net-nds/nsscache/files/nsscache-0.8.3-starttls.patch - platform/external/gentoo/overlays/gentoo - Git at Google

 Some LDAP configurations require STARTTLS, like the Gentoo infrastructure one.
 Add a new configuration file to do it.

 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

 diff -Nuar nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py nsscache-0.8.3/nss_cache/sources/ldapsource.py
 --- nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py	2008-09-08 18:31:58.000000000 -0700
 +++ nsscache-0.8.3/nss_cache/sources/ldapsource.py	2009-05-24 16:50:59.579112740 -0700
 @@ -76,6 +76,8 @@
        self.conn = rlo(uri=conf['uri'],
                        retry_max=conf['retry_max'],
                        retry_delay=conf['retry_delay'])
 +      if conf['tls_starttls'] == 1:
 +          self.conn.start_tls_s()
      else:
        self.conn = conn

 @@ -107,6 +109,8 @@
        configuration['tls_cacertdir'] = self.TLS_CACERTDIR
      if not 'tls_cacertfile' in configuration:
        configuration['tls_cacertfile'] = self.TLS_CACERTFILE
 +    if not 'tls_starttls' in configuration:
 +      configuration['tls_starttls'] = 0

      # Translate tls_require into appropriate constant, if necessary.
      if configuration['tls_require_cert'] == 'never':
 @@ -120,6 +124,13 @@
      elif configuration['tls_require_cert'] == 'try':
        configuration['tls_require_cert'] = ldap.OPT_X_TLS_TRY

 +    # Should we issue STARTTLS?
 +    if configuration['tls_starttls'] in (1, '1', 'on', 'yes', 'true'):
 +        configuration['tls_starttls'] = 1
 +    #if not configuration['tls_starttls']:
 +    else:
 +      configuration['tls_starttls'] = 0
 +
      # Setting global ldap defaults.
      ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
                      configuration['tls_require_cert'])
 diff -Nuar nsscache-0.8.3.orig/nsscache.conf nsscache-0.8.3/nsscache.conf
 --- nsscache-0.8.3.orig/nsscache.conf	2008-09-08 18:31:58.000000000 -0700
 +++ nsscache-0.8.3/nsscache.conf	2009-05-24 16:51:25.468374563 -0700
 @@ -70,6 +70,9 @@
  # Default filename for trusted CAs
  #ldap_tls_cacertfile = '/usr/share/ssl/cert.pem'

 +# Should we issue STARTTLS?
 +# ldap_tls_starttls = 1
 +

  ##
  # nssdb module defaults
	Some LDAP configurations require STARTTLS, like the Gentoo infrastructure one.
	Add a new configuration file to do it.

	Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

	diff -Nuar nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py nsscache-0.8.3/nss_cache/sources/ldapsource.py
	--- nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py 2008-09-08 18:31:58.000000000 -0700
	+++ nsscache-0.8.3/nss_cache/sources/ldapsource.py 2009-05-24 16:50:59.579112740 -0700
	@@ -76,6 +76,8 @@
	self.conn = rlo(uri=conf['uri'],
	retry_max=conf['retry_max'],
	retry_delay=conf['retry_delay'])
	+ if conf['tls_starttls'] == 1:
	+ self.conn.start_tls_s()
	else:
	self.conn = conn

	@@ -107,6 +109,8 @@
	configuration['tls_cacertdir'] = self.TLS_CACERTDIR
	if not 'tls_cacertfile' in configuration:
	configuration['tls_cacertfile'] = self.TLS_CACERTFILE
	+ if not 'tls_starttls' in configuration:
	+ configuration['tls_starttls'] = 0

	# Translate tls_require into appropriate constant, if necessary.
	if configuration['tls_require_cert'] == 'never':
	@@ -120,6 +124,13 @@
	elif configuration['tls_require_cert'] == 'try':
	configuration['tls_require_cert'] = ldap.OPT_X_TLS_TRY

	+ # Should we issue STARTTLS?
	+ if configuration['tls_starttls'] in (1, '1', 'on', 'yes', 'true'):
	+ configuration['tls_starttls'] = 1
	+ #if not configuration['tls_starttls']:
	+ else:
	+ configuration['tls_starttls'] = 0
	+
	# Setting global ldap defaults.
	ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
	configuration['tls_require_cert'])
	diff -Nuar nsscache-0.8.3.orig/nsscache.conf nsscache-0.8.3/nsscache.conf
	--- nsscache-0.8.3.orig/nsscache.conf 2008-09-08 18:31:58.000000000 -0700
	+++ nsscache-0.8.3/nsscache.conf 2009-05-24 16:51:25.468374563 -0700
	@@ -70,6 +70,9 @@
	# Default filename for trusted CAs
	#ldap_tls_cacertfile = '/usr/share/ssl/cert.pem'

	+# Should we issue STARTTLS?
	+# ldap_tls_starttls = 1
	+

	##
	# nssdb module defaults