diff --git a/cyrus-imapd-ptclient-canonification_across_multiple_domains.patch b/cyrus-imapd-ptclient-canonification_across_multiple_domains.patch new file mode 100644 index 0000000..e1c843b --- /dev/null +++ b/cyrus-imapd-ptclient-canonification_across_multiple_domains.patch @@ -0,0 +1,64 @@ +diff --git a/ptclient/ldap.c b/ptclient/ldap.c +index 2fc306e..4dc9be1 100644 +--- a/ptclient/ldap.c ++++ b/ptclient/ldap.c +@@ -934,7 +934,58 @@ static int ptsmodule_get_dn( + if (rc != PTSM_OK) + goto done; + +- if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) { ++ if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') == NULL)) { ++ syslog(LOG_DEBUG, "collecting all domains from %s", ptsm->domain_base_dn); ++ ++ snprintf(domain_filter, sizeof(domain_filter), ptsm->domain_filter, "*"); ++ ++ syslog(LOG_DEBUG, "Domain filter: %s", domain_filter); ++ ++ rc = ldap_search_st(ptsm->ld, ptsm->domain_base_dn, ptsm->domain_scope, domain_filter, domain_attrs, 0, &(ptsm->timeout), &res); ++ ++ if (rc != LDAP_SUCCESS) { ++ if (rc == LDAP_SERVER_DOWN) { ++ syslog(LOG_ERR, "LDAP not available: %s", ldap_err2string(rc)); ++ ldap_unbind(ptsm->ld); ++ ptsm->ld = NULL; ++ return PTSM_RETRY; ++ } ++ ++ syslog(LOG_ERR, "LDAP search for domain failed: %s", ldap_err2string(rc)); ++ return PTSM_FAIL; ++ } ++ if (ldap_count_entries(ptsm->ld, res) < 1) { ++ syslog(LOG_ERR, "No domain found"); ++ return PTSM_FAIL; ++ } else if (ldap_count_entries(ptsm->ld, res) >= 1) { ++ int count_matches = 0; ++ char *temp_base = NULL; ++ LDAPMessage *res2; ++ for (entry = ldap_first_entry(ptsm->ld, res); entry != NULL; entry = ldap_next_entry(ptsm->ld, entry)) { ++ if ((vals = ldap_get_values(ptsm->ld, entry, ptsm->domain_name_attribute)) != NULL) { ++ syslog(LOG_DEBUG, "we have a domain %s", vals[0]); ++ ptsmodule_standard_root_dn(vals[0], &temp_base); ++ rc = ldap_search_st(ptsm->ld, temp_base, ptsm->scope, filter, attrs, 0, &(ptsm->timeout), &res2); ++ if (rc == LDAP_SUCCESS && ldap_count_entries(ptsm->ld, res2) == 1) { ++ syslog(LOG_DEBUG, "Found %s in %s", canon_id, temp_base); ++ base = temp_base; ++ count_matches++; ++ } ++ } ++ } ++ ++ if (count_matches > 1) { ++ syslog(LOG_ERR, "LDAP search for %s failed because it matches multiple accounts.", canon_id); ++ return PTSM_FAIL; ++ } else if (count_matches == 0) { ++ syslog(LOG_ERR, "LDAP search for %s failed because it does not match any account in all domains.", canon_id); ++ return PTSM_FAIL; ++ } ++ ++ syslog(LOG_DEBUG, "we have found %s in %s", canon_id, base); ++ } ++ } ++ else if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) { + syslog(LOG_DEBUG, "Attempting to get domain for %s from %s", canon_id, ptsm->domain_base_dn); + + /* Get the base dn to search from domain_base_dn searched on domain_scope with diff --git a/cyrus-imapd.spec b/cyrus-imapd.spec index a5046ec..8fdfc98 100644 --- a/cyrus-imapd.spec +++ b/cyrus-imapd.spec @@ -9,7 +9,7 @@ Name: cyrus-imapd Version: 3.0.7 -Release: 24%{?dist} +Release: 25%{?dist} %define ssl_pem_file_prefix /etc/pki/%name/%name @@ -52,6 +52,8 @@ Patch12: cyrus-imapd-3.0-CVE-2021-33582.patch Patch13: cyrus-squatter-assert-crash.patch # https://github.com/cyrusimap/cyrus-imapd/commit/562ac9d7abd3b928315c7f0672d0f1a8995ca625 Patch14: cyrus-imapd-load-tombstones-for-cleanup.patch +# https://github.com/cyrusimap/cyrus-imapd/commit/ed1a17b09e2e03788852e122f213b88352bc24b9 +Patch15: cyrus-imapd-ptclient-canonification_across_multiple_domains.patch Source10: cyrus-imapd.logrotate Source11: cyrus-imapd.pam-config @@ -689,6 +691,10 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v %changelog +* Sat Jun 22 2024 Martin Osvald - 3.0.7-25 +- ptclient: implement canonification across multiple domains + Resolves: RHEL-10710 + * Mon Jun 13 2022 Martin Osvald - 3.0.7-24 - Resolves: #1911689 - Fatal error when running "squatter -r user" - Resolves: #1941255 - Wait for network-online target