Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon Add ldap parameters debug...
details: https://anonhg.NetBSD.org/src/rev/1da911c3cfa7
branches: trunk
changeset: 978601:1da911c3cfa7
user: bouyer <bouyer%NetBSD.org@localhost>
date: Wed Nov 25 18:11:00 2020 +0000
description:
Add ldap parameters debug and timeout.
Fix bug when using URI (use correct len for malloc)
document ldap parameters uri, debug and timeout.
diffstat:
crypto/dist/ipsec-tools/src/racoon/cfparse.y | 22 +++++++++++++++++-
crypto/dist/ipsec-tools/src/racoon/cftoken.l | 4 ++-
crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c | 27 +++++++++++++++++++---
crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h | 4 ++-
crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 | 15 +++++++++++-
5 files changed, 62 insertions(+), 10 deletions(-)
diffs (188 lines):
diff -r 9390f218f6b9 -r 1da911c3cfa7 crypto/dist/ipsec-tools/src/racoon/cfparse.y
--- a/crypto/dist/ipsec-tools/src/racoon/cfparse.y Wed Nov 25 16:42:53 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cfparse.y Wed Nov 25 18:11:00 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cfparse.y,v 1.52 2020/11/25 16:42:53 bouyer Exp $ */
+/* $NetBSD: cfparse.y,v 1.53 2020/11/25 18:11:00 bouyer Exp $ */
/* Id: cfparse.y,v 1.66 2006/08/22 18:17:17 manubsd Exp */
@@ -296,7 +296,7 @@
/* listen */
%token LISTEN X_ISAKMP X_ISAKMP_NATT X_ADMIN STRICT_ADDRESS ADMINSOCK DISABLED
/* ldap config */
-%token LDAPCFG LDAP_URI LDAP_HOST LDAP_PORT LDAP_TLS LDAP_PVER LDAP_BASE LDAP_BIND_DN LDAP_BIND_PW LDAP_SUBTREE
+%token LDAPCFG LDAP_URI LDAP_HOST LDAP_PORT LDAP_TLS LDAP_PVER LDAP_DEBUG LDAP_TIMEOUT LDAP_BASE LDAP_BIND_DN LDAP_BIND_PW LDAP_SUBTREE
%token LDAP_ATTR_USER LDAP_ATTR_ADDR LDAP_ATTR_MASK LDAP_ATTR_GROUP LDAP_ATTR_MEMBER
/* radius config */
%token RADCFG RAD_AUTH RAD_ACCT RAD_TIMEOUT RAD_RETRIES
@@ -773,6 +773,24 @@
#endif
}
EOS
+ | LDAP_DEBUG NUMBER
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ xauth_ldap_config.debug = $2;
+#endif
+#endif
+ }
+ EOS
+ | LDAP_TIMEOUT NUMBER
+ {
+#ifdef ENABLE_HYBRID
+#ifdef HAVE_LIBLDAP
+ xauth_ldap_config.timeout = $2;
+#endif
+#endif
+ }
+ EOS
| LDAP_URI QUOTEDSTRING
{
#ifdef ENABLE_HYBRID
diff -r 9390f218f6b9 -r 1da911c3cfa7 crypto/dist/ipsec-tools/src/racoon/cftoken.l
--- a/crypto/dist/ipsec-tools/src/racoon/cftoken.l Wed Nov 25 16:42:53 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cftoken.l Wed Nov 25 18:11:00 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cftoken.l,v 1.28 2020/11/25 16:42:53 bouyer Exp $ */
+/* $NetBSD: cftoken.l,v 1.29 2020/11/25 18:11:00 bouyer Exp $ */
/* Id: cftoken.l,v 1.53 2006/08/22 18:17:17 manubsd Exp */
@@ -224,6 +224,8 @@
<S_INI>ldapcfg { BEGIN S_LDAP; YYDB; return(LDAPCFG); }
<S_LDAP>{bcl} { return(BOC); }
<S_LDAP>version { YYD; return(LDAP_PVER); }
+<S_LDAP>debug { YYD; return(LDAP_DEBUG); }
+<S_LDAP>timeout { YYD; return(LDAP_TIMEOUT); }
<S_LDAP>uri { YYD; return(LDAP_URI); }
<S_LDAP>host { YYD; return(LDAP_HOST); }
<S_LDAP>port { YYD; return(LDAP_PORT); }
diff -r 9390f218f6b9 -r 1da911c3cfa7 crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Nov 25 16:42:53 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Nov 25 18:11:00 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_xauth.c,v 1.32 2020/11/25 16:42:53 bouyer Exp $ */
+/* $NetBSD: isakmp_xauth.c,v 1.33 2020/11/25 18:11:00 bouyer Exp $ */
/* Id: isakmp_xauth.c,v 1.38 2006/08/22 18:17:17 manubsd Exp */
@@ -803,6 +803,8 @@
int error = -1;
xauth_ldap_config.pver = 3;
