[Pkg-openldap-devel] r1190 - in openldap/trunk: . build debian debian/patches doc/man/man5 doc/man/man8 include libraries/liblber libraries/libldap libraries/libldap_r servers/slapd servers/slapd/slapi
vorlon at alioth.debian.org
vorlon at alioth.debian.org
Sat Oct 11 08:39:27 UTC 2008
Author: vorlon
Date: 2008-10-11 08:39:27 +0000 (Sat, 11 Oct 2008)
New Revision: 1190
Removed:
openldap/trunk/debian/patches/CVE-2008-2952_BER-decoding-assertion
Modified:
openldap/trunk/build/openldap.m4
openldap/trunk/build/top.mk
openldap/trunk/configure.in
openldap/trunk/debian/changelog
openldap/trunk/debian/patches/series
openldap/trunk/doc/man/man5/slapd-bdb.5
openldap/trunk/doc/man/man5/slapd-config.5
openldap/trunk/doc/man/man5/slapd.conf.5
openldap/trunk/doc/man/man8/slapd.8
openldap/trunk/doc/man/man8/slapindex.8
openldap/trunk/include/ldap.h
openldap/trunk/include/ldap_defaults.h
openldap/trunk/libraries/liblber/Makefile.in
openldap/trunk/libraries/libldap/Makefile.in
openldap/trunk/libraries/libldap/os-ip.c
openldap/trunk/libraries/libldap/tls.c
openldap/trunk/libraries/libldap/util-int.c
openldap/trunk/libraries/libldap_r/Makefile.in
openldap/trunk/servers/slapd/Makefile.in
openldap/trunk/servers/slapd/sasl.c
openldap/trunk/servers/slapd/slapi/slapi_overlay.c
openldap/trunk/servers/slapd/slapindex.c
Log:
drop patch CVE-2008-2952_BER-decoding-assertion, also applied upstream
Modified: openldap/trunk/build/openldap.m4
===================================================================
--- openldap/trunk/build/openldap.m4 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/build/openldap.m4 2008-10-11 08:39:27 UTC (rev 1190)
@@ -1312,3 +1312,54 @@
#endif
], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])])
])
+
+dnl ====================================================================
+dnl check for symbol versioning support
+AC_DEFUN([OL_SYMBOL_VERSIONING],
+[AC_CACHE_CHECK([for .symver assembler directive],
+ [ol_cv_asm_symver_directive],[
+cat > conftest.s <<EOF
+${libc_cv_dot_text}
+_sym:
+.symver _sym,sym at VERS
+EOF
+if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
+ ol_cv_asm_symver_directive=yes
+else
+ ol_cv_asm_symver_directive=no
+fi
+rm -f conftest*])
+AC_CACHE_CHECK([for ld --version-script],
+ [ol_cv_ld_version_script_option],[
+if test $ol_cv_asm_symver_directive = yes; then
+ cat > conftest.s <<EOF
+${libc_cv_dot_text}
+_sym:
+.symver _sym,sym at VERS
+EOF
+ cat > conftest.map <<EOF
+VERS_1 {
+ global: sym;
+};
+
+VERS_2 {
+ global: sym;
+} VERS_1;
+EOF
+ if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
+ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared
+ -o conftest.so conftest.o
+ -Wl,--version-script,conftest.map
+ 1>&AS_MESSAGE_LOG_FD]);
+ then
+ ol_cv_ld_version_script_option=yes
+ else
+ ol_cv_ld_version_script_option=no
+ fi
+ else
+ ol_cv_ld_version_script_option=no
+ fi
+else
+ ol_cv_ld_version_script_option=no
+fi
+rm -f conftest*])])
Modified: openldap/trunk/build/top.mk
===================================================================
--- openldap/trunk/build/top.mk 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/build/top.mk 2008-10-11 08:39:27 UTC (rev 1190)
@@ -103,6 +103,9 @@
# LINK_LIBS referenced in library and module link commands.
LINK_LIBS = $(MOD_LIBS) $(@PLAT at _LINK_LIBS)
+# option to pass to $(CC) to support library symbol versioning, if any
+VERSION_OPTION = @VERSION_OPTION@
+
LTSTATIC = @LTSTATIC@
LTLINK = $(LIBTOOL) --mode=link \
@@ -112,7 +115,7 @@
$(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c
LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \
- $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB)
+ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(VERSION_FLAGS)
LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
$(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
Modified: openldap/trunk/configure.in
===================================================================
--- openldap/trunk/configure.in 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/configure.in 2008-10-11 08:39:27 UTC (rev 1190)
@@ -1863,6 +1863,13 @@
fi
AC_SUBST(LTSTATIC)dnl
+VERSION_OPTION=""
+OL_SYMBOL_VERSIONING
+if test $ol_cv_ld_version_script_option = yes ; then
+ VERSION_OPTION="-Wl,--version-script="
+fi
+AC_SUBST(VERSION_OPTION)
+
dnl ----------------------------------------------------------------
if test $ol_enable_wrappers != no ; then
AC_CHECK_HEADERS(tcpd.h,[
Modified: openldap/trunk/debian/changelog
===================================================================
--- openldap/trunk/debian/changelog 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/debian/changelog 2008-10-11 08:39:27 UTC (rev 1190)
@@ -3,6 +3,8 @@
* New upstream version (closes: #499560).
- Fixes a crash with syncrepl and delcsn (closes: #491066).
- Fix CRL handling with GnuTLS (closes: #498410).
+ - Drop patches no_backend_inter-linking and
+ CVE-2008-2952_BER-decoding-assertion, applied upstream.
[ Russ Allbery ]
* New patch, back-perl-init, which updates the calling conventions
@@ -14,7 +16,6 @@
* Drop the conflict with libldap2, which is not the standard means of
handling symbol conflicts in Debian and which causes serious upgrade
problems from etch. Closes: #487211.
- * Drop patch no_backend_inter-linking, applied upstream.
-- Russ Allbery <rra at debian.org> Fri, 15 Aug 2008 17:11:10 -0700
Deleted: openldap/trunk/debian/patches/CVE-2008-2952_BER-decoding-assertion
===================================================================
--- openldap/trunk/debian/patches/CVE-2008-2952_BER-decoding-assertion 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/debian/patches/CVE-2008-2952_BER-decoding-assertion 2008-10-11 08:39:27 UTC (rev 1190)
@@ -1,40 +0,0 @@
-Patch from upstream CVS
-
-Remote, unauthenticated attackers can cause a denial of service by
-triggering an assertion in the ASN.1 BER decoder. Fix this.
-
-Addresses ITS#5580 / CVE-2008-2952 / Debian bug #488710.
-
---- openldap.orig/libraries/liblber/io.c
-+++ openldap/libraries/liblber/io.c
-@@ -522,14 +522,18 @@
- }
-
- while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
-- (char *)&ber->ber_len + LENSIZE*2 -1) {
-+ (char *)&ber->ber_len + LENSIZE*2) {
- ber_slen_t sblen;
- char buf[sizeof(ber->ber_len)-1];
- ber_len_t tlen = 0;
-
-+ /* The tag & len can be at most 9 bytes; we try to read up to 8 here */
- sock_errset(0);
-- sblen=ber_int_sb_read( sb, ber->ber_rwptr,
-- ((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
-+ sblen=((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr;
-+ /* Trying to read the last len byte of a 9 byte tag+len */
-+ if (sblen<1)
-+ sblen = 1;
-+ sblen=ber_int_sb_read( sb, ber->ber_rwptr, sblen );
- if (sblen<=0) return LBER_DEFAULT;
- ber->ber_rwptr += sblen;
-
-@@ -579,7 +583,7 @@
- int i;
- unsigned char *p = (unsigned char *)ber->ber_ptr;
- int llen = *p++ & 0x7f;
-- if (llen > (int)sizeof(ber_len_t)) {
-+ if (llen > LENSIZE) {
- sock_errset(ERANGE);
- return LBER_DEFAULT;
- }
Modified: openldap/trunk/debian/patches/series
===================================================================
--- openldap/trunk/debian/patches/series 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/debian/patches/series 2008-10-11 08:39:27 UTC (rev 1190)
@@ -9,6 +9,5 @@
libldap-symbol-versions
gnutls-ciphers
getaddrinfo-is-threadsafe
-CVE-2008-2952_BER-decoding-assertion
gnutls-ssf
back-perl-init
Modified: openldap/trunk/doc/man/man5/slapd-bdb.5
===================================================================
--- openldap/trunk/doc/man/man5/slapd-bdb.5 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/doc/man/man5/slapd-bdb.5 2008-10-11 08:39:27 UTC (rev 1190)
@@ -116,7 +116,7 @@
associated indexes live.
A separate directory must be specified for each database.
The default is
-.BR LOCALSTATEDIR/openldap-data .
+.BR LOCALSTATEDIR/lib/ldap .
