[Pkg-openldap-devel] r676 - in openldap/trunk-2.3/debian: . patches
Matthijs Mohlmann
active2-guest at costa.debian.org
Sun Jun 11 12:23:12 UTC 2006
Author: active2-guest
Date: 2006-06-11 12:23:11 +0000 (Sun, 11 Jun 2006)
New Revision: 676
Added:
openldap/trunk-2.3/debian/patches/auditlog-db-init
openldap/trunk-2.3/debian/patches/exop-pass-change-does-not-reset-pwdMustChange
openldap/trunk-2.3/debian/patches/slurpd-with-ldaps-does-not-work
openldap/trunk-2.3/debian/patches/syncrepl-fails-when-rootdn-not-defined
openldap/trunk-2.3/debian/patches/tls-concurrency-issues
Modified:
openldap/trunk-2.3/debian/changelog
openldap/trunk-2.3/debian/patches/series
Log:
* Added patches from Quanah Gibson-Mount.
Modified: openldap/trunk-2.3/debian/changelog
===================================================================
--- openldap/trunk-2.3/debian/changelog 2006-06-08 21:00:45 UTC (rev 675)
+++ openldap/trunk-2.3/debian/changelog 2006-06-11 12:23:11 UTC (rev 676)
@@ -1,9 +1,14 @@
openldap2.3 (2.3.24-2) unstable; urgency=low
* Switch slapd from running as root to running as user.
- * Patches by Quanah Gibson-Mount
- - Patch to fix a lock bug with a virtual root entry in the BDB backend.
- - Patch to fix boolean logic in the overlays.
+ * Patches by Quanah Gibson-Mount <quanah at stanford.edu>
+ - fix a lock bug with a virtual root entry in the BDB backend.
+ - fix boolean logic in the overlays.
+ - fix that slurpd can use ldaps.
+ - fix initialization of auditdb.
+ - fix TLS concurrency issues.
+ - fix exop password change that didn't reset pwdMustChange.
+ - fix syncrepl that fails when no rootdn is defined.
* Add dependency on adduser.
* Specify the PATH variable in the init script. (Closes: #367981)
* Added patch to read config before dropping privileges.
@@ -11,7 +16,7 @@
not work on 2.4 kernels. Added patch that remove the #define in
portable.in (Closes: #369352, #372194)
- -- Matthijs Mohlmann <matthijs at cacholong.nl> Thu, 8 Jun 2006 22:56:05 +0200
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Sun, 11 Jun 2006 14:21:30 +0200
openldap2.3 (2.3.24-1) unstable; urgency=low
Added: openldap/trunk-2.3/debian/patches/auditlog-db-init
===================================================================
--- openldap/trunk-2.3/debian/patches/auditlog-db-init 2006-06-08 21:00:45 UTC (rev 675)
+++ openldap/trunk-2.3/debian/patches/auditlog-db-init 2006-06-11 12:23:11 UTC (rev 676)
@@ -0,0 +1,13 @@
+Index: servers/slapd/overlays/auditlog.c
+===================================================================
+--- servers/slapd/overlays/auditlog.c.orig
++++ servers/slapd/overlays/auditlog.c
+@@ -160,7 +160,7 @@
+ )
+ {
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+- auditlog_data *ad = ch_malloc(sizeof(auditlog_data));
++ auditlog_data *ad = ch_calloc(1, sizeof(auditlog_data));
+
+ on->on_bi.bi_private = ad;
+ ldap_pvt_thread_mutex_init( &ad->ad_mutex );
Added: openldap/trunk-2.3/debian/patches/exop-pass-change-does-not-reset-pwdMustChange
===================================================================
--- openldap/trunk-2.3/debian/patches/exop-pass-change-does-not-reset-pwdMustChange 2006-06-08 21:00:45 UTC (rev 675)
+++ openldap/trunk-2.3/debian/patches/exop-pass-change-does-not-reset-pwdMustChange 2006-06-11 12:23:11 UTC (rev 676)
@@ -0,0 +1,49 @@
+Index: servers/slapd/overlays/ppolicy.c
+===================================================================
+--- servers/slapd/overlays/ppolicy.c.orig
++++ servers/slapd/overlays/ppolicy.c
+@@ -1187,6 +1187,19 @@
+ }
+
+ static int
++ppolicy_mod_cb( Operation *op, SlapReply *rs )
++{
++ slap_callback *sc = op->o_callback;
++ op->o_callback = sc->sc_next;
++ if ( rs->sr_err == LDAP_SUCCESS ) {
++ ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val );
++ BER_BVZERO( &pwcons[op->o_conn->c_conn_idx].dn );
++ }
++ op->o_tmpfree( sc, op->o_tmpmemctx );
++ return SLAP_CB_CONTINUE;
++}
++
++static int
+ ppolicy_modify( Operation *op, SlapReply *rs )
+ {
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+@@ -1583,7 +1596,23 @@
+ struct berval timestamp;
+ char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ time_t now = slap_get_time();
+-
++
++ /* If the conn is restricted, set a callback to clear it
++ * if the pwmod succeeds
++ */
++ if (!BER_BVISEMPTY( &pwcons[op->o_conn->c_conn_idx].dn )) {
++ slap_callback *sc = op->o_tmpcalloc( 1, sizeof( slap_callback ),
++ op->o_tmpmemctx );
++ sc->sc_next = op->o_callback;
++ /* Must use sc_response to insure we reset on success, before
++ * the client sees the response. Must use sc_cleanup to insure
++ * that it gets cleaned up if sc_response is not called.
++ */
++ sc->sc_response = ppolicy_mod_cb;
++ sc->sc_cleanup = ppolicy_mod_cb;
++ op->o_callback = sc;
++ }
++
+ /*
+ * keep the necessary pwd.. operational attributes
+ * up to date.
Modified: openldap/trunk-2.3/debian/patches/series
===================================================================
--- openldap/trunk-2.3/debian/patches/series 2006-06-08 21:00:45 UTC (rev 675)
+++ openldap/trunk-2.3/debian/patches/series 2006-06-11 12:23:11 UTC (rev 676)
@@ -12,3 +12,8 @@
fix-boolean-logic -p0
read-config-before-dropping-privileges -p0
disable-epoll-system-call -p0
+exop-pass-change-does-not-reset-pwdMustChange -p0
+slurpd-with-ldaps-does-not-work -p0
+syncrepl-fails-when-rootdn-not-defined -p0
+tls-concurrency-issues -p0
+auditlog-db-init -p0
Added: openldap/trunk-2.3/debian/patches/slurpd-with-ldaps-does-not-work
===================================================================
--- openldap/trunk-2.3/debian/patches/slurpd-with-ldaps-does-not-work 2006-06-08 21:00:45 UTC (rev 675)
+++ openldap/trunk-2.3/debian/patches/slurpd-with-ldaps-does-not-work 2006-06-11 12:23:11 UTC (rev 676)
@@ -0,0 +1,46 @@
+Index: servers/slapd/bconfig.c
+===================================================================
+--- servers/slapd/bconfig.c.orig
++++ servers/slapd/bconfig.c
+@@ -2458,6 +2458,8 @@
+ nr = add_replica_info(c->be, replicauri, replicahost);
+ break;
+ } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
++ ber_len_t len;
++
+ if ( replicauri ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> replica host/URI already specified", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg, replicauri );
+@@ -2476,11 +2478,28 @@
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
+ return(1);
+ }
++
++ len = strlen(ludp->lud_scheme) + strlen(ludp->lud_host) +
++ STRLENOF("://") + 1;
++ if (ludp->lud_port != LDAP_PORT) {
++ if (ludp->lud_port < 1 || ludp->lud_port > 65535) {
++ ldap_free_urldesc(ludp);
++ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid port",
++ c->argv[0] );
++ Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
++ return(1);
++ }
++ len += STRLENOF(":65535");
++ }
++ replicauri = ch_malloc( len );
++ replicahost = lutil_strcopy( replicauri, ludp->lud_scheme );
++ replicahost = lutil_strcopy( replicauri, "://" );
++ if (ludp->lud_port == LDAP_PORT) {
++ strcpy( replicahost, ludp->lud_host );
++ } else {
++ sprintf( replicahost, "%s:%d",ludp->lud_host,ludp->lud_port );
++ }
+ ldap_free_urldesc(ludp);
+- replicauri = c->argv[i] + STRLENOF("uri=");
+- replicauri = ch_strdup( replicauri );
+- replicahost = strchr( replicauri, '/' );
+- replicahost += 2;
+ nr = add_replica_info(c->be, replicauri, replicahost);
+ break;
+ }
Added: openldap/trunk-2.3/debian/patches/syncrepl-fails-when-rootdn-not-defined
===================================================================
--- openldap/trunk-2.3/debian/patches/syncrepl-fails-when-rootdn-not-defined 2006-06-08 21:00:45 UTC (rev 675)
+++ openldap/trunk-2.3/debian/patches/syncrepl-fails-when-rootdn-not-defined 2006-06-11 12:23:11 UTC (rev 676)
@@ -0,0 +1,21 @@
+Index: servers/slapd/syncrepl.c
+===================================================================
+--- servers/slapd/syncrepl.c.orig
++++ servers/slapd/syncrepl.c
+@@ -3161,8 +3161,14 @@
+ int rc = 0;
+
+ if ( !( c->be->be_search && c->be->be_add && c->be->be_modify && c->be->be_delete ) ) {
+- Debug( LDAP_DEBUG_ANY, "%s: database %s does not support operations "
+- "required for syncrepl\n", c->log, c->be->be_type, 0 );
++ snprintf( c->msg, sizeof(c->msg), "database %s does not support "
++ "operations required for syncrepl", c->be->be_type );
++ Debug( LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
++ return 1;
++ }
++ if ( BER_BVISEMPTY( &c->be->be_rootdn )) {
++ strcpy( c->msg, "rootDN must be defined before syncrepl may be used" );
++ Debug( LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ si = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) );
Added: openldap/trunk-2.3/debian/patches/tls-concurrency-issues
===================================================================
--- openldap/trunk-2.3/debian/patches/tls-concurrency-issues 2006-06-08 21:00:45 UTC (rev 675)
+++ openldap/trunk-2.3/debian/patches/tls-concurrency-issues 2006-06-11 12:23:11 UTC (rev 676)
@@ -0,0 +1,34 @@
+Index: libraries/libldap/tls.c
+===================================================================
+--- libraries/libldap/tls.c.orig
++++ libraries/libldap/tls.c
+@@ -105,6 +105,7 @@
+ */
+
+ static ldap_pvt_thread_mutex_t tls_def_ctx_mutex;
++static ldap_pvt_thread_mutex_t tls_connect_mutex;
+
+ static void tls_init_threads( void )
+ {
+@@ -117,6 +118,7 @@
+ /* FIXME: the thread id should be added somehow... */
+
+ ldap_pvt_thread_mutex_init( &tls_def_ctx_mutex );
++ ldap_pvt_thread_mutex_init( &tls_connect_mutex );
+ }
+ #endif /* LDAP_R_COMPILE */
+
+@@ -855,7 +857,13 @@
+ LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
+ }
+
++#ifdef LDAP_R_COMPILE
++ ldap_pvt_thread_mutex_lock( &tls_connect_mutex );
++#endif
+ err = SSL_accept( ssl );
++#ifdef LDAP_R_COMPILE
++ ldap_pvt_thread_mutex_unlock( &tls_connect_mutex );
++#endif
+
+ #ifdef HAVE_WINSOCK
+ errno = WSAGetLastError();
More information about the Pkg-openldap-devel
mailing list