+ xauth_ldap_config.debug = 0;
+ xauth_ldap_config.timeout = -1;
xauth_ldap_config.uri = NULL;
xauth_ldap_config.host = NULL;
xauth_ldap_config.port = LDAP_PORT;
@@ -896,7 +898,7 @@
atlist[2] = NULL;
if (xauth_ldap_config.uri != NULL) {
- tmplen = strlen(xauth_ldap_config.host->v);
+ tmplen = strlen(xauth_ldap_config.uri->v);
init = racoon_malloc(tmplen);
if (init == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
@@ -918,6 +920,9 @@
xauth_ldap_config.host->v,
xauth_ldap_config.port );
}
+ /* initialize the debug level */
+ ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &xauth_ldap_config.debug);
+ ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &xauth_ldap_config.debug);
plog(LLV_DEBUG, LOCATION, NULL, "ldap URI: %s\n", init);
/* initialize the ldap handle */
@@ -933,12 +938,26 @@
if ((res = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
&xauth_ldap_config.pver)) != LDAP_OPT_SUCCESS) {
plog(LLV_ERROR, LOCATION, NULL,
- "LDAP_OPT_PROTOCOL_VERSION %s failed: %s\n",
+ "LDAP_OPT_PROTOCOL_VERSION %d failed: %s\n",
xauth_ldap_config.pver,
ldap_err2string(res));
goto ldap_end;
}
-
+
+ if (xauth_ldap_config.timeout > 0) {
+ static struct timeval timeout;
+ timeout.tv_sec = xauth_ldap_config.timeout;
+ timeout.tv_usec = 0;
+ if ((res = ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT,
+ (void *)&timeout)) != LDAP_OPT_SUCCESS) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "LDAP_OPT_NETWORK_TIMEOUT %d failed: %s\n",
+ xauth_ldap_config.timeout,
+ ldap_err2string(res));
+ goto ldap_end;
+ }
+ }
+
/* Enable TLS */
if (xauth_ldap_config.tls) {
res = ldap_start_tls_s(ld, NULL, NULL);
diff -r 9390f218f6b9 -r 1da911c3cfa7 crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h Wed Nov 25 16:42:53 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.h Wed Nov 25 18:11:00 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_xauth.h,v 1.9 2020/11/25 16:42:53 bouyer Exp $ */
+/* $NetBSD: isakmp_xauth.h,v 1.10 2020/11/25 18:11:00 bouyer Exp $ */
/* $KAME$ */
@@ -158,6 +158,8 @@
struct xauth_ldap_config {
int pver;
+ int debug;
+ int timeout;
vchar_t *uri;
vchar_t *host;
int port;
diff -r 9390f218f6b9 -r 1da911c3cfa7 crypto/dist/ipsec-tools/src/racoon/racoon.conf.5
--- a/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 Wed Nov 25 16:42:53 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 Wed Nov 25 18:11:00 2020 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: racoon.conf.5,v 1.68 2018/10/13 15:38:28 maxv Exp $
+.\" $NetBSD: racoon.conf.5,v 1.69 2020/11/25 18:11:00 bouyer Exp $
.\"
.\" Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp
.\"
@@ -29,7 +29,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd October 13, 2018
+.Dd November 25, 2020
.Dt RACOON.CONF 5
.Os
.\"
@@ -1349,6 +1349,14 @@
The port that the ldap server is configured to listen on.
The default is
.Ic 389 .
+.It Ic uri Ar (ldapuri) ;
+URI(s) referring to the ldap server(s); a list of URI, separated by
+whitespace or commas.
+It takes precedence over
+.Ic host/port .
+.It Ic timeout Ar (number) ;
+network timeout connecting to the ldap server(s).
+The default is the default connect timeout from the underlying protocol.
.It Ic tls (on | off) ;
Use TLS with the ldap server.
The default is
@@ -1393,6 +1401,9 @@
The attribute used to specify group membership in an ldap directory.
The default value is
.Ic member .
+.It Ic debug Ar (number) ;
+Set ldap debug level.
+The default value is 0.
.El
.El
.Ss Radius configuration settings
Home |
Main Index |
Thread Index |
Old Index