rpms/nss-pam-ldapd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

New upstream release 0.7.16; adjust patches accordingly

Browse Source
This commit is contained in:
Jakub Hrozek 2012-04-28 21:47:50 +02:00
parent 0d57b84aa6
commit 1e1125adb4
4 changed files with 82 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
nss-pam-ldapd-0.7.x-dnssrv.patch
View File

@ -1,17 +1,6 @@
Parts of the upstream patch, adapted, plus a fix for a typo.
commit e36a4270122f690927d17f06259ce5a9308cd1eb
Author: arthur <arthur@ef36b2f9-881f-0410-afb5-c4e39611909c>
Date: Wed Aug 24 18:51:55 2011 +0000
support querying DNS SRV records from a different domain than the current one (based on a patch by James M. Leddy)
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1513 ef36b2f9-881f-0410-afb5-c4e39611909c
diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index 6c0f9e3..51869f4 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
diff -up ./man/nslcd.conf.5.xml.dnssrv ./man/nslcd.conf.5.xml
--- ./man/nslcd.conf.5.xml.dnssrv 2012-04-28 21:22:26.327729809 +0200
+++ ./man/nslcd.conf.5.xml 2012-04-28 21:22:26.330729794 +0200
@@ -127,9 +127,14 @@
<acronym>LDAP</acronym> over <acronym>TCP</acronym>,
<acronym>ICP</acronym> or <acronym>SSL</acronym> respectively (if
@ -27,28 +16,27 @@ index 6c0f9e3..51869f4 100644
</para>
<para>
When using the ldapi scheme, %2f should be used to escape slashes
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index fee3286..ac354c0 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -184,13 +184,13 @@ static const char *cfg_getdomainname(const char *filename,int lnr)
diff -up ./nslcd/cfg.c.dnssrv ./nslcd/cfg.c
--- ./nslcd/cfg.c.dnssrv 2012-04-28 21:22:26.326729814 +0200
+++ ./nslcd/cfg.c 2012-04-28 21:22:26.330729794 +0200
@@ -224,13 +224,13 @@ static char *cfg_getdomainname(const cha
/* add URIs by doing DNS queries for SRV records */
static void add_uris_from_dns(const char *filename,int lnr,
- struct ldap_config *cfg)
+ struct ldap_config *cfg,
+ const char *domain)
+ char *domain)
{
int ret=0;
int rc;
- char *domain;
char *hostlist=NULL,*nxt;
char buf[HOST_NAME_MAX+sizeof("ldap://")];
- domain=cfg_getdomainname(filename,lnr);
+ log_log(LOG_DEBUG,"query %s for SRV records",domain);
ret=ldap_domain2hostlist(domain,&hostlist);
/* FIXME: have better error handling */
if ((hostlist==NULL)||(*hostlist=='\0'))
@@ -856,7 +856,16 @@ static void cfg_read(const char *filename,struct ldap_config *cfg)
rc=ldap_domain2hostlist(domain,&hostlist);
if (rc!=LDAP_SUCCESS)
{
@@ -848,7 +848,16 @@ static void cfg_read(const char *filenam
if (strcasecmp(token,"dns")==0)
{
#ifdef HAVE_LDAP_DOMAIN2HOSTLIST

