SHA256
1
0
forked from pool/openldap2

Accepting request 660269 from network:ldap

OBS-URL: https://build.opensuse.org/request/show/660269
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openldap2?expand=0&rev=143
This commit is contained in:
Dominique Leuenberger 2018-12-24 10:35:45 +00:00 committed by Git OBS Bridge
commit 598a8dd531
7 changed files with 40 additions and 412 deletions

View File

@ -1,33 +0,0 @@
From a7a37111026ccb9fddfeedc22606b80d8d75557f Mon Sep 17 00:00:00 2001
From: Cristian Rodriguez <cristian.rodriguez@opensuse.org>
Date: Tue, 5 Oct 2010 13:59:40 +0200
Subject: No Build date and time in binaries
This avoids build-compare failures and unhelpful rebuilds/republishes in
the openSUSE buildservice.
diff --git a/build/mkversion b/build/mkversion
index 3fd9565..dd9a998 100755
--- a/build/mkversion
+++ b/build/mkversion
@@ -50,7 +50,7 @@ if test $# != 1 ; then
fi
APPLICATION=$1
-WHOWHERE="$USER@`uname -n`:`pwd`"
+WHOWHERE="opensuse-buildservice@opensuse.org"
cat << __EOF__
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
@@ -72,7 +72,7 @@ static const char copyright[] =
"COPYING RESTRICTIONS APPLY\n";
$static $const char $SYMBOL[] =
-"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n"
+"@(#) \$$PACKAGE: $APPLICATION $VERSION \$\n"
"\t$WHOWHERE\n";
__EOF__
--
1.7.10.4

View File

@ -1,128 +0,0 @@
From 328612d3370290c7f42ad835e1b0e3189eadef7b Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 4 Feb 2015 03:53:13 +0000
Subject: [PATCH] ITS#8051 add DN qualifier
---
doc/man/man5/slapd-sock.5 | 5 +++++
servers/slapd/back-sock/back-sock.h | 2 ++
servers/slapd/back-sock/config.c | 32 +++++++++++++++++++++++++++++---
3 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5
index ee8cc919f..1ac4f7fdd 100644
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -58,6 +58,11 @@ Specify which response types to send to the external program. "result"
sends just the results of an operation. "search" sends all entries that
the database returned for a search request. The default is empty
(no responses are sent).
+.TP
+.B sockdnpat <regexp>
+Specify DN patterns for which the overlay will act. Only operations on
+DNs matching the specified regular expression will be processed. The default
+is empty (all DNs are processed).
.SH PROTOCOL
The protocol is essentially the same as
diff --git a/servers/slapd/back-sock/back-sock.h b/servers/slapd/back-sock/back-sock.h
index 15495a6bc..7a083a8df 100644
--- a/servers/slapd/back-sock/back-sock.h
+++ b/servers/slapd/back-sock/back-sock.h
@@ -30,6 +30,8 @@ struct sockinfo {
slap_mask_t si_extensions;
slap_mask_t si_ops; /* overlay: operations to act on */
slap_mask_t si_resps; /* overlay: responses to forward */
+ regex_t si_dnpat; /* overlay: DN pattern to match */
+ struct berval si_dnpatstr;
};
#define SOCK_EXT_BINDDN 1
diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c
index d8ff95ceb..dc3f1365c 100644
--- a/servers/slapd/back-sock/config.c
+++ b/servers/slapd/back-sock/config.c
@@ -36,11 +36,12 @@ static slap_response sock_over_response;
enum {
BS_EXT = 1,
BS_OPS,
- BS_RESP
+ BS_RESP,
+ BS_DNPAT
};
/* The number of overlay-only config attrs */
-#define NUM_OV_ATTRS 2
+#define NUM_OV_ATTRS 3
static ConfigTable bscfg[] = {
{ "sockops", "ops", 2, 0, 0, ARG_MAGIC|BS_OPS,
@@ -53,6 +54,11 @@ static ConfigTable bscfg[] = {
"DESC 'Response types to forward' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "sockdnpat", "regexp", 2, 2, 0, ARG_MAGIC|BS_DNPAT,
+ bs_cf_gen, "( OLcfgDbAt:7.5 NAME 'olcOvSocketDNpat' "
+ "DESC 'DN pattern to match' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "socketpath", "pathname", 2, 2, 0, ARG_STRING|ARG_OFFSET,
(void *)offsetof(struct sockinfo, si_sockpath),
@@ -86,7 +92,8 @@ static ConfigOCs osocs[] = {
"SUP olcOverlayConfig "
"MUST olcDbSocketPath "
"MAY ( olcDbSocketExtensions $ "
- " olcOvSocketOps $ olcOvSocketResps ) )",
+ " olcOvSocketOps $ olcOvSocketResps $ "
+ " olcOvSocketDNpat ) )",
Cft_Overlay, bscfg },
{ NULL, 0, NULL }
};
@@ -150,6 +157,9 @@ bs_cf_gen( ConfigArgs *c )
return mask_to_verbs( ov_ops, si->si_ops, &c->rvalue_vals );
case BS_RESP:
return mask_to_verbs( ov_resps, si->si_resps, &c->rvalue_vals );
+ case BS_DNPAT:
+ value_add_one( &c->rvalue_vals, &si->si_dnpatstr );
+ return 0;
}
} else if ( c->op == LDAP_MOD_DELETE ) {
switch( c->type ) {
@@ -186,6 +196,11 @@ bs_cf_gen( ConfigArgs *c )
si->si_resps ^= dels;
}
return rc;
+ case BS_DNPAT:
+ regfree( &si->si_dnpat );
+ ch_free( si->si_dnpatstr.bv_val );
+ BER_BVZERO( &si->si_dnpatstr );
+ return 0;
}
} else {
@@ -196,6 +211,13 @@ bs_cf_gen( ConfigArgs *c )
return verbs_to_mask( c->argc, c->argv, ov_ops, &si->si_ops );
case BS_RESP:
return verbs_to_mask( c->argc, c->argv, ov_resps, &si->si_resps );
+ case BS_DNPAT:
+ if ( !regcomp( &si->si_dnpat, c->argv[1], REG_EXTENDED|REG_ICASE|REG_NOSUB )) {
+ ber_str2bv( c->argv[1], 0, 1, &si->si_dnpatstr );
+ return 0;
+ } else {
+ return 1;
+ }
}
}
return 1;
@@ -268,6 +290,10 @@ static int sock_over_op(
if ( !(si->si_ops & sockopflags[which]))
return SLAP_CB_CONTINUE;
+ if ( !BER_BVISEMPTY( &si->si_dnpatstr ) &&
+ regexec( &si->si_dnpat, op->o_req_ndn.bv_val, 0, NULL, 0 ))
+ return SLAP_CB_CONTINUE;
+
op->o_bd->be_private = si;
sc = op->o_callback;
op->o_callback = NULL;

