diff --git a/autofs-5.0.5-add-simple-bind-auth.patch b/autofs-5.0.5-add-simple-bind-auth.patch new file mode 100644 index 0000000..743f2f7 --- /dev/null +++ b/autofs-5.0.5-add-simple-bind-auth.patch @@ -0,0 +1,124 @@ +autofs-5.0.5 - add simple bind authentication + +From: James Y Knight + +This patch adds the ability to do a simple bind against an LDAP server with +the configured username and password. +--- + + CHANGELOG | 1 + + include/lookup_ldap.h | 1 + + modules/lookup_ldap.c | 21 +++++++++++++-------- + samples/autofs_ldap_auth.conf | 15 +++++++++------ + 4 files changed, 24 insertions(+), 14 deletions(-) + + +--- autofs-5.0.5.orig/CHANGELOG ++++ autofs-5.0.5/CHANGELOG +@@ -27,6 +27,7 @@ + - fix ampersand escape in auto.smb. + - add locality as valid ldap master map attribute. + - add locality as valid ldap master map attribute fix. ++- add simple bind authentication. + + 03/09/2009 autofs-5.0.5 + ----------------------- +--- autofs-5.0.5.orig/include/lookup_ldap.h ++++ autofs-5.0.5/include/lookup_ldap.h +@@ -97,6 +97,7 @@ struct lookup_context { + #define LDAP_AUTH_NOTREQUIRED 0x0001 + #define LDAP_AUTH_REQUIRED 0x0002 + #define LDAP_AUTH_AUTODETECT 0x0004 ++#define LDAP_AUTH_USESIMPLE 0x0008 + + /* lookup_ldap.c */ + LDAP *init_ldap_connection(unsigned logopt, const char *uri, struct lookup_context *ctxt); +--- autofs-5.0.5.orig/modules/lookup_ldap.c ++++ autofs-5.0.5/modules/lookup_ldap.c +@@ -137,11 +137,13 @@ static void uris_mutex_unlock(struct loo + return; + } + +-int bind_ldap_anonymous(unsigned logopt, LDAP *ldap, const char *uri, struct lookup_context *ctxt) ++int bind_ldap_simple(unsigned logopt, LDAP *ldap, const char *uri, struct lookup_context *ctxt) + { + int rv; + +- if (ctxt->version == 2) ++ if (ctxt->auth_required == LDAP_AUTH_USESIMPLE) ++ rv = ldap_simple_bind_s(ldap, ctxt->user, ctxt->secret); ++ else if (ctxt->version == 2) + rv = ldap_simple_bind_s(ldap, ctxt->base, NULL); + else + rv = ldap_simple_bind_s(ldap, NULL, NULL); +@@ -517,12 +519,12 @@ static int do_bind(unsigned logopt, LDAP + rv = autofs_sasl_bind(logopt, ldap, ctxt); + debug(logopt, MODPREFIX "autofs_sasl_bind returned %d", rv); + } else { +- rv = bind_ldap_anonymous(logopt, ldap, uri, ctxt); +- debug(logopt, MODPREFIX "ldap anonymous bind returned %d", rv); ++ rv = bind_ldap_simple(logopt, ldap, uri, ctxt); ++ debug(logopt, MODPREFIX "ldap simple bind returned %d", rv); + } + #else +- rv = bind_ldap_anonymous(logopt, ldap, uri, ctxt); +- debug(logopt, MODPREFIX "ldap anonymous bind returned %d", rv); ++ rv = bind_ldap_simple(logopt, ldap, uri, ctxt); ++ debug(logopt, MODPREFIX "ldap simple bind returned %d", rv); + #endif + + if (rv != 0) +@@ -971,11 +973,13 @@ int parse_ldap_config(unsigned logopt, s + auth_required = LDAP_AUTH_NOTREQUIRED; + else if (!strcasecmp(authrequired, "autodetect")) + auth_required = LDAP_AUTH_AUTODETECT; ++ else if (!strcasecmp(authrequired, "simple")) ++ auth_required = LDAP_AUTH_USESIMPLE; + else { + error(logopt, + MODPREFIX + "The authrequired property must have value " +- "\"yes\", \"no\" or \"autodetect\"."); ++ "\"yes\", \"no\", \"autodetect\", or \"simple\"."); + ret = -1; + goto out; + } +@@ -991,7 +995,8 @@ int parse_ldap_config(unsigned logopt, s + goto out; + } + +- if (authtype && authtype_requires_creds(authtype)) { ++ if (auth_required == LDAP_AUTH_USESIMPLE || ++ (authtype && authtype_requires_creds(authtype))) { + ret = get_property(logopt, root, "user", &user); + ret |= get_property(logopt, root, "secret", &secret); + if (ret != 0 || (!user || !secret)) { +--- autofs-5.0.5.orig/samples/autofs_ldap_auth.conf ++++ autofs-5.0.5/samples/autofs_ldap_auth.conf +@@ -17,17 +17,20 @@ tlsrequired - This flag tells whether + + authrequired - This option tells