16
nss-pam-ldapd-0.7.x-epipe.patch
View File

@ -1,6 +1,6 @@
diff -up nss-pam-ldapd-0.7.15/common/tio.c.epipe nss-pam-ldapd-0.7.15/common/tio.c
--- nss-pam-ldapd-0.7.15/common/tio.c.epipe 2010-09-24 09:07:17.000000000 +0200
+++ nss-pam-ldapd-0.7.15/common/tio.c 2012-03-15 11:39:00.945065541 +0100
+++ nss-pam-ldapd-0.7.15/common/tio.c 2012-03-15 12:21:06.776678846 +0100
@@ -2,7 +2,7 @@
tio.c - timed io functions
This file is part of the nss-pam-ldapd library.
@ -84,7 +84,7 @@ diff -up nss-pam-ldapd-0.7.15/common/tio.c.epipe nss-pam-ldapd-0.7.15/common/tio
/* the caller has assured us that we can write to the file descriptor
diff -up nss-pam-ldapd-0.7.15/common/tio.h.epipe nss-pam-ldapd-0.7.15/common/tio.h
--- nss-pam-ldapd-0.7.15/common/tio.h.epipe 2010-09-24 09:07:17.000000000 +0200
+++ nss-pam-ldapd-0.7.15/common/tio.h 2012-03-15 11:39:00.945065541 +0100
+++ nss-pam-ldapd-0.7.15/common/tio.h 2012-03-15 12:21:06.776678846 +0100
@@ -2,7 +2,7 @@
tio.h - timed io functions
This file is part of the nss-pam-ldapd library.
@ -107,7 +107,7 @@ diff -up nss-pam-ldapd-0.7.15/common/tio.h.epipe nss-pam-ldapd-0.7.15/common/tio
/* Write the specified buffer to the stream. */
diff -up nss-pam-ldapd-0.7.15/nss/common.h.epipe nss-pam-ldapd-0.7.15/nss/common.h
--- nss-pam-ldapd-0.7.15/nss/common.h.epipe 2010-09-24 09:07:18.000000000 +0200
+++ nss-pam-ldapd-0.7.15/nss/common.h 2012-03-15 11:40:13.106390324 +0100
+++ nss-pam-ldapd-0.7.15/nss/common.h 2012-03-15 12:21:41.347451558 +0100
@@ -2,7 +2,7 @@
common.h - common functions for NSS lookups
@ -117,15 +117,19 @@ diff -up nss-pam-ldapd-0.7.15/nss/common.h.epipe nss-pam-ldapd-0.7.15/nss/common
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -98,6 +98,7 @@
@@ -97,8 +97,10 @@
READ_RESPONSE_CODE(fp); \
retv=readfn; \
/* close socket and we're done */ \
if ((retv==NSS_STATUS_SUCCESS)||(retv==NSS_STATUS_TRYAGAIN)) \
- if ((retv==NSS_STATUS_SUCCESS)||(retv==NSS_STATUS_TRYAGAIN)) \
+ if ((retv==NSS_STATUS_SUCCESS)||(retv==NSS_STATUS_TRYAGAIN)) { \
+ (void)tio_skip(fp,0); /* read any buffered data */ \
(void)tio_close(fp); \
+ } \
return retv;
@@ -177,13 +178,14 @@
/* This macro can be used to generate a get..byname() function
@@ -177,13 +179,14 @@
fp=NULL; /* file should be closed by now */ \
return retv;