View File

@ -1,241 +0,0 @@
diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5
index 1ac4f7fdd..903155fa4 100644
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -49,7 +49,7 @@ be sent and from which replies are received.
When used as an overlay, these additional directives are defined:
.TP
-.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete ]*
+.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete | extended ]*
Specify which request types to send to the external program. The default is
empty (no requests are sent).
.TP
@@ -115,6 +115,17 @@ dn: <DN>
.PP
.RS
.nf
+EXTENDED
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+oid: <OID>
+value: <base64-value>
+<blank line>
+.fi
+.RE
+.PP
+.RS
+.nf
MODIFY
msgid: <message id>
<repeat { "suffix:" <database suffix DN> }>
@@ -213,6 +224,11 @@ msgid: <message id>
.fi
.RE
+.SH KNOWN LIMITATIONS
+The
+.B sock
+backend does not process extended operation results from an external program.
+
.SH ACCESS CONTROL
The
.B sock
@@ -292,6 +308,11 @@ access to the
pseudo_attribute of the searchBase;
.B search (=s)
access to the attributes and values used in the filter is not checked.
+.LP
+The
+.B extended
+operation does not require any access special rights.
+The external program has to implement any sort of access control.
.SH EXAMPLE
There is an example script in the slapd/back\-sock/ directory
diff --git a/servers/slapd/back-sock/Makefile.in b/servers/slapd/back-sock/Makefile.in
index 3e527e545..efb916246 100644
--- a/servers/slapd/back-sock/Makefile.in
+++ b/servers/slapd/back-sock/Makefile.in
@@ -18,9 +18,9 @@
## in OpenLDAP Software.
SRCS = init.c config.c opensock.c search.c bind.c unbind.c add.c \
- delete.c modify.c modrdn.c compare.c result.c
+ delete.c modify.c modrdn.c compare.c result.c extended.c
OBJS = init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.lo \
- delete.lo modify.lo modrdn.lo compare.lo result.lo
+ delete.lo modify.lo modrdn.lo compare.lo result.lo extended.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c
index dc3f1365c..2dcf68bf6 100644
--- a/servers/slapd/back-sock/config.c
+++ b/servers/slapd/back-sock/config.c
@@ -106,6 +106,7 @@ static ConfigOCs osocs[] = {
#define SOCK_OP_MODRDN 0x020
#define SOCK_OP_ADD 0x040
#define SOCK_OP_DELETE 0x080
+#define SOCK_OP_EXTENDED 0x100
#define SOCK_REP_RESULT 0x001
#define SOCK_REP_SEARCH 0x002
@@ -127,6 +128,7 @@ static slap_verbmasks ov_ops[] = {
{ BER_BVC("modrdn"), SOCK_OP_MODRDN },
{ BER_BVC("add"), SOCK_OP_ADD },
{ BER_BVC("delete"), SOCK_OP_DELETE },
+ { BER_BVC("extended"), SOCK_OP_EXTENDED },
{ BER_BVNULL, 0 }
};
@@ -249,7 +251,9 @@ static BI_op_bind *sockfuncs[] = {
sock_back_modify,
sock_back_modrdn,
sock_back_add,
- sock_back_delete
+ sock_back_delete,
+ 0, /* abandon not supported */
+ sock_back_extended
};
static const int sockopflags[] = {
@@ -260,7 +264,9 @@ static const int sockopflags[] = {
SOCK_OP_MODIFY,
SOCK_OP_MODRDN,
SOCK_OP_ADD,
- SOCK_OP_DELETE
+ SOCK_OP_DELETE,
+ 0, /* abandon not supported */
+ SOCK_OP_EXTENDED
};
static int sock_over_op(
@@ -283,6 +289,7 @@ static int sock_over_op(
case LDAP_REQ_MODRDN: which = op_modrdn; break;
case LDAP_REQ_ADD: which = op_add; break;
case LDAP_REQ_DELETE: which = op_delete; break;
+ case LDAP_REQ_EXTENDED: which = op_extended; break;
default:
return SLAP_CB_CONTINUE;
}
@@ -365,6 +372,7 @@ sock_over_setup()
sockover.on_bi.bi_op_modrdn = sock_over_op;
sockover.on_bi.bi_op_add = sock_over_op;
sockover.on_bi.bi_op_delete = sock_over_op;
+ sockover.on_bi.bi_extended = sock_over_op;
sockover.on_response = sock_over_response;
sockover.on_bi.bi_cf_ocs = osocs;
diff --git a/servers/slapd/back-sock/extended.c b/servers/slapd/back-sock/extended.c
new file mode 100644
index 000000000..dfe56b32b
--- /dev/null
+++ b/servers/slapd/back-sock/extended.c
@@ -0,0 +1,80 @@
+/* extended.c - sock backend extended routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2000-2017 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "back-sock.h"
+
+#include "lutil.h"
+
+int
+sock_back_extended( Operation *op, SlapReply *rs )
+{
+ int rc;
+ struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private;
+ FILE *fp;
+ struct berval b64;
+
+ Debug( LDAP_DEBUG_ARGS, "==> sock_back_extended(%s)\n",
+ op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
+
+ if ( (fp = opensock( si->si_sockpath )) == NULL ) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "could not open socket" );
+ return( -1 );
+ }
+
+ /* write out the request to the extended process */
+ fprintf( fp, "EXTENDED\n" );
+ fprintf( fp, "msgid: %ld\n", (long) op->o_msgid );
+ sock_print_conn( fp, op->o_conn, si );
+ sock_print_suffixes( fp, op->o_bd );
+ fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val );
+
+ if (op->ore_reqdata) {
+
+ b64.bv_len = LUTIL_BASE64_ENCODE_LEN( op->ore_reqdata->bv_len ) + 1;
+ b64.bv_val = ber_memalloc( b64.bv_len + 1 );
+
+ if( b64.bv_val == NULL ) {
+ return LUTIL_PASSWD_ERR;
+ }
+
+ rc = lutil_b64_ntop(
+ (unsigned char *) op->ore_reqdata->bv_val, op->ore_reqdata->bv_len,
+ b64.bv_val, b64.bv_len );
+
+ b64.bv_len = rc;
+ assert( strlen(b64.bv_val) == b64.bv_len );
+
+ fprintf( fp, "value: %s\n", b64.bv_val );
+
+ ber_memfree( b64.bv_val );
+
+ }
+
+ fprintf( fp, "\n" );
+
+ /* read in the results and send them along */
+ rc = sock_read_and_send_results( op, rs, fp );
+ fclose( fp );
+
+ return( rc );
+}
diff --git a/servers/slapd/back-sock/init.c b/servers/slapd/back-sock/init.c
index dcfe61a44..92e68782f 100644
--- a/servers/slapd/back-sock/init.c
+++ b/servers/slapd/back-sock/init.c
@@ -53,7 +53,7 @@ sock_back_initialize(
bi->bi_op_delete = sock_back_delete;
bi->bi_op_abandon = 0;
- bi->bi_extended = 0;
+ bi->bi_extended = sock_back_extended;
bi->bi_chk_referrals = 0;
diff --git a/servers/slapd/back-sock/proto-sock.h b/servers/slapd/back-sock/proto-sock.h
index fa02ab896..8b3b5f3ef 100644
--- a/servers/slapd/back-sock/proto-sock.h
+++ b/servers/slapd/back-sock/proto-sock.h
@@ -40,6 +40,8 @@ extern BI_op_modrdn sock_back_modrdn;
extern BI_op_add sock_back_add;
extern BI_op_delete sock_back_delete;
+extern BI_op_extended sock_back_extended;
+
extern int sock_back_init_cf( BackendInfo *bi );
LDAP_END_DECL

