LIB=-lldap_r -llber
+-LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
+-
++LDAP_LIB=-L../../../libraries/libldap_r -lldap_r -llber
++ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS)))
++	LIBS=$(LDAP_LIB) $(SSL_LIB)
++else
++	LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB)
++endif
++	
+ all:	smbk5pwd.la
+ 
+ 
+ smbk5pwd.lo:	smbk5pwd.c
+-	$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
++	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(DEFS) $(INCS) -c $?
+ 
+ smbk5pwd.la:	smbk5pwd.lo
+-	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
+-	-rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS)
++	$(LIBTOOL) --mode=link $(CC) $(CFLAGS) -version-info 0:0:0 \
++	-rpath $(moduledir) -module -o $@ $? $(LIBS)
++
++install-mod:
++	$(LIBTOOL) --mode=install ../../../build/shtool install -c \
++	-m 755 smbk5pwd.la $(DESTDIR)$(moduledir)

net-nds/openldap/files/openldap-2.3.34-slapd-conf

@@ -0,0 +1,64 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include		/etc/openldap/schema/core.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral	ldap://root.openldap.org
+
+pidfile		/var/run/openldap/slapd.pid
+argsfile	/var/run/openldap/slapd.args
+
+# Load dynamic backend modules:
+###INSERTDYNAMICMODULESHERE###
+
+# Sample security restrictions
+#	Require integrity protection (prevent hijacking)
+#	Require 112-bit (3DES or better) encryption for updates
+#	Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+#	Root DSE: allow anyone to read it
+#	Subschema (sub)entry DSE: allow anyone to read it
+#	Other DSEs:
+#		Allow self write access
+#		Allow authenticated users read access
+#		Allow anonymous users to authenticate
+#	Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+#	by self write
+#	by users read
+#	by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# BDB database definitions
+#######################################################################
+
+database	hdb
+suffix		"dc=my-domain,dc=com"
+#         <kbyte> <min>
+checkpoint	32	30 
+rootdn		"cn=Manager,dc=my-domain,dc=com"
+# Cleartext passwords, especially for the rootdn, should
+# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw		secret
+# The database directory MUST exist prior to running slapd AND 
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory	/var/lib/openldap-data
+# Indices to maintain
+index	objectClass	eq

net-nds/openldap/files/openldap-2.3.37-libldap_r.patch

@@ -0,0 +1,21 @@
+--- libraries/libldap_r/Makefile.in.old	2007-01-02 22:43:50.000000000 +0100
++++ libraries/libldap_r/Makefile.in	2007-08-22 13:32:20.000000000 +0200
+@@ -56,7 +56,7 @@
+ XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
+ XXXLIBS = $(LTHREAD_LIBS)
+ NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
++UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS)
+ 
+ .links : Makefile
+ 	@for i in $(XXSRCS); do \
+--- servers/slapd/slapi/Makefile.in.old	2007-01-02 22:44:10.000000000 +0100
++++ servers/slapd/slapi/Makefile.in	2007-08-22 14:58:51.000000000 +0200
+@@ -37,6 +37,7 @@
+ XLIBS = $(LIBRARY)
+ XXLIBS = 
+ NT_LINK_LIBS = $(AC_LIBS)
++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
+ 
+ XINCPATH = -I$(srcdir)/.. -I$(srcdir)
+ XDEFS = $(MODULES_CPPFLAGS)

net-nds/openldap/files/openldap-2.3.XY-gcc44.patch

@@ -0,0 +1,30 @@
+--- include/ldap_pvt_thread.h	2009-04-03 08:51:30.000000000 -0400
++++ include/ldap_pvt_thread.h	2009-04-03 08:56:36.000000000 -0400
+@@ -57,12 +57,12 @@
+ 
+ #ifndef LDAP_PVT_THREAD_H_DONE
+ #define	LDAP_PVT_THREAD_SET_STACK_SIZE
+-#ifndef LDAP_PVT_THREAD_STACK_SIZE
+-	/* LARGE stack. Will be twice as large on 64 bit machine. */
+-#define LDAP_PVT_THREAD_STACK_SIZE	( 1 * 1024 * 1024 * sizeof(void *) )
+ /* May be explicitly defined to zero to disable it */
+-#elif LDAP_PVT_THREAD_STACK_SIZE == 0
++#if defined( LDAP_PVT_THREAD_STACK_SIZE ) && LDAP_PVT_THREAD_STACK_SIZE == 0
+ #undef LDAP_PVT_THREAD_SET_STACK_SIZE
++#elif !defined(LDAP_PVT_THREAD_STACK_SIZE)
++	/* LARGE stack. Will be twice as large on 64 bit machine. */
++#define LDAP_PVT_THREAD_STACK_SIZE	( 1 * 1024 * 1024 * sizeof(void *) )
+ #endif
+ #endif /* !LDAP_PVT_THREAD_H_DONE */
+ 
+--- libraries/libldap/os-ip.c	2009-04-03 08:51:30.000000000 -0400
++++ libraries/libldap/os-ip.c	2009-04-03 08:54:47.000000000 -0400
+@@ -652,7 +652,7 @@
+ 		char *herr;
+ #ifdef NI_MAXHOST
+ 		char hbuf[NI_MAXHOST];
+-#elif defined( MAXHOSTNAMELEN
++#elif defined( MAXHOSTNAMELEN )
+ 		char hbuf[MAXHOSTNAMELEN];
+ #else
+ 		char hbuf[256];

net-nds/openldap/files/openldap-2.4.17-contrib-smbk5pwd.patch

@@ -0,0 +1,61 @@
+diff -Nuar --exclude 'openldap-2.4*' --exclude p -I '$OpenLDAP' openldap-2.4.17.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.17/contrib/slapd-modules/smbk5pwd/Makefile
+--- openldap-2.4.17.orig/contrib/slapd-modules/smbk5pwd/Makefile	2009-04-27 16:36:57.000000000 -0700
++++ openldap-2.4.17/contrib/slapd-modules/smbk5pwd/Makefile	2009-07-27 15:00:37.097428029 -0700
+@@ -9,37 +9,43 @@
+ # top-level directory of the distribution or, alternatively, at
+ # <http://www.OpenLDAP.org/license.html>.
+ 
++#libexecdir=/usr/lib/openldap
++moduledir=$(libexecdir)
+ LIBTOOL=../../../libtool
+-OPT=-g -O2
++#OPT=
+ CC=gcc
+ 
+ # Omit DO_KRB5 or DO_SAMBA if you don't want to support it.
+-DEFS=-DDO_KRB5 -DDO_SAMBA
++#DEFS=
+ 
+-HEIMDAL_INC=-I/usr/heimdal/include
++#KRB5_INC=
+ SSL_INC=
+ LDAP_INC=-I../../../include -I../../../servers/slapd
+-INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
++INCS=$(LDAP_INC) $(SSL_INC) $(KRB5_INC)
+ 
+-HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv
++KRB5_LIB=-lkrb5 -lkadm5srv
+ SSL_LIB=-lcrypto
+-LDAP_LIB=-lldap_r -llber
+-LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
+-
++LDAP_LIB=-L../../../libraries/libldap_r -lldap_r -llber
++ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS)))
++	LIBS=$(LDAP_LIB) $(SSL_LIB)
++else
++	LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB)
++endif
++	
+ all:	smbk5pwd.la
+ 
+ 
+ smbk5pwd.lo:	smbk5pwd.c
+-	$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
++	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(DEFS) $(INCS) -c $?
+ 
+ smbk5pwd.la:	smbk5pwd.lo
+-	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
+-	-rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)
++	$(LIBTOOL) --mode=link $(CC) $(CFLAGS) -version-info 0:0:0 \
++	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+ 
+ clean:
+ 	rm -f smbk5pwd.lo smbk5pwd.la
+ 
+ install: smbk5pwd.la
+-	mkdir -p $(PREFIX)/lib/openldap
+-	$(LIBTOOL) --mode=install cp smbk5pwd.la $(PREFIX)/lib/openldap
+-	$(LIBTOOL) --finish $(PREFIX)/lib
++	mkdir -p $(DESTDIR)$(moduledir)
++	$(LIBTOOL) --mode=install cp smbk5pwd.la $(DESTDIR)$(moduledir)
++	$(LIBTOOL) --finish $(DESTDIR)$(libexecdir)

net-nds/openldap/files/openldap-2.4.22.ebuild.diff

@@ -1,5 +1,5 @@
 --- /usr/portage/net-nds/openldap/openldap-2.4.21.ebuild	2010-04-11 17:14:48.000000000 +0200
-+++ openldap-2.4.22.ebuild	2010-06-03 05:27:07.963282627 +0200
++++ openldap-2.4.23.ebuild	2010-06-03 05:27:07.963282627 +0200
 @@ -17,7 +17,7 @@
  IUSE_BACKEND="+berkdb"
  IUSE_OVERLAY="overlays perl"

net-nds/openldap/files/slapd-initd

@@ -0,0 +1,21 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd,v 1.3 2009/07/28 21:28:25 robbat2 Exp $
+
+depend() {
+	need net
+	before dbus hald avahi-daemon
+}
+
+start() {
+	ebegin "Starting ldap-server"
+	eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ldap-server"
+	start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid 
+	eend $?
+}