forked from jengelh/openldap2
617ae2b561
- bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh OBS-URL: https://build.opensuse.org/request/show/844183 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=278
43 lines
801 B
Bash
43 lines
801 B
Bash
#!/bin/bash
|
|
|
|
source /usr/lib/openldap/update-crc
|
|
|
|
conf_dir='/etc/openldap/slapd.d'
|
|
tgt_ldif="${conf_dir}/cn=config.ldif"
|
|
if [ ! -d ${conf_dir} ] || [ ! -f ${tgt_ldif} ]
|
|
then
|
|
exit 0
|
|
fi
|
|
|
|
# Make sure slapd.service is not running.
|
|
slapd_running=1
|
|
|
|
# Don't check if no systemd, we could be in a container.
|
|
if [ -f "/usr/bin/systemctl" ]; then
|
|
/usr/bin/systemctl is-active --quiet slapd.service
|
|
slapd_running=$?
|
|
fi
|
|
|
|
if [ $slapd_running -eq 0 ]; then
|
|
echo "Unable to update crc of '${tgt_ldif}' while slapd.service is running ..."
|
|
exit 1
|
|
fi
|
|
|
|
# Remove the module path.
|
|
sed -n -i '/olcModulePath/!p' ${tgt_ldif}
|
|
|
|
res=$?
|
|
|
|
if [ $res -ne 0 ]
|
|
then
|
|
echo "Failed to remove olcModulePath in ${tgt_ldif}"
|
|
exit 1
|
|
else
|
|
do_update_crc ${tgt_ldif}
|
|
echo "Updated crc of ${tgt_ldif}"
|
|
fi
|
|
|
|
|
|
|
|
|