whether an authenticated connection to + the ldap server is required in order to perform ldap queries. +- If this flag is set to yes, then only authenticated connections ++ If the flag is set to yes, only sasl authenticated connections + will be allowed. If it is set to no then authentication is not +- needed for ldap server connections. Finally, if it is set to +- autodetect then the ldap server will be queried to establish +- a suitable authentication mechanism. If no suitable mechanism +- can be found, connections to the ldap server are made without +- authentication. ++ needed for ldap server connections. If it is set to autodetect ++ then the ldap server will be queried to establish a suitable ++ sasl authentication mechanism. If no suitable mechanism can be ++ found, connections to the ldap server are made without ++ authentication. Finally, if it is set to simple, then simple ++ authentication will be used instead of SASL. ++ + Legal values for this option include: + "yes" + "no" + "autodetect" ++ "simple" + + authtype - This attribute can be used to specify a preferred + authentication mechanism. In normal operations, the diff --git a/autofs-5.0.5-make-nfs4-default-for-redhat-replicated-selection.patch b/autofs-5.0.5-make-nfs4-default-for-redhat-replicated-selection.patch new file mode 100644 index 0000000..4f04f1a --- /dev/null +++ b/autofs-5.0.5-make-nfs4-default-for-redhat-replicated-selection.patch @@ -0,0 +1,25 @@ +autofs-5.0.5 - make nfs4 default for RedHat replicated selection configuration + +From: Ian Kent + +We know for sure that RHEL-6 and later is set to mount NFSv4 as default and +fall back to earlier NFS versions if it can't mount as NFSv4. So set our +default for replicated mount probing to start at NFSv4 instead of v3. +--- + + redhat/autofs.sysconfig.in | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + + +diff --git a/redhat/autofs.sysconfig.in b/redhat/autofs.sysconfig.in +index c72cd2b..a46335d 100644 +--- a/redhat/autofs.sysconfig.in ++++ b/redhat/autofs.sysconfig.in +@@ -40,6 +40,7 @@ BROWSE_MODE="no" + # used for single host map entries. + # + #MOUNT_NFS_DEFAULT_PROTOCOL=3 ++MOUNT_NFS_DEFAULT_PROTOCOL=4 + # + # APPEND_OPTIONS - append to global options instead of replace. + # diff --git a/autofs.spec b/autofs.spec index 967a2c4..d7a2c4e 100644 --- a/autofs.spec +++ b/autofs.spec @@ -4,7 +4,7 @@ Summary: A tool for automatically mounting and unmounting filesystems Name: autofs Version: 5.0.5 -Release: 24%{?dist} +Release: 25%{?dist} Epoch: 1 License: GPLv2+ Group: System Environment/Daemons @@ -37,6 +37,8 @@ Patch24: autofs-5.0.5-fix-get-qdn-fail.patch Patch25: autofs-5.0.5-fix-ampersand-escape-in-auto-smb.patch Patch26: autofs-5.0.5-add-locality-as-valid-ldap-master-map-attribute.patch Patch27: autofs-5.0.5-add-locality-as-valid-ldap-master-map-attribute-fix.patch +Patch28: autofs-5.0.5-make-nfs4-default-for-redhat-replicated-selection.patch +Patch29: autofs-5.0.5-add-simple-bind-auth.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf, hesiod-devel, openldap-devel, bison, flex, libxml2-devel, cyrus-sasl-devel, openssl-devel module-init-tools util-linux nfs-utils e2fsprogs libtirpc-devel Conflicts: cyrus-sasl-lib < 2.1.23-9 @@ -106,6 +108,8 @@ echo %{version}-%{release} > .version %patch25 -p1 %patch26 -p1 %patch27 -p1 +%patch28 -p1 +%patch29 -p1 %build #CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%{_libdir} @@ -158,6 +162,10 @@ fi %{_libdir}/autofs/ %changelog +* Wed Apr 7 2010 Ian Kent - 1:5.0.5-25.fc14 +- make nfs4 default for replicated selection configuration (bz579949). +- add simple bind authentication option (bz579951). + * Fri Mar 26 2010 Ian Kent - 1:5.0.5-24.fc14 - fix add locality as valid ldap master map attribute (bz575863).