.TP
.B dirtyread
Allow reads of modified but not yet committed data.
Modified: openldap/trunk/doc/man/man5/slapd-config.5
===================================================================
--- openldap/trunk/doc/man/man5/slapd-config.5 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/doc/man/man5/slapd-config.5 2008-10-11 08:39:27 UTC (rev 1190)
@@ -1855,7 +1855,7 @@
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
-olcDbDirectory: LOCALSTATEDIR/openldap-data
+olcDbDirectory: LOCALSTATEDIR/lib/ldap
# Indices to maintain
olcDbIndex: objectClass eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
Modified: openldap/trunk/doc/man/man5/slapd.conf.5
===================================================================
--- openldap/trunk/doc/man/man5/slapd.conf.5 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/doc/man/man5/slapd.conf.5 2008-10-11 08:39:27 UTC (rev 1190)
@@ -1765,7 +1765,7 @@
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
-directory LOCALSTATEDIR/openldap-data
+directory LOCALSTATEDIR/lib/ldap
# Indices to maintain
index objectClass eq
index cn,sn,mail pres,eq,approx,sub
Modified: openldap/trunk/doc/man/man8/slapd.8
===================================================================
--- openldap/trunk/doc/man/man8/slapd.8 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/doc/man/man8/slapd.8 2008-10-11 08:39:27 UTC (rev 1190)
@@ -5,7 +5,7 @@
.SH NAME
slapd \- Stand-alone LDAP Daemon
.SH SYNOPSIS
-.B LIBEXECDIR/slapd
+.B /usr/sbin/slapd
.B [\-[4|6]]
.B [\-T {acl|add|auth|cat|dn|index|passwd|test}]
.B [\-d debug\-level]
@@ -77,11 +77,10 @@
will not fork or disassociate from the invoking terminal. Some general
operation and status messages are printed for any value of \fIdebug\-level\fP.
\fIdebug\-level\fP is taken as a bit string, with each bit corresponding to a
-different kind of debugging information. See <ldap_log.h> for details.
-Comma-separated arrays of friendly names can be specified to select
-debugging output of the corresponding debugging information.
-All the names recognized by the \fIloglevel\fP directive
-described in \fBslapd.conf\fP(5) are supported.
+different kind of debugging information. Comma-separated arrays of friendly
+names can be specified to select debugging output of the corresponding
+debugging information. All the names recognized by the \fIloglevel\fP
+directive described in \fBslapd.conf\fP(5) are supported.
If \fIdebug\-level\fP is \fB?\fP, a list of installed levels is printed,
and slapd exits.
@@ -263,7 +262,7 @@
.LP
.nf
.ft tt
- LIBEXECDIR/slapd
+ /usr/sbin/slapd
.ft
.fi
.LP
@@ -274,7 +273,7 @@
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -f /var/tmp/slapd.conf -d 255
+ /usr/sbin/slapd -f /var/tmp/slapd.conf -d 255
.ft
.fi
.LP
@@ -282,7 +281,7 @@
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -Tt
+ /usr/sbin/slapd -Tt
.ft
.fi
.LP
Modified: openldap/trunk/doc/man/man8/slapindex.8
===================================================================
--- openldap/trunk/doc/man/man8/slapindex.8 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/doc/man/man8/slapindex.8 2008-10-11 08:39:27 UTC (rev 1190)
@@ -131,6 +131,10 @@
should not be running (at least, not in read-write
mode) when you do this to ensure consistency of the database.
.LP
+slapindex ought to be run as the user specified for
+.BR slapd (8)
+to ensure correct database permissions.
+.LP
This command provides ample opportunity for the user to obtain
and drink their favorite beverage.
.SH EXAMPLES
Modified: openldap/trunk/include/ldap.h
===================================================================
--- openldap/trunk/include/ldap.h 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/include/ldap.h 2008-10-11 08:39:27 UTC (rev 1190)
@@ -2359,5 +2359,25 @@
int iscritical,
LDAPControl **ctrlp ));
+/*
+ * hacks for NTLM
+ */
+#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
+#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
+LDAP_F( int )
+ldap_ntlm_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+LDAP_F( int )
+ldap_parse_ntlm_bind_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge));
+
LDAP_END_DECL
#endif /* _LDAP_H */
Modified: openldap/trunk/include/ldap_defaults.h
===================================================================
--- openldap/trunk/include/ldap_defaults.h 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/include/ldap_defaults.h 2008-10-11 08:39:27 UTC (rev 1190)
@@ -39,7 +39,7 @@
#define LDAP_ENV_PREFIX "LDAP"
/* default ldapi:// socket */
-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"
+#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "slapd" LDAP_DIRSEP "ldapi"
/*
* SLAPD DEFINITIONS
@@ -47,7 +47,7 @@
/* location of the default slapd config file */
#define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf"
#define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d"
-#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data"
+#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "ldap"
#define SLAPD_DEFAULT_DB_MODE 0600
#define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP "ucdata"
/* default max deref depth for aliases */
@@ -63,4 +63,6 @@
/* dn of the default "monitor" subentry */
#define SLAPD_MONITOR_DN "cn=Monitor"
+#define SASL_CONFIGPATH LDAP_SYSCONFDIR LDAP_DIRSEP "sasl2"
+
#endif /* _LDAP_CONFIG_H */
Modified: openldap/trunk/libraries/liblber/Makefile.in
===================================================================
--- openldap/trunk/libraries/liblber/Makefile.in 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/libraries/liblber/Makefile.in 2008-10-11 08:39:27 UTC (rev 1190)
@@ -38,6 +38,9 @@
XXLIBS =
NT_LINK_LIBS = $(AC_LIBS)
UNIX_LINK_LIBS = $(AC_LIBS)
+ifneq (,$(VERSION_OPTION))
+ VERSION_FLAGS = "$(VERSION_OPTION)$(srcdir)/liblber.map"
+endif
dtest: $(XLIBS) dtest.o
$(LTLINK) -o $@ dtest.o $(LIBS)
Modified: openldap/trunk/libraries/libldap/Makefile.in
===================================================================
--- openldap/trunk/libraries/libldap/Makefile.in 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/libraries/libldap/Makefile.in 2008-10-11 08:39:27 UTC (rev 1190)
@@ -26,7 +26,7 @@
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
init.c options.c print.c string.c util-int.c schema.c \
charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
+ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \
assertion.c
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
@@ -38,7 +38,7 @@
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
init.lo options.lo print.lo string.lo util-int.lo schema.lo \
charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
+ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \
assertion.lo
LDAP_INCDIR= ../../include
@@ -50,6 +50,9 @@
XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+ifneq (,$(VERSION_OPTION))
+ VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map
+endif
apitest: $(XLIBS) apitest.o
$(LTLINK) -o $@ apitest.o $(LIBS)
Modified: openldap/trunk/libraries/libldap/os-ip.c
===================================================================
--- openldap/trunk/libraries/libldap/os-ip.c 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/libraries/libldap/os-ip.c 2008-10-11 08:39:27 UTC (rev 1190)
@@ -477,17 +477,8 @@
hints.ai_socktype = socktype;
snprintf(serv, sizeof serv, "%d", port );
-#ifdef LDAP_R_COMPILE
- /* most getaddrinfo(3) use non-threadsafe resolver libraries */
- ldap_pvt_thread_mutex_lock(&ldap_int_resolv_mutex);
-#endif
-
err = getaddrinfo( host, serv, &hints, &res );
-#ifdef LDAP_R_COMPILE
- ldap_pvt_thread_mutex_unlock(&ldap_int_resolv_mutex);
-#endif
-
if ( err != 0 ) {
osip_debug(ld, "ldap_connect_to_host: getaddrinfo failed: %s\n",
AC_GAI_STRERROR(err), 0, 0);
Modified: openldap/trunk/libraries/libldap/tls.c
===================================================================
--- openldap/trunk/libraries/libldap/tls.c 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/libraries/libldap/tls.c 2008-10-11 08:39:27 UTC (rev 1190)
@@ -300,6 +300,7 @@
for (i=0; i<n_ciphers; i++) {
if ( !strncasecmp( ciphers[i].name, ptr, len )) {
num++;
+ ptr = end + 1;
break;
}
}
@@ -331,6 +332,7 @@
* only appear once in each list.
*/
if ( !strncasecmp( ciphers[i].name, ptr, len )) {
+ ptr = end + 1;
for (j=0; j<nkx; j++)
if ( kx[j] == ciphers[i].kx )
break;
Modified: openldap/trunk/libraries/libldap/util-int.c
===================================================================
--- openldap/trunk/libraries/libldap/util-int.c 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/libraries/libldap/util-int.c 2008-10-11 08:39:27 UTC (rev 1190)
@@ -224,13 +224,7 @@
int rc;
#if defined( HAVE_GETNAMEINFO )
-#if defined( LDAP_R_COMPILE )
- ldap_pvt_thread_mutex_lock( &ldap_int_resolv_mutex );
-#endif
rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 );
-#if defined( LDAP_R_COMPILE )
- ldap_pvt_thread_mutex_unlock( &ldap_int_resolv_mutex );
-#endif
if ( rc ) *err = (char *)AC_GAI_STRERROR( rc );
return rc;
Modified: openldap/trunk/libraries/libldap_r/Makefile.in
===================================================================
--- openldap/trunk/libraries/libldap_r/Makefile.in 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/libraries/libldap_r/Makefile.in 2008-10-11 08:39:27 UTC (rev 1190)
@@ -28,7 +28,7 @@
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
init.c options.c print.c string.c util-int.c schema.c \
charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
+ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \
assertion.c
SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \
thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \
@@ -45,7 +45,7 @@
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
init.lo options.lo print.lo string.lo util-int.lo schema.lo \
charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
+ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \
assertion.lo
LDAP_INCDIR= ../../include
@@ -59,6 +59,9 @@
XXXLIBS = $(LTHREAD_LIBS)
NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS)
+ifneq (,$(VERSION_OPTION))
+ VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map"
+endif
.links : Makefile
@for i in $(XXSRCS); do \
Modified: openldap/trunk/servers/slapd/Makefile.in
===================================================================
--- openldap/trunk/servers/slapd/Makefile.in 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/servers/slapd/Makefile.in 2008-10-11 08:39:27 UTC (rev 1190)
@@ -430,9 +430,9 @@
install-db-config: FORCE
@-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir)
- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data
+ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/ldap
$(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example
+ $(DESTDIR)$(localstatedir)/lib/ldap/DB_CONFIG.example
$(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
$(DESTDIR)$(sysconfdir)/DB_CONFIG.example
Modified: openldap/trunk/servers/slapd/sasl.c
===================================================================
--- openldap/trunk/servers/slapd/sasl.c 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/servers/slapd/sasl.c 2008-10-11 08:39:27 UTC (rev 1190)
@@ -1071,12 +1071,38 @@
};
#endif
+static int
+slap_sasl_getconfpath( void * context, char ** path )
+{
+ char * sasl_default_configpath;
+ size_t len;
+
+#if SASL_VERSION_MAJOR >= 2
+ sasl_default_configpath = "/usr/lib/sasl2";
+#else
+ sasl_default_configpath = "/usr/lib/sasl";
+#endif
+
+ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ +
+ strlen(sasl_default_configpath) + 1 /* \0 */;
+ *path = malloc( len );
+ if ( *path == NULL )
+ return SASL_FAIL;
+
+ if (snprintf( *path, len, "%s:%s", SASL_CONFIGPATH,
+ sasl_default_configpath ) != len-1 )
+ return SASL_FAIL;
+
+ return SASL_OK;
+}
+
int slap_sasl_init( void )
{
#ifdef HAVE_CYRUS_SASL
int rc;
static sasl_callback_t server_callbacks[] = {
{ SASL_CB_LOG, &slap_sasl_log, NULL },
+ { SASL_CB_GETCONFPATH, &slap_sasl_getconfpath, NULL },
{ SASL_CB_LIST_END, NULL, NULL }
};
#endif
Modified: openldap/trunk/servers/slapd/slapi/slapi_overlay.c
===================================================================
--- openldap/trunk/servers/slapd/slapi/slapi_overlay.c 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/servers/slapd/slapi/slapi_overlay.c 2008-10-11 08:39:27 UTC (rev 1190)
@@ -927,7 +927,7 @@
ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex );
if ( slapi_log_file == NULL )
- slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "errors" );
+ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "log" LDAP_DIRSEP "slapi-errors" );
rc = slapi_int_init_object_extensions();
if ( rc != 0 )
Modified: openldap/trunk/servers/slapd/slapindex.c
===================================================================
--- openldap/trunk/servers/slapd/slapindex.c 2008-10-11 08:37:53 UTC (rev 1189)
+++ openldap/trunk/servers/slapd/slapindex.c 2008-10-11 08:39:27 UTC (rev 1190)
@@ -34,6 +34,8 @@
int
slapindex( int argc, char **argv )
{
+ if (geteuid() == 0)
+ fprintf( stderr, "\nWARNING!\nRunnig as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n");
ID id;
int rc = EXIT_SUCCESS;
const char *progname = "slapindex";
More information about the Pkg-openldap-devel
mailing list