Author: hawk Date: Thu Feb 2 08:44:11 2006 GMT Module: SOURCES Tag: HEAD ---- Log message: b779906d657d63794144cabe2bf978b8 openssh-lpk-4.1p1-0.3.6.patch
---- Files affected: SOURCES: openssh-lpk-4.1p1-0.3.6.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/openssh-lpk-4.1p1-0.3.6.patch diff -u /dev/null SOURCES/openssh-lpk-4.1p1-0.3.6.patch:1.1 --- /dev/null Thu Feb 2 09:44:11 2006 +++ SOURCES/openssh-lpk-4.1p1-0.3.6.patch Thu Feb 2 09:44:06 2006 @@ -0,0 +1,1822 @@ +diff -Nru -x Makefile -x 'buildpkg.*' -x opensshd.init -x 'ssh_prng_*' openssh-4.1p1/Makefile.in openssh-4.1p1-lpk/Makefile.in +--- openssh-4.1p1/Makefile.in 2005-02-26 00:12:38.000000000 +0100 ++++ openssh-4.1p1-lpk/Makefile.in 2005-07-07 18:14:03.000000000 +0200 +@@ -86,7 +86,7 @@ + auth-krb5.o \ + auth2-gss.o gss-serv.o gss-serv-krb5.o \ + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ +- audit.o audit-bsm.o ++ audit.o audit-bsm.o ldapauth.o + + MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out + MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 +diff -Nru -x Makefile -x 'buildpkg.*' -x opensshd.init -x 'ssh_prng_*' openssh-4.1p1/README.lpk openssh-4.1p1-lpk/README.lpk +--- openssh-4.1p1/README.lpk 1970-01-01 01:00:00.000000000 +0100 ++++ openssh-4.1p1-lpk/README.lpk 2005-07-07 18:14:03.000000000 +0200 +@@ -0,0 +1,260 @@ ++OpenSSH LDAP PUBLIC KEY PATCH ++Copyright (c) 2003 Eric AUGE ([EMAIL PROTECTED]) ++All rights reserved. ++ ++Redistribution and use in source and binary forms, with or without ++modification, are permitted provided that the following conditions ++are met: ++1. Redistributions of source code must retain the above copyright ++ notice, this list of conditions and the following disclaimer. ++2. Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++3. The name of the author may not be used to endorse or promote products ++ derived from this software without specific prior written permission. ++ ++THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ ++purposes of this patch: ++ ++This patch would help to have authentication centralization policy ++using ssh public key authentication. ++This patch could be an alternative to other "secure" authentication system ++working in a similar way (Kerberos, SecurID, etc...), except the fact ++that it's based on OpenSSH and its public key abilities. ++ ++>> FYI: << ++'uid': means unix accounts existing on the current server ++'lpkServerGroup:' mean server group configured on the current server ('lpkServerGroup' in sshd_config) ++ ++example schema: ++ ++ ++ server1 (uid: eau,rival,toto) (lpkServerGroup: unix) ++ ___________ / ++ / \ --- - server3 (uid: eau, titi) (lpkServerGroup: unix) ++ | LDAP Server | \ ++ | eau ,rival | server2 (uid: rival, eau) (lpkServerGroup: unix) ++ | titi ,toto | ++ | userx,.... | server5 (uid: eau) (lpkServerGroup: mail) ++ \___________/ \ / ++ ----- - server4 (uid: eau, rival) (no group configured) ++ \ ++ etc... ++ ++- WHAT WE NEED : ++ ++ * configured LDAP server somewhere on the network (i.e. OpenLDAP) ++ * patched sshd (with this patch ;) ++ * LDAP user(/group) entry (look at users.ldif (& groups.ldif)): ++ User entry: ++ - attached to the 'ldapPublicKey' objectclass ++ - attached to the 'posixAccount' objectclass ++ - with a filled 'sshPublicKey' attribute ++ Example: ++ dn: uid=eau,ou=users,dc=cuckoos,dc=net ++ objectclass: top ++ objectclass: person ++ objectclass: organizationalPerson ++ objectclass: posixAccount ++ objectclass: ldapPublicKey ++ description: Eric AUGE Account ++ userPassword: blah ++ cn: Eric AUGE ++ sn: Eric AUGE ++ uid: eau ++ uidNumber: 1034 ++ gidNumber: 1 ++ homeDirectory: /export/home/eau ++ sshPublicKey: ssh-dss AAAAB3... ++ sshPublicKey: ssh-dss AAAAM5... ++ ++ Group entry: ++ - attached to the 'posixGroup' objectclass ++ - with a 'cn' groupname attribute ++ - with multiple 'memberUid' attributes filled with usernames allowed in this group ++ Example: ++ # few members ++ dn: cn=unix,ou=groups,dc=cuckoos,dc=net ++ objectclass: top ++ objectclass: posixGroup ++ description: Unix based servers group ++ cn: unix ++ gidNumber: 1002 ++ memberUid: eau ++ memberUid: user1 ++ memberUid: user2 ++ ++ ++- HOW IT WORKS : ++ ++ * without patch ++ If a user wants to authenticate to log in a server the sshd, will first look for authentication method allowed (RSAauth,kerberos,etc..) ++ and if RSAauth and tickets based auth fails, it will fallback to standard password authentication (if enabled). ++ ++ * with the patch ++ If a user want to authenticate to log in a server, the sshd will first look for auth method including LDAP pubkey, if the ldappubkey options is enabled. ++ It will do an ldapsearch to get the public key directly from the LDAP instead of reading it from the server filesystem. ++ (usually in $HOME/.ssh/authorized_keys) ++ ++ If groups are enabled, it will also check if the user that wants to login is in the group of the server he is trying to log into. ++ If it fails, it falls back on RSA auth files ($HOME/.ssh/authorized_keys), etc.. and finally to standard password authentication (if enabled). ++ ++ 7 tokens are added to sshd_config : ++ # here is the new patched ldap related tokens ++ # entries in your LDAP must be posixAccount & strongAuthenticationUser & posixGroup ++ UseLPK yes # look the pub key into LDAP ++ LpkServers ldap://10.31.32.5/ ldap://10.31.32.4 ldap://10.31.32.3 # which LDAP server for users ? (URL format) ++ LpkUserDN ou=users,dc=foobar,dc=net # which base DN for users ? ++ LpkGroupDN ou=groups,dc=foobar,dc=net # which base DN for groups ? ++ LpkBindDN cn=manager,dc=foobar,dc=net # which bind DN ? ++ LpkBindPw asecret # bind DN credidentials ++ LpkServerGroup agroupname # the group the server is part of ++ ++ Right now i'm using anonymous binding to get public keys, because getting public keys of someone doesn't impersonate him¸ but there is some ++ flaws you have to take care of. ++ ++- HOW TO INSERT A USER/KEY INTO AN LDAP ENTRY ++ ++ * my way (there is plenty :) ++ - create ldif file (i.e. users.ldif) ++ - cat ~/.ssh/id_dsa.pub OR cat ~/.ssh/id_rsa.pub OR cat ~/.ssh/identity.pub ++ - my way in 4 steps : ++ Example: ++ ++ # you add this to the user entry in the LDIF file : ++ [...] ++ objectclass: posixAccount ++ objectclass: ldapPublicKey ++ [...] ++ sshPubliKey: ssh-dss AAAABDh12DDUR2... ++ [...] ++ ++ # insert your entry and you're done :) ++ ldapadd -D balblabla -w bleh < file.ldif ++ ++ all standard options can be present in the 'sshPublicKey' attribute. ++ ++- WHY : ++ ++ Simply because, i was looking for a way to centralize all sysadmins authentication, easily, without completely using LDAP ++ as authentication method (like pam_ldap etc..). ++ ++ After looking into Kerberos, SecurID, and other centralized secure