Merge branch 'testing'

# By James Meyer (1091) and others
# Via James Meyer (5) and others
* testing: (1148 commits)
  LinHES-config: during install don't kill off lirc.  This keeps the remote active all the way to the finish
  Change version numbers to 8.0  to match the release number. LinHES-conifg LinHES-system mythdb-initial runit-scripts supplemental-web
  LinHES-conifig: mv_install.py  for the last partition don't go all the way to the end.  Gotta leave room for gpt tables.
  xf86-video-ati: xorg ati driver.
  LinHES-config: timezip.py  add syncing up of parental lvl passwords and starting level with MBE.
  LinHES-system: correct the logic for breaking out of the wmctrl loop.   As written it would break out of the inner loop..but not the 60 iteration loop.
  e16_theme_settings:  remove slide-in prop for new windows.   For whatever reason this was preventing mplayer from being positioned correctly for appletrailers.
  LinHES-config, mythinstall:  change  case of hd_pvr and   serial to all lower refs #902
  zilog-firmware:   firmware for TX support of the hdpvr and pvr-150 In general I can't recommend anybody using these transmitters  but including the firmware just in case someone really wants to
  linhes-udev-rules:  added hdprv_lirc rule. All of these lirc rules are limited to exactly one device.  If more then one device is present then only the last device in init will get the symlink
  runit-scripts:  fix logging for igdeamon,   add support to remote init script so that the blaster is always the first device in the chain. added support specificly for hd_pvr
  LinHES-system:   add lh_system_restore and lh_system_backup.  These scripts are called from the mythmenu. refs #900
  iguanair: rebuild with python 2.7
  LinHES-system: msg_daemon.py fix  init and nasty bug related to timeout. In a nutshell timeout wouldn't work unless a msg without a timeout was called first.
  linhes-udev-rules:  add rules for mce,streamzap,serial  lirc devices.
  mythinstall: recompile for matching libs
  mythtv:  latest .25-fixes  and change mythbackup/restore call lh_system_$op   to replace mythbackup/mythrestore.  mythbackup no longer works correctly with the new windowmanager
  linhes-scripts: myth2mp3, myth2x264, myth2xvid: use mythutil to get cutlist
  LinHES-config, supplimental-web:  Fix proxy numbering for Ceton infiniTV
  linhes-system:  add additional stuff to the system backup and also introduced an exclude file. The exclude/include files are locate in /home/mythtv/backup_config/
  ...

8 files changed, 714 insertions, 0 deletions

diff --git a/abs/core/openldap/PKGBUILD b/abs/core/openldap/PKGBUILD
new file mode 100644
index 0000000..b7af129
--- /dev/null
+++ b/abs/core/openldap/PKGBUILD
@@ -0,0 +1,106 @@
+# $Id: PKGBUILD 162887 2012-07-02 18:03:02Z eric $
+# Maintainer:
+
+pkgbase=openldap
+pkgname=('libldap' 'openldap')
+pkgver=2.4.31
+pkgrel=4
+arch=('i686' 'x86_64')
+url="http://www.openldap.org/"
+license=('custom')
+makedepends=('libltdl' 'libsasl' 'e2fsprogs' 'util-linux')
+source=(ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${pkgbase}-${pkgver}.tgz
+        slapd slapd.default slapd.service slapd.tmpfiles
+        ntlm.patch
+        mutex-end-of-struct-sigsegv.patch)
+sha1sums=('8315a283fb3724abe6062e38d93bb69298d05765'
+          'bd1ea19256d3d467f1f803e0f4046ef50f17628f'
+          'd89b8a533045123f1ab46c9c430cf132d58a20a4'
+          'a2cdab7e800a9f0c8b1e319a68598a12f4af27a4'
+          'f86a82e35ebe15026980467c9dee4007e686b795'
+          'e4afd9f1c810ef4c4cd8fe1101dfe5887f2b7eef'
+          '694269dad78c7a806649c2d7f57bb7e503df3af1')
+
+build() {
+  cd "${srcdir}"/${pkgbase}-${pkgver}
+  patch -Np1 -i "${srcdir}"/ntlm.patch
+  patch -Np1 -i "${srcdir}"/mutex-end-of-struct-sigsegv.patch
+
+  sed -i 's|-m 644 $(LIBRARY)|-m 755 $(LIBRARY)|' libraries/{liblber,libldap,libldap_r}/Makefile.in
+  sed -i 's|#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"|#define LDAPI_SOCK LDAP_DIRSEP "run" LDAP_DIRSEP "openldap" LDAP_DIRSEP "ldapi"|' include/ldap_defaults.h
+  sed -i 's|%LOCALSTATEDIR%/run|/run/openldap|' servers/slapd/slapd.conf
+  sed -i 's|-$(MKDIR) $(DESTDIR)$(localstatedir)/run|-$(MKDIR) $(DESTDIR)/run/openldap|' servers/slapd/Makefile.in
+
+  LDFLAGS="$LDFLAGS -L\"${pkgdir}\"/libldap/usr/lib" 
+  ./configure --prefix=/usr --mandir=/usr/share/man --libexecdir=/usr/lib \
+    --sysconfdir=/etc --localstatedir=/var/lib/openldap \
+    --enable-ipv6 --enable-syslog --enable-local \
+    --enable-bdb --enable-hdb \
+    --enable-crypt --enable-dynamic \
+    --with-threads --disable-wrappers \
+    --without-fetch \
+    --enable-spasswd --with-cyrus-sasl \
+    --enable-overlays=mod --enable-modules=yes
+  make
+}
+
+check() {
+  cd "${srcdir}"/${pkgbase}-${pkgver}
+  make test
+}
+
+package_libldap() {
+  pkgdesc="Lightweight Directory Access Protocol (LDAP) client libraries"
+  depends=('libsasl' 'e2fsprogs')
+  backup=('etc/openldap/ldap.conf')
+  options=('!libtool')
+
+  cd "${srcdir}"/${pkgbase}-${pkgver}
+  for dir in include libraries doc/man/man3 ; do
+    pushd ${dir}
+    make DESTDIR="${pkgdir}" install
+    popd
+  done
+  install -Dm644 doc/man/man5/ldap.conf.5.tmp "${pkgdir}"/usr/share/man/man5/ldap.conf.5
+  
+# get rid of duplicate default conf files
+  rm "${pkgdir}"/etc/openldap/*.default
+
+  ln -sf liblber.so "${pkgdir}"/usr/lib/liblber.so.2
+  ln -sf libldap.so "${pkgdir}"/usr/lib/libldap.so.2
+
+  install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
+}
+
+package_openldap() {
+  pkgdesc="Lightweight Directory Access Protocol (LDAP) client and server"
+  depends=("libldap>=${pkgver}" 'libltdl' 'util-linux')
+  backup=('etc/openldap/slapd.conf' 'etc/conf.d/slapd')
+  options=('!libtool' 'emptydirs')
+  install=openldap.install
+
+  cd "${srcdir}"/${pkgbase}-${pkgver}
+  for dir in clients servers doc/man/man{1,5,8} ; do
+    pushd ${dir}
+    make DESTDIR="${pkgdir}" install
+    popd
+  done
+  rm "${pkgdir}"/usr/share/man/man5/ldap.conf.5
+  rm -r "${pkgdir}"/run
+
+# get rid of duplicate default conf files
+  rm "${pkgdir}"/etc/openldap/*.default
+
+  ln -s ../lib/slapd "${pkgdir}"/usr/sbin/slapd
+
+  chown root:439 "${pkgdir}"/etc/openldap/{slapd.conf,DB_CONFIG.example}
+  chmod 640 "${pkgdir}"/etc/openldap/{slapd.conf,DB_CONFIG.example}
+
+  install -dm700 -o 439 -g 439 "${pkgdir}"/var/lib/openldap