198
nss-pam-ldapd-0.7.x-uid-overflow.patch
View File

@ -1,73 +1,31 @@
diff -up nss-pam-ldapd-0.7.14/configure.ac.biguid nss-pam-ldapd-0.7.14/configure.ac
--- nss-pam-ldapd-0.7.14/configure.ac.biguid 2011-12-16 18:23:12.728169692 +0100
+++ nss-pam-ldapd-0.7.14/configure.ac 2011-12-16 18:24:29.335211970 +0100
@@ -222,6 +222,7 @@ AC_C_CONST
AC_CHECK_FUNCS([sigaction snprintf])
AC_CHECK_FUNCS(gethostbyname)
AC_SEARCH_LIBS(socket,socket)
+AC_CHECK_FUNCS([strtoul strtoull])
AC_CHECK_FUNCS([strcasecmp strncasecmp strchr strcspn strspn strtol])
AC_CHECK_FUNCS([malloc realloc])
AC_FUNC_FORK
@@ -230,6 +231,11 @@ AC_FUNC_FORK
AC_TYPE_MODE_T
AC_TYPE_SIZE_T
AC_TYPE_UID_T
+AC_CHECK_SIZEOF(unsigned int)
+AC_CHECK_SIZEOF(unsigned long int)
+AC_CHECK_SIZEOF(unsigned long long int)
+AC_CHECK_SIZEOF(uid_t)
+AC_CHECK_SIZEOF(gid_t)
AC_TYPE_PID_T
AC_TYPE_INT32_T
AC_TYPE_UINT8_T
diff -up nss-pam-ldapd-0.7.14/nslcd/cfg.c.biguid nss-pam-ldapd-0.7.14/nslcd/cfg.c
--- nss-pam-ldapd-0.7.14/nslcd/cfg.c.biguid 2011-12-16 18:19:47.354737215 +0100
+++ nss-pam-ldapd-0.7.14/nslcd/cfg.c 2011-12-16 18:19:57.480610621 +0100
@@ -449,8 +449,9 @@ static void get_uid(const char *filename
char *tmp;
check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL);
/* check if it is a valid numerical uid */
- *var=(uid_t)strtol(token,&tmp,0);
- if ((*token!='\0')&&(*tmp=='\0'))
+ errno=0;
+ *var=strtouid(token,&tmp,10);
+ if ((*token!='\0')&&(*tmp=='\0')&&(errno==0))
return;
/* find by name */
pwent=getpwnam(token);
@@ -474,8 +475,9 @@ static void get_gid(const char *filename
char *tmp;
check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL);
/* check if it is a valid numerical gid */
- *var=(gid_t)strtol(token,&tmp,0);
- if ((*token!='\0')&&(*tmp=='\0'))
+ errno=0;
+ *var=strtogid(token,&tmp,10);
+ if ((*token!='\0')&&(*tmp=='\0')&&(errno==0))
return;
/* find by name */
grent=getgrnam(token);
diff -up nss-pam-ldapd-0.7.14/nslcd/common.c.biguid nss-pam-ldapd-0.7.14/nslcd/common.c
--- nss-pam-ldapd-0.7.14/nslcd/common.c.biguid 2011-12-16 18:20:13.916405148 +0100
+++ nss-pam-ldapd-0.7.14/nslcd/common.c 2011-12-16 18:20:20.332324937 +0100
@@ -147,3 +147,25 @@ int read_address(TFILE *fp,char *addr,in
/* we're done */
diff -up ./nslcd/common.c.overflow ./nslcd/common.c
--- ./nslcd/common.c.overflow 2012-04-28 21:23:54.000000000 +0200
+++ ./nslcd/common.c 2012-04-28 21:38:03.263642985 +0200
@@ -148,19 +148,25 @@ int read_address(TFILE *fp,char *addr,in
return 0;
}
-#ifdef WANT_STRTOUI
+
+/* provide a strtoui() implementation, similar to strtoul() but returning
+ an range-checked unsigned int instead */
/* provide a strtoui() implementation, similar to strtoul() but returning
an range-checked unsigned int instead */
-unsigned int strtoui(const char *nptr,char **endptr,int base)
+uint32_t strtoid(const char *nptr,char **endptr,int base)
+{
{
- unsigned long val;
- val=strtoul(nptr,endptr,base);
- if (val>UINT_MAX)
+ long long val;
+
+ val=strtoll(nptr,endptr,base);
+ if (val>UINT32_MAX)
+ {
+ errno=ERANGE;
{
errno=ERANGE;
- return UINT_MAX;
+ return UINT32_MAX;
+ }
}
- /* If errno was set by strtoull, we'll pass it back as-is */
- return (unsigned int)val;
+ else if (val<0)
+ {
+ errno=EINVAL;
@ -76,10 +34,11 @@ diff -up nss-pam-ldapd-0.7.14/nslcd/common.c.biguid nss-pam-ldapd-0.7.14/nslcd/c
+
+ /* If errno was set, we'll pass it back as-is */
+ return (uint32_t) val;
+}
diff -up nss-pam-ldapd-0.7.14/nslcd/common.h.biguid nss-pam-ldapd-0.7.14/nslcd/common.h
--- nss-pam-ldapd-0.7.14/nslcd/common.h.biguid 2011-12-16 18:20:27.333237411 +0100
+++ nss-pam-ldapd-0.7.14/nslcd/common.h 2011-12-16 18:20:58.588846664 +0100
}
-#endif /* WANT_STRTOUI */
diff -up ./nslcd/common.h.overflow ./nslcd/common.h
--- ./nslcd/common.h.overflow 2012-04-28 21:39:08.670229101 +0200
+++ ./nslcd/common.h 2012-04-28 21:40:24.234750320 +0200
@@ -25,6 +25,7 @@
#define NSLCD__COMMON_H 1
@ -88,87 +47,38 @@ diff -up nss-pam-ldapd-0.7.14/nslcd/common.h.biguid nss-pam-ldapd-0.7.14/nslcd/c
#include "nslcd.h"
#include "common/nslcd-prot.h"
@@ -94,6 +95,11 @@ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *
@@ -94,31 +95,9 @@ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *
/* transforms the uid into a DN by doing an LDAP lookup */