authentications systems, the use of RSA and LDAP to get ++ public key for authentication allows us to control who has access to which server (the user needs an account and to be in 'strongAuthenticationUser' ++ objectclass within LDAP and part of the group the SSH server is in). ++ ++ Passwords update are no longer a nightmare for a server farm (key pair passphrase is stored on each user's box and private key is locally encrypted using his passphrase ++ so each user can change it as much as he wants). ++ ++ Blocking a user account can be done directly from the LDAP (if sshd is using RSAAuth + ldap only). ++ ++- RULES : ++ Entry in the LDAP server must respect 'posixAccount' and 'ldapPublicKey' which are defined in core.schema. ++ and the additionnal lpk.schema. ++ ++ This patch could allow a smooth transition between standard auth (/etc/passwd) and complete LDAP based authentication ++ (pamldap, nss_ldap, etc..). ++ ++ This can be an alternative to other (old?/expensive?) authentication methods (Kerberos/SecurID/..). ++ ++ Referring to schema at the beginning of this file if user 'eau' is only in group 'unix' ++ 'eau' would ONLY access 'server1', 'server2', 'server3' AND 'server4' BUT NOT 'server5'. ++ If you then modify the LDAP 'mail' group entry to add 'memberUid: eau' THEN user 'eau' would be able ++ to log in 'server5' (i hope you got the idea, my english is bad :). ++ ++ Each server's sshd is patched and configured to ask the public key and the group infos in the LDAP ++ server. ++ When you want to allow a new user to have access to the server parc, you just add him an account on ++ your servers, you add his public key into his entry on the LDAP server, it's done. ++ ++ Because sshds are looking public keys into the LDAP directly instead of a file ($HOME/.ssh/authorized_keys). ++ ++ When the user needs to change his passphrase he can do it directly from his workstation by changing ++ his own key set lock passphrase, and all servers are automatically aware. ++ ++ With a CAREFUL LDAP server configuration you could allow a user to add/delete/modify his own entry himself ++ so he can add/modify/delete himself his public key when needed. ++ ++ FLAWS : ++ LDAP must be well configured, getting the public key of some user is not a problem, but if anonymous LDAP ++ allow write to users dn, somebody could replace someuser's public key by its own and impersonate some ++ of your users in all your server farm be VERY CAREFUL. ++ ++ MITM attack when sshd is requesting the public key, could lead to a compromise of your servers allowing login ++ as the impersonnated user. ++ ++ If LDAP server is down then, fallback on passwd auth. ++ ++ the ldap code part has not been well audited yet. ++ ++- LDAP USER ENTRY EXAMPLES (LDIF Format, look in users.ldif) ++ --- CUT HERE --- ++ dn: uid=jdoe,ou=users,dc=foobar,dc=net ++ objectclass: top ++ objectclass: person ++ objectclass: organizationalPerson ++ objectclass: posixAccount ++ objectclass: ldapPublicKey ++ description: My account ++ cn: John Doe ++ sn: John Doe ++ uid: jdoe ++ uidNumber: 100 ++ gidNumber: 100 ++ homeDirectory: /home/jdoe ++ sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAAEBAOvL8pREUg9wSy/8+hQJ54YF3AXkB0OZrXB.... ++ [...] ++ --- CUT HERE --- ++ ++- LDAP GROUP ENTRY EXAMPLES (LDIF Format, look in groups.ldif) ++ --- CUT HERE --- ++ dn: cn=unix,ou=groups,dc=cuckoos,dc=net ++ objectclass: top ++ objectclass: posixGroup ++ description: Unix based servers group ++ cn: unix ++ gidNumber: 1002 ++ memberUid: jdoe ++ memberUid: user1 ++ memberUid: user2 ++ [...] ++ --- CUT HERE --- ++ ++>> FYI: << ++Multiple 'sshPublicKey' in a user entry are allowed, as well as multiple 'memberUid' attributes in a group entry ++ ++- COMPILING: ++ 1. Apply the patch ++ 1. ./configure --with-your-options --with-libs="-lldap" --with-ldflags="-L/path/to/your/openldap/lib" --with-cppflags="-I/path/to/your/openldap/include -DWITH_LDAP_PUBKEY" ++ 3. make ++ 4. it's done. ++ ++- BLA : ++ I hope this could help, and i hope to be clear enough,, or give ideas. questions/comments/improvements are welcome. ++ ++- TODO : ++ - filters in the LDAP URL so ppl can choose on others criteria as well ++ - TLS support ++ - auto provisionning ++ - new schema ([EMAIL PROTECTED] idea) ++ ++- CONTRIBUTORS/IDEAS/GREETS : ++ - Falk Siemonsmeier -> 3.7 patch port candidate ++ - Jacob Rief -> ideas (group && cleanups) ++ - [EMAIL PROTECTED] -> Bugfixes thanks ;) ++ - [EMAIL PROTECTED] -> X509 keys LDAP patch (old) ++ - oink -> bugfixes ++ - finlay dobbie -> new fresh start with this guy :) ++ ++- CONTACT : ++ - Eric AUGE <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> +diff -Nru -x Makefile -x 'buildpkg.*' -x opensshd.init -x 'ssh_prng_*' openssh-4.1p1/auth-rsa.c openssh-4.1p1-lpk/auth-rsa.c +--- openssh-4.1p1/auth-rsa.c 2004-12-11 03:39:50.000000000 +0100 ++++ openssh-4.1p1-lpk/auth-rsa.c 2005-07-07 18:14:03.000000000 +0200 +@@ -160,10 +160,96 @@ + u_long linenum = 0; + struct stat st; + Key *key; ++#ifdef WITH_LDAP_PUBKEY ++ ldap_key_t * k; ++ int i = 0; ++#endif + + /* Temporarily use the user's uid. */ + temporarily_use_uid(pw); + ++#ifdef WITH_LDAP_PUBKEY ++ /* here is the job */ ++ key = key_new(KEY_RSA1); ++ ++ if (options.lpk.on) { ++ debug("[LDAP] trying LDAP first uid=%s", pw->pw_name); ++ if ( ldap_ismember(&options.lpk, pw->pw_name) > 0) { ++ if ( (k = ldap_getuserkey(&options.lpk, pw->pw_name)) != NULL) { ++ for (i = 0 ; i < k->num ; i++) { ++ char *cp, *options = NULL; ++ ++ for (cp = k->keys[i]; *cp == ' ' || *cp == '\t'; cp++) ++ ; ++ if (!*cp || *cp == '\n' || *cp == '#') ++ continue; ++ ++ /* ++ * Check if there are options for this key, and if so, ++ * save their starting address and skip the option part ++ * for now. If there are no options, set the starting ++ * address to NULL. ++ */ ++ if (*cp < '0' || *cp > '9') { ++ int quoted = 0; ++ options = cp; ++ for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { ++ if (*cp == '\\' && cp[1] == '"') ++ cp++; /* Skip both */ ++ else if (*cp == '"') ++ quoted = !quoted; ++ } ++ } else ++ options = NULL; ++ ++ /* Parse the key from the line. */ ++ if (hostfile_read_key(&cp, &bits, key) == 0) { ++ debug("[LDAP] line %d: non ssh1 key syntax", i); ++ continue; ++ } ++ /* cp now points to the comment part. */ ++ ++ /* Check if the we have found the desired key (identified by its modulus). */ ++ if (BN_cmp(key->rsa->n, client_n) != 0) ++ continue; ++ ++ /* check the real bits */ ++ if (bits != BN_num_bits(key->rsa->n)) ++ logit("[LDAP] Warning: ldap, line %lu: keysize mismatch: " ++ "actual %d vs. announced %d.", (unsigned long)i, BN_num_bits(key->rsa->n), bits); ++ ++ /* We have found the desired key. */ ++ /* ++ * If our options do not allow this key to be used, ++ * do not send challenge. ++ */ ++ if (!auth_parse_options(pw, options, "[LDAP]", (unsigned long) i)) ++ continue; ++ ++ /* break out, this key is allowed */ ++ allowed = 1; ++ ++ /* add the return stuff etc... */ ++ /* Restore the privileged uid. */ ++ restore_uid(); ++ ++ /* return key if allowed */ ++ if (allowed && rkey != NULL) ++ *rkey = key; ++ else ++ key_free(key); ++ ++ ldap_keys_free(k); ++ return (allowed); ++ } ++ } else { ++ logit("[LDAP] no keys found for '%s'!", pw->pw_name); ++ } ++ } else { ++ logit("[LDAP] '%s' is not in '%s'", pw->pw_name, options.lpk.sgroup); ++ } ++ } ++#endif + /* The authorized keys. */ + file = authorized_keys_file(pw); + debug("trying public RSA key file %s", file); +diff -Nru -x Makefile -x 'buildpkg.*' -x opensshd.init -x 'ssh_prng_*' openssh-4.1p1/auth2-pubkey.c openssh-4.1p1-lpk/auth2-pubkey.c +--- openssh-4.1p1/auth2-pubkey.c 2004-12-11 03:39:50.000000000 +0100 ++++ openssh-4.1p1-lpk/auth2-pubkey.c 2005-07-07 18:14:03.000000000 +0200 +@@ -43,6 +43,10 @@ + #include "monitor_wrap.h" + #include "misc.h" + ++#ifdef WITH_LDAP_PUBKEY ++#include "ldapauth.h" ++#endif ++ + /* import */ + extern ServerOptions options; + extern u_char *session_id2; +@@ -176,10 +180,79 @@ + struct stat st; + Key *found; + char *fp; ++#ifdef WITH_LDAP_PUBKEY ++ ldap_key_t * k; ++ int i = 0; ++#endif + + /* Temporarily use the user's uid. */ + temporarily_use_uid(pw); + ++#ifdef WITH_LDAP_PUBKEY ++ found_key = 0; ++ /* allocate a new key type */ ++ found = key_new(key->type); ++ ++ /* first check if the options is enabled, then try.. */ ++ if (options.lpk.on) { ++ debug("[LDAP] trying LDAP first uid=%s",pw->pw_name); ++ if (ldap_ismember(&options.lpk, pw->pw_name) > 0) { ++ if ((k = ldap_getuserkey(&options.lpk, pw->pw_name)) != NULL) { ++ /* Skip leading whitespace, empty and comment lines. */ ++ for (i = 0 ; i < k->num ; i++) { ++ /* dont forget if multiple keys to reset options */ ++ char *cp, *options = NULL; ++ ++ for (cp = (char *)k->keys[i]; *cp == ' ' || *cp == '\t'; cp++) ++ ; ++ if (!*cp || *cp == '\n' || *cp == '#') ++ continue; ++ ++ if (key_read(found, &cp) != 1) { ++ /* no key? check if there are options for this key */ ++ int quoted = 0; ++ debug2("[LDAP] user_key_allowed: check options: '%s'", cp); ++ options = cp; ++ for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { ++ if (*cp == '\\' && cp[1] == '"') ++ cp++; /* Skip both */ ++ else if (*cp == '"') ++ quoted = !quoted; ++ } ++ /* Skip remaining whitespace. */ ++ for (; *cp == ' ' || *cp == '\t'; cp++) ++ ; ++ if (key_read(found, &cp) != 1) { ++ debug2("[LDAP] user_key_allowed: advance: '%s'", cp); ++ /* still no key? advance to next line*/ ++ continue; ++ } ++ } ++ ++ if (key_equal(found, key) && ++ auth_parse_options(pw, options, file, linenum) == 1) { ++ found_key = 1; ++ debug("[LDAP] matching key found"); ++ fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); ++ verbose("[LDAP] Found matching %s key: %s", key_type(found), fp); ++ ++ /* restoring memory */ ++ ldap_keys_free(k); ++ xfree(fp); ++ restore_uid(); ++ key_free(found); ++ return found_key; ++ break; ++ } ++ }/* end of LDAP for() */ ++ } else { ++ logit("[LDAP] no keys found for '%s'!", pw->pw_name); ++ } ++ } else { ++ logit("[LDAP] '%s' is not in '%s'", pw->pw_name, options.lpk.sgroup); ++ } ++ } ++#endif + debug("trying public key file %s", file); + + /* Fail quietly if file does not exist */ +diff -Nru -x Makefile -x 'buildpkg.