1
0
forked from pool/openldap2
openldap2/fixup-modulepath.sh
Michael Ströder 617ae2b561 Accepting request 844183 from home:firstyear:branches:network:ldap
- bsc#1175568 CVE-2020-8027
  openldap_update_modules_path.sh has a number of issues in it's
  design that lead to security issues. This file has been removed,
  from the package, and the %post execution of the install. The
  function is replaced by /usr/sbin/slapd-ldif-update-crc and
  /usr/lib/openldap/fixup-modulepath, through the addition of the
  source files:
  * fixup-modulepath.sh
  * slapd-ldif-update-crc.sh
  * update-crc.sh

OBS-URL: https://build.opensuse.org/request/show/844183
OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=278
2020-10-27 01:14:55 +00:00

43 lines
801 B
Bash

#!/bin/bash
source /usr/lib/openldap/update-crc
conf_dir='/etc/openldap/slapd.d'
tgt_ldif="${conf_dir}/cn=config.ldif"
if [ ! -d ${conf_dir} ] || [ ! -f ${tgt_ldif} ]
then
exit 0
fi
# Make sure slapd.service is not running.
slapd_running=1
# Don't check if no systemd, we could be in a container.
if [ -f "/usr/bin/systemctl" ]; then
/usr/bin/systemctl is-active --quiet slapd.service
slapd_running=$?
fi
if [ $slapd_running -eq 0 ]; then
echo "Unable to update crc of '${tgt_ldif}' while slapd.service is running ..."
exit 1
fi
# Remove the module path.
sed -n -i '/olcModulePath/!p' ${tgt_ldif}
res=$?
if [ $res -ne 0 ]
then
echo "Failed to remove olcModulePath in ${tgt_ldif}"
exit 1
else
do_update_crc ${tgt_ldif}
echo "Updated crc of ${tgt_ldif}"
fi