Attention: All pages of this wiki depend on the pages that come before it, in order as they are listed on the Main Page. Please check for Dependencies.
Please also look at What You Need to Know Before Using This Wiki

/usr/src/qmail-ldap-samba4.patch

From COCNM
Revision as of 16:27, 15 August 2017 by Bob (talk | contribs) (Notes/Caveats/Warnings)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Creditation

Notes/Caveats/Warnings

  • near the top are variables LDAPINCLUDES and LDAPLIBS. Make sure they point to the correct openldap version you just built
  • Made untested change to this patch for mailAlternateAddress 2014/02/14
    • Finally tested and fixed 2017.08.15

qmail-ldap 2012 patch

diff -Naur qmail-1.03/auth_dovecot.c qmail-1.03.patched/auth_dovecot.c
--- qmail-1.03/auth_dovecot.c	2012-12-23 23:10:27.401149120 -0800
+++ qmail-1.03.patched/auth_dovecot.c	2012-12-23 22:57:27.373184614 -0800
@@ -127,7 +127,9 @@
 void
 auth_init(int argc, char **argv, stralloc *login, stralloc *authdata)
 {
+#ifdef DEBUG
 	extern unsigned long loglevel;
+#endif
 	char		*l, *p;
 	unsigned int	uplen, u;
 	int		n, opt;
@@ -140,10 +142,12 @@
 		case 'd':
 			pbstool = optarg;
 			break;
+#ifdef DEBUG
 		case 'D':
 			scan_ulong(optarg, &loglevel);
 			loglevel &= ~256;	/* see auth_mod.c */
 			break;
+#endif
 		default:
 			auth_error(AUTH_CONF);
 		}
diff -Naur qmail-1.03/Makefile qmail-1.03.patched/Makefile
--- qmail-1.03/Makefile	2012-12-23 23:10:27.397148371 -0800
+++ qmail-1.03.patched/Makefile	2012-12-23 22:57:27.369184384 -0800
@@ -19,12 +19,12 @@
 # -DQMQP_COMPRESS to use the QMQP on the fly compression (for clusters)
 # -DQUOTATRASH to include the Trash in the quota calculation (normaly it is not)
 # -DSMTPEXECCHECK to enable smtp DOS/Windows executable detection
-#LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS -DQMQP_COMPRESS -DSMTPEXECCHECK
+LDAPFLAGS=-DALTQUEUE -DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS -DQMQP_COMPRESS -DSMTPEXECCHECK
 
 # Perhaps you have different ldap libraries, change them here
-LDAPLIBS=-L/usr/local/lib -lldap -llber
+LDAPLIBS=-L/usr/src/openldap-2.4.33/libraries -lldap -llber
 # and change the location of the include files here
-LDAPINCLUDES=-DLDAP_DEPRECATED=1 -I/usr/local/include
+LDAPINCLUDES=-DLDAP_DEPRECATED=1 -I/usr/src/openldap-2.4.25/include
 # on Slowaris you need -lresolv and probably a LD_RUN_PATH added like this:
 #LDAPLIBS=-L/opt/OpenLDAP/lib -lldap -llber -lresolv -R/opt/OpenLDAP/lib
 # for example on my Linux box I use:
@@ -33,7 +33,7 @@
 #LDAPINCLUDES=-DLDAP_DEPRECATED=1 -I/opt/OpenLDAP/include
 
 # ZLIB needed for -DDATA_COMPRESS and -DQMQP_COMPRESS
-#ZLIB=-lz
+ZLIB=-lz
 # or you installed zlib in a different path you can use something like this
 #ZLIB=-L/opt/zlib/lib -lz
 #ZINCLUDES=-I/opt/zlib/include
@@ -43,31 +43,31 @@
 # use -DTLS_REMOTE to enable tls support in qmail-remote
 # use -DTLS_SMTPD to enable tls support in qmail-smtpd
 # use -DTLSDEBUG to enable additional tls debug information in qmail-remote
-#TLS=-DTLS_REMOTE -DTLS_SMTPD
+TLS=-DTLS_REMOTE -DTLS_SMTPD
 # Path to OpenSSL includes
-#TLSINCLUDES=-I/usr/local/include
+TLSINCLUDES=-I/usr/local/include
 # Path to OpenSSL libraries
-#TLSLIBS=-L/usr/local/lib -lssl -lcrypto
+TLSLIBS=-L/usr/local/lib -lssl -lcrypto
 # Path to OpenSSL binary
-#OPENSSLBIN=/usr/local/bin/openssl
-#OPENSSLBIN=openssl
+OPENSSLBIN=/usr/bin/openssl
+OPENSSLBIN=openssl
 
 # to make the Netscape download progress bar work with qmail-pop3d
 # uncomment the next line (allready done)
 MNW=-DMAKE_NETSCAPE_WORK 
 
 # to enable the auto-maildir-make feature uncomment the next line
-#MDIRMAKE=-DAUTOMAILDIRMAKE
+MDIRMAKE=-DAUTOMAILDIRMAKE
 
 # to enable the auto-homedir-make feature uncomment the next line
-#HDIRMAKE=-DAUTOHOMEDIRMAKE
+HDIRMAKE=-DAUTOHOMEDIRMAKE
 
 # on most systems we need this to make auth_pop and auth_imap
 #SHADOWLIBS=-lcrypt
 # OpenBSD and other Systems do not have libcrypt, so comment the line out
 # if you get linking problems.
 # To use shadow passwords under some Linux OS, uncomment the next two lines.
-#SHADOWLIBS=-lcrypt -lshadow
+SHADOWLIBS=-lcrypt
 #SHADOWOPTS=-DPW_SHADOW
 # To use shadow passwords under Solaris, uncomment the SHADOWOPTS line.
 
diff -Naur qmail-1.03/qldap.c qmail-1.03.patched/qldap.c
--- qmail-1.03/qldap.c	2012-12-23 23:10:27.437154714 -0800
+++ qmail-1.03.patched/qldap.c	2012-12-23 22:57:27.369184384 -0800
@@ -681,6 +681,7 @@
 qldap_get_status(qldap *q, int *status)
 {
 	int	r;
+	unsigned long   ul,IS_BOUNCE,IS_ACTIVE;
 	
 	/* default value */
 	*status = STATUS_UNDEF;
@@ -689,13 +690,22 @@
 	if (r == NOSUCH) {
 		return OK;
 	} else if (r == OK) {
-		if (!case_diffs(ldap_attr.s, ISACTIVE_BOUNCE))
+/*ORIG_CODE		if (!case_diffs(ldap_attr.s, ISACTIVE_BOUNCE))
 			*status = STATUS_BOUNCE;
 		else if (!case_diffs(ldap_attr.s, ISACTIVE_DELETE))
 			*status = STATUS_DELETE;
 		else if (!case_diffs(ldap_attr.s, ISACTIVE_NOACCESS))
 			*status = STATUS_NOACCESS;
-		else	*status = STATUS_OK; /* default to OK */
+		else	*status = STATUS_OK; END_ORIG_CODE*/ /* default to OK */
+		
+		scan_ulong(ISACTIVE_BOUNCE + '\0', &IS_BOUNCE);
+        	scan_ulong(ISACTIVE_ACTIVE + '\0', &IS_ACTIVE);
+               	if (ldap_attr.s[scan_ulong(ldap_attr.s, &ul)] == '\0') {
+                       ul &= ISACTIVE_MASK; /* mask result */
+                       if (ul == IS_BOUNCE)      *status = STATUS_BOUNCE;
+                       else if (ul == IS_ACTIVE) *status = STATUS_OK;
+                       else                      *status = STATUS_NOACCESS; /* default to NO ACCESS */
+               	}
 		/* perhaps we should spill out a warning for unknown settings */
 		return OK;
 	}
diff -Naur qmail-1.03/qldap-filter.c qmail-1.03.patched/qldap-filter.c
--- qmail-1.03/qldap-filter.c	2012-12-23 23:10:27.433154249 -0800
+++ qmail-1.03.patched/qldap-filter.c	2012-12-23 22:57:50.553185213 -0800
@@ -107,7 +107,7 @@
 		return 0;
 
 	if (!filter_start(&filter)  ||
-	    !stralloc_copys(&filter,"(") ||
+	    !stralloc_cats(&filter,"(") ||
 	    !stralloc_cats(&filter, LDAP_UID) ||
 	    !stralloc_cats(&filter, "=") ||
 	    !filter_escape(&filter, uid, str_len(uid)) ||
@@ -179,7 +179,6 @@
 		}
 		extcnt--;
 #else
-#error XXX XXX 
 		/* basic qmail-ldap behavior test for username@domain.com and
 		   catchall@domain.com */
 		ext = 0;
@@ -193,7 +192,7 @@
 			/* build the search string for the email address */
 			/* mail address */
 			if (!filter_start(&filter) ||
-			    !stralloc_copys(&filter, "(|(") ||
+			    !stralloc_cats(&filter, "(|(") ||
 			    !stralloc_cats(&filter, LDAP_MAIL) ||
 			    !stralloc_cats(&filter, "="))
 				return 0;
diff -Naur qmail-1.03/qmail-ldap.h qmail-1.03.patched/qmail-ldap.h
--- qmail-1.03/qmail-ldap.h	2012-12-23 23:10:27.437154714 -0800
+++ qmail-1.03.patched/qmail-ldap.h	2012-12-23 22:57:27.369184384 -0800
@@ -65,7 +65,7 @@
  * of the shell are allowed (like &, &, ;, and <,|,>)
  * You should know what you are doing when disallowing this  */
 /* 1 = restriced sanitycheck; 0 = less restriced sanitycheck */
-#define RESTRICT_PROG 1
+#define RESTRICT_PROG 0
 