*' -x opensshd.init -x 'ssh_prng_*' openssh-4.1p1/config.h.in openssh-4.1p1-lpk/config.h.in +--- openssh-4.1p1/config.h.in 2005-05-25 14:26:09.000000000 +0200 ++++ openssh-4.1p1-lpk/config.h.in 2005-07-07 18:14:03.000000000 +0200 +@@ -274,6 +274,9 @@ + /* Define if you want TCP Wrappers support */ + #undef LIBWRAP + ++/* Define if you want LDAP support */ ++#undef WITH_LDAP_PUBKEY ++ + /* Define if your libraries define login() */ + #undef HAVE_LOGIN + +diff -Nru -x Makefile -x 'buildpkg.*' -x opensshd.init -x 'ssh_prng_*' openssh-4.1p1/configure openssh-4.1p1-lpk/configure +--- openssh-4.1p1/configure 2005-05-25 14:26:12.000000000 +0200 ++++ openssh-4.1p1-lpk/configure 2005-07-07 18:14:35.000000000 +0200 +@@ -873,6 +873,7 @@ + --with-tcp-wrappers[=PATH] Enable tcpwrappers support (optionally in PATH) + --with-libedit[=PATH] Enable libedit support for sftp + --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm) ++ --with-ldap[=PATH] Enable LDAP support (optionally in PATH) + --with-pam Enable PAM support + --with-ssl-dir=PATH Specify path to OpenSSL installation + --with-rand-helper Use subprocess to gather strong randomness +@@ -10521,6 +10522,88 @@ + + fi; + ++# Check whether user wants LDAP support ++LDAP_MSG="no" ++ ++# Check whether --with-ldap or --without-ldap was given. ++if test "${with_ldap+set}" = set; then ++ withval="$with_ldap" ++ ++ if test "x$withval" != "xno" ; then ++ ++ if test "x$withval" != "xyes" ; then ++ CPPFLAGS="$CPPFLAGS -I${withval}/include" ++ LDFLAGS="$LDFLAGS -L${withval}/lib" ++ fi ++ ++ cat >>confdefs.h <<\_ACEOF ++#define WITH_LDAP_PUBKEY 1 ++_ACEOF ++ ++ LIBS="-lldap $LIBS" ++ LDAP_MSG="yes" ++ ++ echo "$as_me:$LINENO: checking for LDAP support" >&5 ++echo $ECHO_N "checking for LDAP support... $ECHO_C" >&6 ++ cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++#include <sys/types.h> ++ #include <ldap.h> ++int ++main () ++{ ++(void)ldap_init(0, 0); ++ ; ++ return 0; ++} ++_ACEOF ++rm -f conftest.$ac_objext ++if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 ++ (eval $ac_compile) 2>conftest.er1 ++ ac_status=$? ++ grep -v '^ *+' conftest.er1 >conftest.err ++ rm -f conftest.er1 ++ cat conftest.err >&5 ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } && ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; } && ++ { ac_try='test -s conftest.$ac_objext' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; }; then ++ echo "$as_me:$LINENO: result: yes" >&5 ++echo "${ECHO_T}yes" >&6 ++else ++ echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++ ++ echo "$as_me:$LINENO: result: no" >&5 ++echo "${ECHO_T}no" >&6 ++ { { echo "$as_me:$LINENO: error: ** Incomplete or missing ldap libraries **" >&5 ++echo "$as_me: error: ** Incomplete or missing ldap libraries **" >&2;} ++ { (exit 1); exit 1; }; } ++ ++ ++fi ++rm -f conftest.err conftest.$ac_objext conftest.$ac_ext ++ fi ++ ++ ++fi; ++ + + + +@@ -26280,6 +26363,7 @@ + echo " Smartcard support: $SCARD_MSG" + echo " S/KEY support: $SKEY_MSG" + echo " TCP Wrappers support: $TCPW_MSG" ++echo " LDAP support: $LDAP_MSG" + echo " MD5 password support: $MD5_MSG" + echo " libedit support: $LIBEDIT_MSG" + echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" <<Diff was trimmed, longer than 597 lines>> _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit