From 143acfa1101a22e1192573ce65cab47c67949630 Mon Sep 17 00:00:00 2001 From: Guenther Deschner Date: Jan 31 2009 16:44:06 +0000 Subject: Add upstream fix for ldap connections to AD (Bug #6073). Guenther --- diff --git a/0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch b/0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch new file mode 100644 index 0000000..ec81796 --- /dev/null +++ b/0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch @@ -0,0 +1,37 @@ +From d332da87068cd72489941010a33e372ab53d3bcc Mon Sep 17 00:00:00 2001 +From: Michael Adam +Date: Thu, 29 Jan 2009 13:17:46 +0100 +Subject: [PATCH] fix bug #6073: prevent ads_connect() from using SSL unless explicitly requested + +This fixes "net ads join". +It copes with the changed default "ldap ssl = start tls". +A new boolean option "ldap ssl : ads" is added to allow for +explicitly requesting ssl with ads. + +Michael +--- + source/libads/ldap.c | 8 +++++--- + 1 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/source/libads/ldap.c b/source/libads/ldap.c +index f3bc2c5..5c95d4f 100644 +--- a/source/libads/ldap.c ++++ b/source/libads/ldap.c +@@ -672,9 +672,11 @@ got_connection: + + ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version); + +- status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version)); +- if (!ADS_ERR_OK(status)) { +- goto out; ++ if (lp_parm_bool(-1, "ldap ssl", "ads", false)) { ++ status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version)); ++ if (!ADS_ERR_OK(status)) { ++ goto out; ++ } + } + + /* fill in the current time and offsets */ +-- +1.6.0.2 + diff --git a/samba.spec b/samba.spec index ef2c421..2016f92 100644 --- a/samba.spec +++ b/samba.spec @@ -43,6 +43,7 @@ Patch104: samba-3.0.0rc3-nmbd-netbiosname.patch # The passwd part has been applied, but not the group part Patch107: samba-3.2.0pre1-grouppwd.patch Patch200: samba-3.2.5-inotify.patch +Patch201: 0001-fix-bug-6073-prevent-ads_connect-from-using-SSL.patch Requires(pre): samba-common = %{epoch}:%{samba_version}-%{release} Requires: pam >= 0:0.64 @@ -246,6 +247,7 @@ cp %{SOURCE11} packaging/Fedora/ #%patch104 -p1 -b .nmbd-netbiosname # FIXME: does not apply %patch107 -p1 -b .grouppwd %patch200 -p0 -b .inotify +%patch201 -p1 -b .ldap_ssl mv source/VERSION source/VERSION.orig sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{samba_release}\"/' < source/VERSION.orig > source/VERSION @@ -826,8 +828,9 @@ exit 0 %{_datadir}/pixmaps/samba/logo-small.png %changelog -* Fri Jan 30 2009 Guenther Deschner - 3.3.0-0.25 +* Sat Jan 31 2009 Guenther Deschner - 3.3.0-0.25 - Update to 3.3.0 final +- Add upstream fix for ldap connections to AD (Bug #6073) * Fri Nov 28 2008 Guenther Deschner - 3.3.0-0rc1.24 - Update to 3.3.0rc1