diff --git a/0012-ITS8051-sockdnpat.patch b/0012-ITS8051-sockdnpat.patch new file mode 100644 index 0000000..20d0df8 --- /dev/null +++ b/0012-ITS8051-sockdnpat.patch @@ -0,0 +1,128 @@ +From 328612d3370290c7f42ad835e1b0e3189eadef7b Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Wed, 4 Feb 2015 03:53:13 +0000 +Subject: [PATCH] ITS#8051 add DN qualifier + +--- + doc/man/man5/slapd-sock.5 | 5 +++++ + servers/slapd/back-sock/back-sock.h | 2 ++ + servers/slapd/back-sock/config.c | 32 +++++++++++++++++++++++++++++--- + 3 files changed, 36 insertions(+), 3 deletions(-) + +diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5 +index ee8cc919f..1ac4f7fdd 100644 +--- a/doc/man/man5/slapd-sock.5 ++++ b/doc/man/man5/slapd-sock.5 +@@ -58,6 +58,11 @@ Specify which response types to send to the external program. "result" + sends just the results of an operation. "search" sends all entries that + the database returned for a search request. The default is empty + (no responses are sent). ++.TP ++.B sockdnpat ++Specify DN patterns for which the overlay will act. Only operations on ++DNs matching the specified regular expression will be processed. The default ++is empty (all DNs are processed). + + .SH PROTOCOL + The protocol is essentially the same as +diff --git a/servers/slapd/back-sock/back-sock.h b/servers/slapd/back-sock/back-sock.h +index 15495a6bc..7a083a8df 100644 +--- a/servers/slapd/back-sock/back-sock.h ++++ b/servers/slapd/back-sock/back-sock.h +@@ -30,6 +30,8 @@ struct sockinfo { + slap_mask_t si_extensions; + slap_mask_t si_ops; /* overlay: operations to act on */ + slap_mask_t si_resps; /* overlay: responses to forward */ ++ regex_t si_dnpat; /* overlay: DN pattern to match */ ++ struct berval si_dnpatstr; + }; + + #define SOCK_EXT_BINDDN 1 +diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c +index d8ff95ceb..dc3f1365c 100644 +--- a/servers/slapd/back-sock/config.c ++++ b/servers/slapd/back-sock/config.c +@@ -36,11 +36,12 @@ static slap_response sock_over_response; + enum { + BS_EXT = 1, + BS_OPS, +- BS_RESP ++ BS_RESP, ++ BS_DNPAT + }; + + /* The number of overlay-only config attrs */ +-#define NUM_OV_ATTRS 2 ++#define NUM_OV_ATTRS 3 + + static ConfigTable bscfg[] = { + { "sockops", "ops", 2, 0, 0, ARG_MAGIC|BS_OPS, +@@ -53,6 +54,11 @@ static ConfigTable bscfg[] = { + "DESC 'Response types to forward' " + "EQUALITY caseIgnoreMatch " + "SYNTAX OMsDirectoryString )", NULL, NULL }, ++ { "sockdnpat", "regexp", 2, 2, 0, ARG_MAGIC|BS_DNPAT, ++ bs_cf_gen, "( OLcfgDbAt:7.5 NAME 'olcOvSocketDNpat' " ++ "DESC 'DN pattern to match' " ++ "EQUALITY caseIgnoreMatch " ++ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, + + { "socketpath", "pathname", 2, 2, 0, ARG_STRING|ARG_OFFSET, + (void *)offsetof(struct sockinfo, si_sockpath), +@@ -86,7 +92,8 @@ static ConfigOCs osocs[] = { + "SUP olcOverlayConfig " + "MUST olcDbSocketPath " + "MAY ( olcDbSocketExtensions $ " +- " olcOvSocketOps $ olcOvSocketResps ) )", ++ " olcOvSocketOps $ olcOvSocketResps $ " ++ " olcOvSocketDNpat ) )", + Cft_Overlay, bscfg }, + { NULL, 0, NULL } + }; +@@ -150,6 +157,9 @@ bs_cf_gen( ConfigArgs *c ) + return mask_to_verbs( ov_ops, si->si_ops, &c->rvalue_vals ); + case BS_RESP: + return mask_to_verbs( ov_resps, si->si_resps, &c->rvalue_vals ); ++ case BS_DNPAT: ++ value_add_one( &c->rvalue_vals, &si->si_dnpatstr ); ++ return 0; + } + } else if ( c->op == LDAP_MOD_DELETE ) { + switch( c->type ) { +@@ -186,6 +196,11 @@ bs_cf_gen( ConfigArgs *c ) + si->si_resps ^= dels; + } + return rc; ++ case BS_DNPAT: ++ regfree( &si->si_dnpat ); ++ ch_free( si->si_dnpatstr.bv_val ); ++ BER_BVZERO( &si->si_dnpatstr ); ++ return 0; + } + + } else { +@@ -196,6 +211,13 @@ bs_cf_gen( ConfigArgs *c ) + return verbs_to_mask( c->argc, c->argv, ov_ops, &si->si_ops ); + case BS_RESP: + return verbs_to_mask( c->argc, c->argv, ov_resps, &si->si_resps ); ++ case BS_DNPAT: ++ if ( !regcomp( &si->si_dnpat, c->argv[1], REG_EXTENDED|REG_ICASE|REG_NOSUB )) { ++ ber_str2bv( c->argv[1], 0, 1, &si->si_dnpatstr ); ++ return 0; ++ } else { ++ return 1; ++ } + } + } + return 1; +@@ -268,6 +290,10 @@ static int sock_over_op( + if ( !(si->si_ops & sockopflags[which])) + return SLAP_CB_CONTINUE; + ++ if ( !BER_BVISEMPTY( &si->si_dnpatstr ) && ++ regexec( &si->si_dnpat, op->o_req_ndn.bv_val, 0, NULL, 0 )) ++ return SLAP_CB_CONTINUE; ++ + op->o_bd->be_private = si; + sc = op->o_callback; + op->o_callback = NULL; diff --git a/openldap2.changes b/openldap2.changes index e6be3c6..010ef08 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Sep 18 20:45:58 UTC 2017 - michael@stroeder.com + +- added 0012-ITS8051-sockdnpat.patch + ------------------------------------------------------------------- Wed Sep 6 07:58:06 UTC 2017 - michael@stroeder.com diff --git a/openldap2.spec b/openldap2.spec index 0349fc1..3f2f899 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -57,6 +57,7 @@ Patch7: 0007-Recover-on-DB-version-change.dif Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch11: 0011-openldap-re24-its7796.patch +Patch12: 0012-ITS8051-sockdnpat.patch Patch13: 0013-ITS-8692-let-back-sock-generate-increment-line.patch Patch14: 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz @@ -251,6 +252,7 @@ gzip -k %{S:203} %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %patch13 -p1 %patch14 -p1 cp %{SOURCE5} .