+  install -dm700 -o 439 -g 439 "${pkgdir}"/etc/openldap/slapd.d
+  install -Dm755 "${srcdir}"/slapd "${pkgdir}"/etc/rc.d/slapd
+  install -Dm644 "${srcdir}"/slapd.default "${pkgdir}"/etc/conf.d/slapd
+  install -Dm644 "${srcdir}"/slapd.service "${pkgdir}"/usr/lib/systemd/system/slapd.service
+  install -Dm644 "${srcdir}"/slapd.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/slapd.conf
+  install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
+}
diff --git a/abs/core/openldap/mutex-end-of-struct-sigsegv.patch b/abs/core/openldap/mutex-end-of-struct-sigsegv.patch
new file mode 100644
index 0000000..e899638
--- /dev/null
+++ b/abs/core/openldap/mutex-end-of-struct-sigsegv.patch
@@ -0,0 +1,293 @@
+ libraries/libldap/init.c     |    8 ++-
+ libraries/libldap/ldap-int.h |  198 ++++++++++++++++++++++--------------------
+ 2 files changed, 110 insertions(+), 96 deletions(-)
+
+diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c
+index 39292d2..9d37e64 100644
+--- a/libraries/libldap/init.c
++++ b/libraries/libldap/init.c
+@@ -36,7 +36,13 @@
+ #include "lutil.h"
+ 
+ struct ldapoptions ldap_int_global_options =
+-	{ LDAP_UNINITIALIZED, LDAP_DEBUG_NONE LDAP_LDO_MUTEX_NULLARG };  
++	{ LDAP_UNINITIALIZED, LDAP_DEBUG_NONE
++		LDAP_LDO_NULLARG
++		LDAP_LDO_CONNECTIONLESS_NULLARG
++		LDAP_LDO_TLS_NULLARG
++		LDAP_LDO_SASL_NULLARG
++		LDAP_LDO_GSSAPI_NULLARG
++		LDAP_LDO_MUTEX_NULLARG };
+ 
+ #define ATTR_NONE	0
+ #define ATTR_BOOL	1
+diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
+index f8e6126..ac6c9e5 100644
+--- a/libraries/libldap/ldap-int.h
++++ b/libraries/libldap/ldap-int.h
+@@ -185,29 +185,59 @@ struct ldapoptions {
+ #define LDAP_TRASHED_SESSION	0xFF
+ 	int   ldo_debug;
+ 
+-#ifdef LDAP_R_COMPILE
+-	ldap_pvt_thread_mutex_t	ldo_mutex;
+-#define LDAP_LDO_MUTEX_NULLARG	, LDAP_PVT_MUTEX_NULL
+-#else
+-#define LDAP_LDO_MUTEX_NULLARG
+-#endif
++	ber_int_t		ldo_version;
++	ber_int_t		ldo_deref;
++	ber_int_t		ldo_timelimit;
++	ber_int_t		ldo_sizelimit;
++
++	/* per API call timeout */
++	struct timeval		ldo_tm_api;
++	struct timeval		ldo_tm_net;
++
++	LDAPURLDesc *ldo_defludp;
++	int		ldo_defport;
++	char*	ldo_defbase;
++	char*	ldo_defbinddn;	/* bind dn */
++
++	/*
++	 * Per connection tcp-keepalive settings (Linux only,
++	 * ignored where unsupported)
++	 */
++	ber_int_t ldo_keepalive_idle;
++	ber_int_t ldo_keepalive_probes;
++	ber_int_t ldo_keepalive_interval;
++
++	int		ldo_refhoplimit;	/* limit on referral nesting */
++
++	/* LDAPv3 server and client controls */
++	LDAPControl	**ldo_sctrls;
++	LDAPControl **ldo_cctrls;
++
++	/* LDAP rebind callback function */
++	LDAP_REBIND_PROC *ldo_rebind_proc;
++	void *ldo_rebind_params;
++	LDAP_NEXTREF_PROC *ldo_nextref_proc;
++	void *ldo_nextref_params;
++	LDAP_URLLIST_PROC *ldo_urllist_proc;
++	void *ldo_urllist_params;
++
++	/* LDAP connection callback stack */
++	ldaplist *ldo_conn_cbs;
++
++	LDAP_BOOLEANS ldo_booleans;	/* boolean options */
++
++#define LDAP_LDO_NULLARG	,0,0,0,0 ,{0},{0} ,0,0,0,0, 0,0,0,0, 0,0, 0,0,0,0,0,0, 0, 0
+ 
+ #ifdef LDAP_CONNECTIONLESS
+ #define	LDAP_IS_UDP(ld)		((ld)->ld_options.ldo_is_udp)
+ 	void*			ldo_peer;	/* struct sockaddr* */
+ 	char*			ldo_cldapdn;
+ 	int			ldo_is_udp;
++#define	LDAP_LDO_CONNECTIONLESS_NULLARG	,0,0,0
++#else
++#define	LDAP_LDO_CONNECTIONLESS_NULLARG
+ #endif
+ 
+-	/* per API call timeout */
+-	struct timeval		ldo_tm_api;
+-	struct timeval		ldo_tm_net;
+-
+-	ber_int_t		ldo_version;
+-	ber_int_t		ldo_deref;
+-	ber_int_t		ldo_timelimit;
+-	ber_int_t		ldo_sizelimit;
+-
+ #ifdef HAVE_TLS
+    	/* tls context */
+    	void		*ldo_tls_ctx;
+@@ -226,16 +256,12 @@ struct ldapoptions {
+    	int			ldo_tls_mode;
+    	int			ldo_tls_require_cert;
+ 	int			ldo_tls_impl;
+-#ifdef HAVE_OPENSSL_CRL
+    	int			ldo_tls_crlcheck;
+-#endif
++#define LDAP_LDO_TLS_NULLARG ,0,0,0,{0,0,0,0,0,0,0,0,0},0,0,0,0
++#else
++#define LDAP_LDO_TLS_NULLARG
+ #endif
+ 
+-	LDAPURLDesc *ldo_defludp;
+-	int		ldo_defport;
+-	char*	ldo_defbase;
+-	char*	ldo_defbinddn;	/* bind dn */
+-
+ #ifdef HAVE_CYRUS_SASL
+ 	char*	ldo_def_sasl_mech;		/* SASL Mechanism(s) */
+ 	char*	ldo_def_sasl_realm;		/* SASL realm */
+@@ -244,6 +270,9 @@ struct ldapoptions {
+ 
+ 	/* SASL Security Properties */
+ 	struct sasl_security_properties	ldo_sasl_secprops;
++#define LDAP_LDO_SASL_NULLARG ,0,0,0,0,{0}
++#else
++#define LDAP_LDO_SASL_NULLARG
+ #endif
+ 
+ #ifdef HAVE_GSSAPI
+@@ -253,34 +282,17 @@ struct ldapoptions {
+ #define LDAP_GSSAPI_OPT_DO_NOT_FREE_GSS_CONTEXT	0x0001
+ #define LDAP_GSSAPI_OPT_ALLOW_REMOTE_PRINCIPAL	0x0002
+ 	unsigned ldo_gssapi_options;
++#define LDAP_LDO_GSSAPI_NULLARG ,0,0
++#else
++#define LDAP_LDO_GSSAPI_NULLARG
+ #endif
+ 
+-	/*
+-	 * Per connection tcp-keepalive settings (Linux only,
+-	 * ignored where unsupported)
+-	 */
+-	ber_int_t ldo_keepalive_idle;
+-	ber_int_t ldo_keepalive_probes;
+-	ber_int_t ldo_keepalive_interval;
+-
+-	int		ldo_refhoplimit;	/* limit on referral nesting */
+-
+-	/* LDAPv3 server and client controls */
+-	LDAPControl	**ldo_sctrls;
+-	LDAPControl **ldo_cctrls;
+-
+-	/* LDAP rebind callback function */
+-	LDAP_REBIND_PROC *ldo_rebind_proc;
+-	void *ldo_rebind_params;
+-	LDAP_NEXTREF_PROC *ldo_nextref_proc;
+-	void *ldo_nextref_params;
+-	LDAP_URLLIST_PROC *ldo_urllist_proc;
+-	void *ldo_urllist_params;
+-
+-	/* LDAP connection callback stack */
+-	ldaplist *ldo_conn_cbs;
+-
+-	LDAP_BOOLEANS ldo_booleans;	/* boolean options */
++#ifdef LDAP_R_COMPILE
++	ldap_pvt_thread_mutex_t	ldo_mutex;
++#define LDAP_LDO_MUTEX_NULLARG	, LDAP_PVT_MUTEX_NULL
++#else
++#define LDAP_LDO_MUTEX_NULLARG
++#endif
+ };
+ 
+ 
+@@ -375,6 +387,46 @@ struct ldap_common {
+ 	Sockbuf		*ldc_sb;	/* socket descriptor & buffer */
+ #define ld_sb			ldc->ldc_sb
+ 
++	unsigned short	ldc_lberoptions;
++#define	ld_lberoptions		ldc->ldc_lberoptions
++
++	/* protected by msgid_mutex */
++	ber_len_t		ldc_msgid;
++#define	ld_msgid		ldc->ldc_msgid
++
++	/* do not mess with these */
++	/* protected by req_mutex */
++	LDAPRequest	*ldc_requests;	/* list of outstanding requests */
++	/* protected by res_mutex */
++	LDAPMessage	*ldc_responses;	/* list of outstanding responses */
++#define	ld_requests		ldc->ldc_requests
++#define	ld_responses		ldc->ldc_responses
++
++	/* protected by abandon_mutex */
++	ber_len_t	ldc_nabandoned;
++	ber_int_t	*ldc_abandoned;	/* array of abandoned requests */
++#define	ld_nabandoned		ldc->ldc_nabandoned
++#define	ld_abandoned		ldc->ldc_abandoned
++
++	/* unused by libldap */
++	LDAPCache	*ldc_cache;	/* non-null if cache is initialized */
++#define	ld_cache		ldc->ldc_cache
++
++	/* do not mess with the rest though */
++
++	/* protected by conn_mutex */
++	LDAPConn	*ldc_defconn;	/* default connection */
++#define	ld_defconn		ldc->ldc_defconn
++	LDAPConn	*ldc_conns;	/* list of server connections */
++#define	ld_conns		ldc->ldc_conns
++	void		*ldc_selectinfo;/* platform specifics for select */
++#define	ld_selectinfo		ldc->ldc_selectinfo
++
++	/* ldap_common refcnt - free only if 0 */
++	/* protected by ldc_mutex */
++	unsigned int		ldc_refcnt;
++#define	ld_ldcrefcnt		ldc->ldc_refcnt
++
+ 	/* protected by ldo_mutex */
+ 	struct ldapoptions ldc_options;
+ #define ld_options		ldc->ldc_options
+@@ -403,66 +455,22 @@ struct ldap_common {
+ #define ld_urllist_params	ld_options.ldo_urllist_params
+ 
+ #define ld_version		ld_options.ldo_version
+-#ifdef LDAP_R_COMPILE
+-#define	ld_ldopts_mutex		ld_options.ldo_mutex
+-#endif
+-
+-	unsigned short	ldc_lberoptions;
+-#define	ld_lberoptions		ldc->ldc_lberoptions
+-
+-	/* protected by msgid_mutex */
+-	ber_len_t		ldc_msgid;
+-#define	ld_msgid		ldc->ldc_msgid
+-
+-	/* do not mess with these */
+-	/* protected by req_mutex */
+-	LDAPRequest	*ldc_requests;	/* list of outstanding requests */
+-	/* protected by res_mutex */
+-	LDAPMessage	*ldc_responses;	/* list of outstanding responses */
+-#define	ld_requests		ldc->ldc_requests
+-#define	ld_responses		ldc->ldc_responses
+ 
+ #ifdef LDAP_R_COMPILE
++	ldap_pvt_thread_mutex_t	ldc_mutex;
+ 	ldap_pvt_thread_mutex_t	ldc_msgid_mutex;
+ 	ldap_pvt_thread_mutex_t	ldc_conn_mutex;
+ 	ldap_pvt_thread_mutex_t	ldc_req_mutex;
+ 	ldap_pvt_thread_mutex_t	ldc_res_mutex;
+ 	ldap_pvt_thread_mutex_t	ldc_abandon_mutex;
++#define	ld_ldopts_mutex		ld_options.ldo_mutex
++#define	ld_ldcmutex		ldc->ldc_mutex
+ #define	ld_msgid_mutex		ldc->ldc_msgid_mutex
+ #define	ld_conn_mutex		ldc->ldc_conn_mutex
+ #define	ld_req_mutex		ldc->ldc_req_mutex
+ #define	ld_res_mutex		ldc->ldc_res_mutex
+ #define	ld_abandon_mutex	ldc->ldc_abandon_mutex
+ #endif
+-
+-	/* protected by abandon_mutex */
+-	ber_len_t	ldc_nabandoned;
+-	ber_int_t	*ldc_abandoned;	/* array of abandoned requests */
+-#define	ld_nabandoned		ldc->ldc_nabandoned
+-#define	ld_abandoned		ldc->ldc_abandoned
+-
+-	/* unused by libldap */
+-	LDAPCache	*ldc_cache;	/* non-null if cache is initialized */
+-#define	ld_cache		ldc->ldc_cache
+-
+-	/* do not mess with the rest though */
+-
+-	/* protected by conn_mutex */
+-	LDAPConn	*ldc_defconn;	/* default connection */
+-#define	ld_defconn		ldc->ldc_defconn
+-	LDAPConn	*ldc_conns;	/* list of server connections */
+-#define	ld_conns		ldc->ldc_conns
+-	void		*ldc_selectinfo;/* platform specifics for select */
+-#define	ld_selectinfo		ldc->ldc_selectinfo
+-
+-	/* ldap_common refcnt - free only if 0 */
+-#ifdef LDAP_R_COMPILE
+-	ldap_pvt_thread_mutex_t	ldc_mutex;
+-#define	ld_ldcmutex		ldc->ldc_mutex
+-#endif
+-	/* protected by ldc_mutex */
+-	unsigned int		ldc_refcnt;
+-#define	ld_ldcrefcnt		ldc->ldc_refcnt
+ };
+ 
+ struct ldap {
diff --git a/abs/core/openldap/ntlm.patch b/abs/core/openldap/ntlm.patch
new file mode 100644
index 0000000..6804b61
--- /dev/null
+++ b/abs/core/openldap/ntlm.patch
@@ -0,0 +1,230 @@
+Patch from evolution-exchange (2.10.3).  The ldap_ntlm_bind function is
+actually called by evolution-data-server, checked at version 1.12.2.
+Without this patch, the Exchange addressbook integration uses simple binds
+with cleartext passwords.
+
+Russ checked with openldap-software for upstream's opinion on this patch
+on 2007-12-21.  Upstream had never received it as a patch submission and
+given that it's apparently only for older Exchange servers that can't do
+SASL and DIGEST-MD5, it's not very appealing.
+
+Bug#457374 filed against evolution-data-server asking if this support is
+still required on 2007-12-21.
+
+Index: trunk/include/ldap.h
+===================================================================
+--- trunk.orig/include/ldap.h
++++ trunk/include/ldap.h
+@@ -2461,5 +2461,25 @@
+ 	LDAPControl	**ctrls,
+ 	LDAPDerefRes	**drp ));
+ 
++/*
++ * hacks for NTLM
++ */
++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
++#define LDAP_AUTH_NTLM_RESPONSE  ((ber_tag_t) 0x8bU)
++LDAP_F( int )
++ldap_ntlm_bind LDAP_P((
++      LDAP    *ld,
++      LDAP_CONST char *dn,
++      ber_tag_t tag,
++      struct berval *cred,
++      LDAPControl **sctrls,
++      LDAPControl **cctrls,
++      int   *msgidp ));
++LDAP_F( int )
++ldap_parse_ntlm_bind_result LDAP_P((
++      LDAP    *ld,
++      LDAPMessage *res,
++      struct berval *challenge));
++
+ LDAP_END_DECL
+ #endif /* _LDAP_H */
+Index: trunk/libraries/libldap/ntlm.c
+===================================================================
+--- /dev/null
++++ trunk/libraries/libldap/ntlm.c
+@@ -0,0 +1,138 @@
++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
++/*
++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
++ */
++
++/* Mostly copied from sasl.c */
++
++#include "portable.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++
++#include <ac/socket.h>
++#include <ac/string.h>
++#include <ac/time.h>
++#include <ac/errno.h>
++
++#include "ldap-int.h"
++
++int
++ldap_ntlm_bind(
++ LDAP    *ld,
++ LDAP_CONST char *dn,
++ ber_tag_t tag,
++ struct berval *cred,
++ LDAPControl **sctrls,
++ LDAPControl **cctrls,
++ int   *msgidp )
++{
++ BerElement  *ber;
++ int rc;
++ ber_int_t id;
++
++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
++
++ assert( ld != NULL );
++ assert( LDAP_VALID( ld ) );
++ assert( msgidp != NULL );
++
++ if( msgidp == NULL ) {
++   ld->ld_errno = LDAP_PARAM_ERROR;
++   return ld->ld_errno;
++ }
++
++ /* create a message to send */
++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
++   ld->ld_errno = LDAP_NO_MEMORY;
++   return ld->ld_errno;
++ }
++
++ assert( LBER_VALID( ber ) );
++
++ LDAP_NEXT_MSGID( ld, id );
++ rc = ber_printf( ber, "{it{istON}" /*}*/,
++      id, LDAP_REQ_BIND,
++      ld->ld_version, dn, tag,
++      cred );
++
++ /* Put Server Controls */
++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
++   ber_free( ber, 1 );
++   return ld->ld_errno;
++ }
++
++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
++   ld->ld_errno = LDAP_ENCODING_ERROR;
++   ber_free( ber, 1 );
++   return ld->ld_errno;
++ }
++
++ /* send the message */
++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
++
++ if(*msgidp < 0)
++   return ld->ld_errno;
++
++ return LDAP_SUCCESS;
++}
++
++int
++ldap_parse_ntlm_bind_result(
++ LDAP    *ld,
++ LDAPMessage *res,
++ struct berval *challenge)
++{
++ ber_int_t errcode;
++ ber_tag_t tag;
++ BerElement  *ber;
++ ber_len_t len;
++
++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
++
++ assert( ld != NULL );
++ assert( LDAP_VALID( ld ) );
++ assert( res != NULL );
++
++ if ( ld == NULL || res == NULL ) {
++   return LDAP_PARAM_ERROR;
++ }
++
++ if( res->lm_msgtype != LDAP_RES_BIND ) {
++   ld->ld_errno = LDAP_PARAM_ERROR;
++   return ld->ld_errno;
++ }
++
++ if ( ld->ld_error ) {
++   LDAP_FREE( ld->ld_error );
++   ld->ld_error = NULL;
++ }
++ if ( ld->ld_matched ) {
++   LDAP_FREE( ld->ld_matched );
++   ld->ld_matched = NULL;
++ }
++
++ /* parse results */
++
++ ber = ber_dup( res->lm_ber );
++
++ if( ber == NULL ) {
++   ld->ld_errno = LDAP_NO_MEMORY;
++   return ld->ld_errno;
++ }
++
++ tag = ber_scanf( ber, "{ioa" /*}*/,
++      &errcode, challenge, &ld->ld_error );
++ ber_free( ber, 0 );
++
++ if( tag == LBER_ERROR ) {
++   ld->ld_errno = LDAP_DECODING_ERROR;
++   return ld->ld_errno;
++ }
++
++ ld->ld_errno = errcode;
++
++ return( ld->ld_errno );
++}
++
+Index: trunk/libraries/libldap/Makefile.in
+===================================================================
+--- trunk.orig/libraries/libldap/Makefile.in
++++ trunk/libraries/libldap/Makefile.in
+@@ -27,7 +27,7 @@
+ 	init.c options.c print.c string.c util-int.c schema.c \
+ 	charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+ 	tls2.c tls_o.c tls_g.c tls_m.c \
+-	turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
++	turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \
+ 	assertion.c deref.c ldif.c fetch.c
+ 
+ OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
+@@ -40,7 +40,7 @@
+ 	init.lo options.lo print.lo string.lo util-int.lo schema.lo \
+ 	charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+ 	tls2.lo tls_o.lo tls_g.lo tls_m.lo \
+-	turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
++	turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \
+ 	assertion.lo deref.lo ldif.lo fetch.lo
+ 
+ LDAP_INCDIR= ../../include       
+Index: trunk/libraries/libldap_r/Makefile.in
+===================================================================
+--- trunk.orig/libraries/libldap_r/Makefile.in
++++ trunk/libraries/libldap_r/Makefile.in
+@@ -29,7 +29,7 @@
+ 	init.c options.c print.c string.c util-int.c schema.c \
+ 	charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+ 	tls2.c tls_o.c tls_g.c tls_m.c \
+-	turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
++	turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \
+ 	assertion.c deref.c ldif.c fetch.c
+ SRCS	= threads.c rdwr.c rmutex.c tpool.c rq.c \
+ 	thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \
+@@ -47,7 +47,7 @@
+ 	init.lo options.lo print.lo string.lo util-int.lo schema.lo \
+ 	charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+ 	tls2.lo tls_o.lo tls_g.lo tls_m.lo \
+-	turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
++	turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \
+ 	assertion.lo deref.lo ldif.lo fetch.lo
+ 
+ LDAP_INCDIR= ../../include       
diff --git a/abs/core/openldap/openldap.install b/abs/core/openldap/openldap.install
new file mode 100644
index 0000000..cf3cb9f
--- /dev/null
+++ b/abs/core/openldap/openldap.install
@@ -0,0 +1,20 @@
+post_install(){
+  groupadd -g 439 ldap &>/dev/null
+  useradd -u 439 -g ldap -d /var/lib/openldap -s /bin/false ldap &>/dev/null
+  chown -R ldap:ldap var/lib/openldap &>/dev/null
+}
+
+post_upgrade(){
+  getent group ldap >/dev/null 2>&1 || groupadd -g 439 ldap &>/dev/null
+  getent passwd ldap >/dev/null 2>&1 || useradd -u 439 -g ldap -d /var/lib/openldap -s /bin/false ldap &>/dev/null
+  chown -R ldap:ldap var/lib/openldap &>/dev/null
+}
+
+post_remove(){
+  if getent passwd ldap >/dev/null 2>&1; then
+    userdel ldap
+  fi
+  if getent group ldap >/dev/null 2>&1; then
+    groupdel ldap
+  fi
+}
diff --git a/abs/core/openldap/slapd b/abs/core/openldap/slapd
new file mode 100755
index 0000000..4f212da
--- /dev/null
+++ b/abs/core/openldap/slapd
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+[ -f "/etc/conf.d/slapd" ] && . /etc/conf.d/slapd
+
+PID=`pidof -o %PPID /usr/sbin/slapd`
+case "$1" in
+  start)
+    stat_busy "Starting OpenLDAP"
+    [ ! -d /run/openldap ] && install -d -m755 -o ldap -g ldap /run/openldap
+    if [ -z "$PID" ]; then
+      if [ -z "$SLAPD_SERVICES" ]; then
+        /usr/sbin/slapd -u ldap -g ldap $SLAPD_OPTIONS
+      else
+        /usr/sbin/slapd -u ldap -g ldap -h "$SLAPD_SERVICES" $SLAPD_OPTIONS
+      fi
+      if [ $? -gt 0 ]; then
+        stat_fail
+      else
+        stat_done
+      fi
+      add_daemon slapd
+    else
+      stat_fail
+    fi
+    ;;
+  stop)
+    stat_busy "Stopping OpenLDAP"
+    [ ! -z "$PID" ] && kill $PID &> /dev/null
+    if [ $? -gt 0 ]; then
+      stat_fail
+    else
+      rm -f /run/openldap/slapd.pid
+      rm -f /run/openldap/slapd.args
+      rm_daemon slapd
+      stat_done
+    fi
+    ;;
+  restart)
+    $0 stop
+    sleep 3
+    $0 start
+    ;;
+  *)
+    echo "usage: $0 {start|stop|restart}"  
+esac
+exit 0
diff --git a/abs/core/openldap/slapd.default b/abs/core/openldap/slapd.default
new file mode 100644
index 0000000..72ae2a6
--- /dev/null
+++ b/abs/core/openldap/slapd.default
@@ -0,0 +1,6 @@
+# slapd normally serves ldap only on all TCP-ports 389. slapd can also
+# service requests on TCP-port 636 (ldaps) and requests via unix
+# sockets.
+# Example usage:
+#SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
+SLAPD_OPTIONS=""
diff --git a/abs/core/openldap/slapd.service b/abs/core/openldap/slapd.service
new file mode 100644
index 0000000..d8baa57
--- /dev/null
+++ b/abs/core/openldap/slapd.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=OpenLDAP server daemon
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/slapd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/abs/core/openldap/slapd.tmpfiles b/abs/core/openldap/slapd.tmpfiles
new file mode 100644
index 0000000..5f63bd6
--- /dev/null
+++ b/abs/core/openldap/slapd.tmpfiles
@@ -0,0 +1 @@
+D /run/openldap 0750 ldap ldap -