MUST_USE char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen);
-/* provide strtouid() function alias */
-#if SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_INT
-#define strtouid (uid_t)strtoul
-#elif SIZEOF_UID_T == SIZEOF_UNSIGNED_LONG_LONG_INT
-#define strtouid (uid_t)strtoull
-#elif SIZEOF_UID_T == SIZEOF_UNSIGNED_INT
-#define WANT_STRTOUI 1
-#define strtouid (uid_t)strtoui
-#else
-#error unable to find implementation for strtouid()
-#endif
-
-/* provide strtouid() function alias */
-#if SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_INT
-#define strtogid (gid_t)strtoul
-#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_LONG_LONG_INT
-#define strtogid (gid_t)strtoull
-#elif SIZEOF_GID_T == SIZEOF_UNSIGNED_INT
-#ifndef WANT_STRTOUI
-#define WANT_STRTOUI 1
-#endif
-#define strtogid (uid_t)strtoui
-#else
-#error unable to find implementation for strtogid()
-#endif
+uint32_t strtoid(const char *nptr,char **endptr,int base);
+#define strtouid (uid_t)strtoid
+#define strtogid (uid_t)strtoid
+
+uint32_t strtoid(const char *nptr,char **endptr,int base);
+
/* these are the functions for initialising the database specific
modules */
void alias_init(void);
diff -up nss-pam-ldapd-0.7.14/nslcd/group.c.biguid nss-pam-ldapd-0.7.14/nslcd/group.c
--- nss-pam-ldapd-0.7.14/nslcd/group.c.biguid 2011-12-16 18:21:47.445235876 +0100
+++ nss-pam-ldapd-0.7.14/nslcd/group.c 2011-12-16 18:21:58.471098034 +0100
@@ -251,13 +251,20 @@ static int write_group(TFILE *fp,MYLDAP_
}
for (numgids=0;(gidvalues[numgids]!=NULL)&&(numgids<MAXGIDS_PER_ENTRY);numgids++)
{
- gids[numgids]=(gid_t)strtol(gidvalues[numgids],&tmp,0);
+ errno=0;
+ gids[numgids]=strtogid(gidvalues[numgids],&tmp,10);
if ((*(gidvalues[numgids])=='\0')||(*tmp!='\0'))
{
log_log(LOG_WARNING,"group entry %s contains non-numeric %s value",
myldap_get_dn(entry),attmap_group_gidNumber);
return 0;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"group entry %s contains too large %s value",
+ myldap_get_dn(entry),attmap_group_gidNumber);
+ return 0;
+ }
}
}
/* get group passwd (userPassword) (use only first entry) */
diff -up nss-pam-ldapd-0.7.14/nslcd/passwd.c.biguid nss-pam-ldapd-0.7.14/nslcd/passwd.c
--- nss-pam-ldapd-0.7.14/nslcd/passwd.c.biguid 2011-12-16 18:22:12.893917723 +0100
+++ nss-pam-ldapd-0.7.14/nslcd/passwd.c 2011-12-16 18:22:20.938817149 +0100
@@ -338,13 +338,20 @@ static int write_passwd(TFILE *fp,MYLDAP
}
for (numuids=0;(numuids<MAXUIDS_PER_ENTRY)&&(tmpvalues[numuids]!=NULL);numuids++)
{
- uids[numuids]=(uid_t)strtol(tmpvalues[numuids],&tmp,0);
+ errno=0;
+ uids[numuids]=strtouid(tmpvalues[numuids],&tmp,10);
if ((*(tmpvalues[numuids])=='\0')||(*tmp!='\0'))
{
log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",
myldap_get_dn(entry),attmap_passwd_uidNumber);
return 0;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"passwd entry %s contains too large %s value",
+ myldap_get_dn(entry),attmap_passwd_uidNumber);
+ return 0;
+ }
}
}
/* get the gid for this entry */
@@ -355,13 +362,20 @@ static int write_passwd(TFILE *fp,MYLDAP
myldap_get_dn(entry),attmap_passwd_gidNumber);
return 0;
}
- gid=(gid_t)strtol(gidbuf,&tmp,0);
+ errno=0;
+ gid=strtogid(gidbuf,&tmp,10);
if ((gidbuf[0]=='\0')||(*tmp!='\0'))
{
log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",
myldap_get_dn(entry),attmap_passwd_gidNumber);
return 0;
}
+ else if (errno!=0)
+ {
+ log_log(LOG_WARNING,"passwd entry %s contains too large %s value",
+ myldap_get_dn(entry),attmap_passwd_uidNumber);
+ return 0;
+ }
/* get the gecos for this entry */
attmap_get_value(entry,attmap_passwd_gecos,gecos,sizeof(gecos));
/* get the home directory for this entry */
#ifdef WANT_STRTOUI
/* provide a strtoui() if it is needed */

7
nss-pam-ldapd.spec
View File

@ -13,8 +13,8 @@
%endif
Name: nss-pam-ldapd
Version: 0.7.15
Release: 2%{?dist}
Version: 0.7.16
Release: 1%{?dist}
Summary: An nsswitch module which uses directory servers
Group: System Environment/Base
License: LGPLv2+
@ -263,6 +263,9 @@ exit 0
%endif
%changelog
* Sat Apr 28 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.16-1
- new upstream release 0.7.16
* Thu Mar 15 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.15-2
- Do not print "Broken Pipe" error message when requesting a large group