 /* ALIASDEVNULL replacement for the std. aliasempty for user with
  * neither homeDirectory nor mailMessageStore defined */
@@ -92,11 +92,11 @@
 /*********************************************************************
         ldap variables used in qmail-lspawn and auth_*
 *********************************************************************/
-#define LDAP_MAIL		"mail"
+#define LDAP_MAIL		"userPrincipalName"
 #define LDAP_MAILALTERNATE	"mailAlternateAddress"
 #define LDAP_QMAILUID		"qmailUID"
 #define LDAP_QMAILGID		"qmailGID"
-#define LDAP_MAILSTORE		"mailMessageStore"
+#define LDAP_MAILSTORE		"sAMAccountName"
-#define LDAP_HOMEDIR		"homeDirectory"
+#define LDAP_HOMEDIR           "noSuchDirectory"
 #define LDAP_QUOTA		"mailQuota"
 #define LDAP_QUOTA_SIZE	"mailQuotaSize"
@@ -108,10 +108,10 @@
 #define LDAP_MODE		"deliveryMode"
 #define LDAP_REPLYTEXT		"mailReplyText"
 #define LDAP_DOTMODE		"qmailDotMode"
-#define LDAP_UID		"uid"
+#define LDAP_UID		"userPrincipalName"
 #define LDAP_PASSWD		"userPassword"
 #define LDAP_OBJECTCLASS	"objectClass"
-#define LDAP_ISACTIVE		"accountStatus"
+#define LDAP_ISACTIVE		"userAccountControl"
 #define LDAP_PURGE		"qmailAccountPurge"
 
 #define DOTMODE_LDAPONLY 	"ldaponly"
@@ -132,10 +132,11 @@
 #define MODE_PROG		"program"
 #define MODE_NOREPLY		"noreply"
 
-#define ISACTIVE_BOUNCE		"disabled"
+#define ISACTIVE_BOUNCE		"514"
 #define ISACTIVE_DELETE		"deleted"
 #define ISACTIVE_NOACCESS	"noaccess"
-#define ISACTIVE_ACTIVE		"active"
+#define ISACTIVE_ACTIVE		"512"
+#define ISACTIVE_MASK           0x202 /* because 514 is 0x202, 512 is 0x200 */
 
 /*********************************************************************
         ldap variables used in qmail-group
diff -Naur qmail-1.03/qmail-ldaplookup.c qmail-1.03.patched/qmail-ldaplookup.c
--- qmail-1.03/qmail-ldaplookup.c	2012-12-23 23:10:27.437154714 -0800
+++ qmail-1.03.patched/qmail-ldaplookup.c	2012-12-23 23:01:00.333180404 -0800
@@ -223,12 +223,12 @@
 		switch (mode) {
 		case mail:
 			f = filter_mail(value, &done);
-			if (value == 0)
+			if (f == 0)
 				strerr_die2sys(1, FATAL, "building filter: ");
 			break;
 		case uid:
 			f = filter_uid(value);
-			if (value == 0)
+			if (f == 0)
 				strerr_die2sys(1, FATAL, "building filter: ");
 			done = 1;
 			break;
@@ -321,7 +321,7 @@
 		if (r != OK) fail(q, "qldap_get_status", r);
 		switch (status) {
 		case STATUS_BOUNCE:
-			output(subfdout, "%s: %s\n",
+			output(subfdout, "%s: %s -> disabled\n",
 			    LDAP_ISACTIVE, ISACTIVE_BOUNCE);
 			break;
 		case STATUS_NOACCESS:
@@ -329,7 +329,7 @@
 			    LDAP_ISACTIVE, ISACTIVE_NOACCESS);
 			break;
 		case STATUS_OK:
-			output(subfdout, "%s: %s\n",
+			output(subfdout, "%s: %s -> active\n",
 			    LDAP_ISACTIVE, ISACTIVE_ACTIVE);
 			break;
 		case STATUS_UNDEF: