[Bug 267056] net/openldap26-{server,client}: fix proper usage of FETCH/GSSAPI options

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 267056] net/openldap26-{server,client}: fix proper usage of FETCH/GSSAPI options"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 267056] net/openldap26-{server,client}: fix proper usage of FETCH/GSSAPI options"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 14 Oct 2022 17:35:23 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267056

            Bug ID: 267056
           Summary: net/openldap26-{server,client}: fix proper usage of
                    FETCH/GSSAPI options
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: michael.osipov@siemens.com

Created attachment 237304
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=237304&action=edit
Git-formatted patch

* FETCH_DESC is not present with client
* FETCH applies to *both* client and server since both slapd and client tools
use ldif_parse_line2() via libldap which can use libfetch
* GSSAPI is also required for the client as well since ldap*(1) commands can   
   be used to connect and authenticate to directory servers like Active
Directory       and OpenLDAP with Kerberos via SASL GSSAPI mechanism

I use especially openldap26-client for Active Directory access through shell,
msktutil and py-ldap as well.

Tested with default options on head and recent quarterly as well as these
options on in poudriere in and out.

In server these spots use functions which (ldif_fetch_url()/ldif_open_url())
which use libfetch:
========
./servers/slapd/entry.c:                rc = ldif_parse_line2( s, type+i,
vals+i, &freev );
./servers/slapd/overlays/retcode.c:                                            
if ( ldif_parse_line2( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ],
========

ldd dump for libfetch usage:
==============
nobody@123-release-amd64-default-ldadw_base:/usr/ports/net/openldap26-client %
ldd /usr/local/bin/ldapsearch
/usr/local/bin/ldapsearch:
        libldap.so.2 => /usr/local/lib/libldap.so.2 (0x800261000)
        liblber.so.2 => /usr/local/lib/liblber.so.2 (0x8002c6000)
        libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x8002d8000)
        libssl.so.111 => /usr/lib/libssl.so.111 (0x8002f8000)
        libcrypto.so.111 => /lib/libcrypto.so.111 (0x80039c000)
        libfetch.so.6 => /usr/lib/libfetch.so.6 (0x80068e000)
        libthr.so.3 => /lib/libthr.so.3 (0x8006a4000)
        libc.so.7 => /lib/libc.so.7 (0x8006d1000)
        libdl.so.1 => /usr/lib/libdl.so.1 (0x800ac9000)
nobody@123-release-amd64-default-ldadw_base:/usr/ports/net/openldap26-client %
ldd /usr/local/lib/libldap.so.2
/usr/local/lib/libldap.so.2:
        liblber.so.2 => /usr/local/lib/liblber.so.2 (0x8006d8000)
        libfetch.so.6 => /usr/lib/libfetch.so.6 (0x8006ea000)
        libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x800700000)
        libssl.so.111 => /usr/lib/libssl.so.111 (0x800720000)
        libcrypto.so.111 => /lib/libcrypto.so.111 (0x800e00000)
        libthr.so.3 => /lib/libthr.so.3 (0x8007c4000)
        libc.so.7 => /lib/libc.so.7 (0x80024e000)
        libdl.so.1 => /usr/lib/libdl.so.1 (0x8007f1000)

==============================================
nobody@123-release-amd64-default-openldap_gssapi_fix:/usr/local/sbin % ldd
slapadd
slapadd:
        libldap.so.2 => /usr/local/lib/libldap.so.2 (0x8003c8000)
        liblber.so.2 => /usr/local/lib/liblber.so.2 (0x80042d000)
        libltdl.so.7 => /usr/local/lib/libltdl.so.7 (0x80043f000)
        libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x80044c000)
        libcrypt.so.5 => /lib/libcrypt.so.5 (0x80046d000)
        libssl.so.111 => /usr/lib/libssl.so.111 (0x80048e000)
        libcrypto.so.111 => /lib/libcrypto.so.111 (0x800532000)
        libevent-2.1.so.7 => /usr/local/lib/libevent-2.1.so.7 (0x800824000)
        libfetch.so.6 => /usr/lib/libfetch.so.6 (0x80087a000)
        libthr.so.3 => /lib/libthr.so.3 (0x800890000)
        libc.so.7 => /lib/libc.so.7 (0x8008bd000)
        libdl.so.1 => /usr/lib/libdl.so.1 (0x800cb5000)
nobody@123-release-amd64-default-openldap_gssapi_fix:/usr/local/sbin % ldd
/usr/local/lib/libldap.so.2
/usr/local/lib/libldap.so.2:
        liblber.so.2 => /usr/local/lib/liblber.so.2 (0x8006d2000)
        libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x8006e4000)
        libssl.so.111 => /usr/lib/libssl.so.111 (0x800705000)
        libcrypto.so.111 => /lib/libcrypto.so.111 (0x800e00000)
        libthr.so.3 => /lib/libthr.so.3 (0x8007a9000)
        libc.so.7 => /lib/libc.so.7 (0x80024e000)
        libdl.so.1 => /usr/lib/libdl.so.1 (0x8007d6000)
=============

Willing to provide a PR for openldap25-* as well if this one gets merged.

-- 
You are receiving this mail because:
You are the assignee for the bug.