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9a90dcb86b99ae790ccab93b7585a31fbcbeec8c94bf0f7ab0ca0a87ea0c4b2d
size 5700204

3
openldap-2.4.47.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f54c5877865233d9ada77c60c0f69b3e0bfd8b1b55889504c650047cc305520b
size 5699678

View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Thu Dec 20 09:35:55 UTC 2018 - Michael Ströder <michael@stroeder.com>
- Update to upstream release 2.4.47
- Removed obsolete patches:
* 0006-No-Build-date-and-time-in-binaries.dif
(upstream now uses SOURCE_DATE_EPOCH for reproducable builds)
* 0012-ITS8051-sockdnpat.patch
* 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
OpenLDAP 2.4.47 Release (2018/12/19)
Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
Added slapd-sock ability to send extended operations to external listeners (ITS#8714)
Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752)
Fixed libldap dn to domain parsing with bad input (ITS#8842)
Fixed slapd slapcat to correctly honor -g option (ITS#8667)
Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923)
Fixed slapd to check status of rdnNormalize (ITS#8932)
Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616)
Fixed slapd sasl authz-policy "all" behavior (ITS#8909)
Fixed slapd sasl minor typo (ITS#8918)
Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912)
Fixed slapd domainScope control to match Microsoft specification (ITS#8840)
Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868)
Fixed slapo-accesslog deadlock during cleanup (ITS#8752)
Fixed slapo-memberof cn=config modifications (ITS#8663)
Fixed slapo-ppolicy with multimaster replication (ITS#8927)
Fixed slapo-syncprov with NULL modlist (ITS#8843)
Build Environment
Added slapd reproducible build support (ITS#8928)
Fixed missing includes with OpenSSL 1.0.2 (ITS#8809)
Contrib
Fixed slapo-pbkdf2 hash generation (ITS#8878)
Documentation
admin24 fixed minor typo (ITS#8887)
-------------------------------------------------------------------
Thu Nov 22 16:03:22 UTC 2018 - Jan Engelhardt <jengelh@inai.de>

View File

@ -22,7 +22,7 @@
%endif
%define run_test_suite 0
%define version_main 2.4.46
%define version_main 2.4.47
%if %{suse_version} >= 1310 && %{suse_version} != 1315
%define _rundir /run/slapd
@ -60,13 +60,10 @@ Source18: openldap2.conf
Patch1: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
Patch3: 0003-LDAPI-socket-location.dif
Patch5: 0005-pie-compile.dif
Patch6: 0006-No-Build-date-and-time-in-binaries.dif
Patch7: 0007-Recover-on-DB-version-change.dif
Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
Patch11: 0011-openldap-re24-its7796.patch
Patch12: 0012-ITS8051-sockdnpat.patch
Patch14: 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
Patch15: openldap-r-only.dif
Patch16: 0016-Clear-shared-key-only-in-close-function.patch
Patch17: 0017-Fix-segfault-in-nops.patch
@ -260,13 +257,10 @@ gzip -k %{S:203}
%patch1 -p1
%patch3 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch11 -p1
%patch12 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1