[Da-tools-commits] ./debian/userdir-ldap-cgi r92: Use SSL/TLS when configured to do so.

[Peter Palfrader]

------------------------------------------------------------
revno: 92
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap-cgi
timestamp: Sun 2008-05-25 18:27:04 +0200
message:
  Use SSL/TLS when configured to do so.
modified:
  Util.pm
  debian/changelog
  debian/control
  login.cgi
  machines.cgi
  search.cgi
  update.cgi
-------------- next part --------------
=== modified file 'Util.pm'
--- a/Util.pm	2006-11-13 16:25:16 +0000
+++ b/Util.pm	2008-05-25 16:27:04 +0000
@@ -3,6 +3,7 @@
 
 use strict;
 use Date::Manip qw(ParseDate);
+use Net::LDAP qw(:all);
 
 my $blocksize = 8; # A blowfish block is 8 bytes
 my $configfile = "/etc/userdir-ldap/userdir-ldap.conf";
@@ -339,4 +340,17 @@
   return %config;
 }
 
+sub UpgradeConnection($) {
+  my ($ldap) = @_;
+  my $mesg = $ldap->start_tls(
+                          verify => 'require',
+                          capath => '/etc/ssl/certs/'
+                          );
+  $mesg->sync;
+  if ($mesg->code != LDAP_SUCCESS) {
+    print "Content-type: text/html; charset=utf-8\n\n";
+    print "<html><body><h1>STARTTLS failed: "..$mesg->error."</h1></body></html>\n";
+    exit(1);
+  };
+};
 1;

=== modified file 'debian/changelog'
--- a/debian/changelog	2008-05-25 16:05:17 +0000
+++ b/debian/changelog	2008-05-25 16:27:04 +0000
@@ -3,8 +3,10 @@
   * Make machines.cgi display the purpose attribute from LDAP [HE].
   * Add VoIP field to CGI [zobel].
   * make summaryattrs sortable [zobel].
+  * Use SSL/TLS when configured to do so, and Depend on libio-socket-ssl-perl
+    for that.
 
- -- Peter Palfrader <weasel at debian.org>  Sun, 25 May 2008 18:05:06 +0200
+ -- Peter Palfrader <weasel at debian.org>  Sun, 25 May 2008 18:21:45 +0200
 
 userdir-ldap-cgi (0.3.9) unstable; urgency=low
 

=== modified file 'debian/control'
--- a/debian/control	2006-12-22 08:13:31 +0000
+++ b/debian/control	2008-05-25 16:27:04 +0000
@@ -8,7 +8,7 @@
 
 Package: userdir-ldap-cgi
 Architecture: all
-Depends: userdir-ldap, perl5, libnet-ldap-perl, libcrypt-blowfish-perl, gnupg (>= 1.0.3), libdate-manip-perl, liburi-perl
+Depends: userdir-ldap, perl5, libnet-ldap-perl, libcrypt-blowfish-perl, gnupg (>= 1.0.3), libdate-manip-perl, liburi-perl, libio-socket-ssl-perl
 Replaces: userdir-ldap
 Description: CGI programs for the db.debian.org
  These programs are run on http://db.debian.org/ to simplify the

=== modified file 'login.cgi'
--- a/login.cgi	2006-12-22 07:58:50 +0000
+++ b/login.cgi	2008-05-25 16:27:04 +0000
@@ -28,6 +28,7 @@
 my $cipher = new Crypt::Blowfish $key;
 
 my $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
+&Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
 
 my $username = $query->param('username');
 my $password = $query->param('password');

=== modified file 'machines.cgi'
--- a/machines.cgi	2008-05-18 16:37:17 +0000
+++ b/machines.cgi	2008-05-25 16:27:04 +0000
@@ -92,6 +92,7 @@
 
 &Util::HTMLSendHeader;
 $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
+&Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
 $mesg;
 $ldap->bind;
 

=== modified file 'search.cgi'
--- a/search.cgi	2008-05-10 12:21:44 +0000
+++ b/search.cgi	2008-05-25 16:27:04 +0000
@@ -84,6 +84,7 @@
 
   # Now, we are ready to connect to the LDAP server.
   $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
+  &Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
   my $auth = 0;
   my $mesg;
 

=== modified file 'update.cgi'
--- a/update.cgi	2008-05-10 12:21:44 +0000
+++ b/update.cgi	2008-05-25 16:27:04 +0000
@@ -36,6 +36,7 @@
 $SIG{__DIE__} = \&DieHandler;
 
 $ldap = Net::LDAP->new($config{ldaphost});
+&Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
 my $auth = 0;
 my $mesg;
 $mesg = $ldap->bind($editdn, password => $password);