RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/openldap#f9945ac297c550f1bcc2cb810f2284e4b23b1e75
This commit is contained in:
parent
9d14968b29
commit
3128277048
|
@ -0,0 +1,24 @@
|
||||||
|
/openldap-2.4.28.tgz
|
||||||
|
/openldap-2.4.29.tgz
|
||||||
|
/openldap-2.4.30.tgz
|
||||||
|
/openldap-2.4.31.tgz
|
||||||
|
/openldap-2.4.32.tgz
|
||||||
|
/openldap-2.4.33.tgz
|
||||||
|
/openldap-2.4.34.tgz
|
||||||
|
/ltb-project-openldap-ppolicy-check-password-1.1.tar.gz
|
||||||
|
/openldap-2.4.35.tgz
|
||||||
|
/openldap-2.4.36.tgz
|
||||||
|
/openldap-2.4.37.tgz
|
||||||
|
/openldap-2.4.38.tgz
|
||||||
|
/openldap-2.4.39.tgz
|
||||||
|
/openldap-2.4.40.tgz
|
||||||
|
/openldap-2.4.41.tgz
|
||||||
|
/openldap-2.4.43.tgz
|
||||||
|
/openldap-2.4.44.tgz
|
||||||
|
/openldap-2.4.45.tgz
|
||||||
|
/openldap-2.4.46.tgz
|
||||||
|
/openldap-2.4.47.tgz
|
||||||
|
/openldap-2.4.50.tgz
|
||||||
|
/openldap-2.4.52.tgz
|
||||||
|
/openldap-2.4.53.tgz
|
||||||
|
/openldap-2.4.54.tgz
|
|
@ -0,0 +1,41 @@
|
||||||
|
--- a/Makefile 2009-10-31 18:59:06.000000000 +0100
|
||||||
|
+++ b/Makefile 2014-12-17 09:42:37.586079225 +0100
|
||||||
|
@@ -13,22 +13,11 @@
|
||||||
|
#
|
||||||
|
CONFIG=/etc/openldap/check_password.conf
|
||||||
|
|
||||||
|
-OPT=-g -O2 -Wall -fpic \
|
||||||
|
- -DHAVE_CRACKLIB -DCRACKLIB_DICTPATH="\"$(CRACKLIB)\"" \
|
||||||
|
- -DCONFIG_FILE="\"$(CONFIG)\"" \
|
||||||
|
+CFLAGS+=-fpic \
|
||||||
|
+ -DHAVE_CRACKLIB -DCRACKLIB_DICTPATH="\"$(CRACKLIB)\"" \
|
||||||
|
+ -DCONFIG_FILE="\"$(CONFIG)\"" \
|
||||||
|
-DDEBUG
|
||||||
|
|
||||||
|
-# Where to find the OpenLDAP headers.
|
||||||
|
-#
|
||||||
|
-LDAP_INC=-I/home/pyb/tmp/openldap-2.3.39/include \
|
||||||
|
- -I/home/pyb/tmp/openldap-2.3.39/servers/slapd
|
||||||
|
-
|
||||||
|
-# Where to find the CrackLib headers.
|
||||||
|
-#
|
||||||
|
-CRACK_INC=
|
||||||
|
-
|
||||||
|
-INCS=$(LDAP_INC) $(CRACK_INC)
|
||||||
|
-
|
||||||
|
LDAP_LIB=-lldap_r -llber
|
||||||
|
|
||||||
|
# Comment out this line if you do NOT want to use the cracklib.
|
||||||
|
@@ -45,10 +34,10 @@
|
||||||
|
all: check_password
|
||||||
|
|
||||||
|
check_password.o:
|
||||||
|
- $(CC) $(OPT) -c $(INCS) check_password.c
|
||||||
|
+ $(CC) $(CFLAGS) -c $(LDAP_INC) check_password.c
|
||||||
|
|
||||||
|
check_password: clean check_password.o
|
||||||
|
- $(CC) -shared -o check_password.so check_password.o $(CRACKLIB_LIB)
|
||||||
|
+ $(CC) $(LDFLAGS) -shared -o check_password.so check_password.o $(CRACKLIB_LIB)
|
||||||
|
|
||||||
|
install: check_password
|
||||||
|
cp -f check_password.so ../../../usr/lib/openldap/modules/
|
|
@ -0,0 +1,321 @@
|
||||||
|
--- a/check_password.c 2009-10-31 18:59:06.000000000 +0100
|
||||||
|
+++ b/check_password.c 2014-12-17 12:25:00.148900907 +0100
|
||||||
|
@@ -10,7 +10,7 @@
|
||||||
|
#include <slap.h>
|
||||||
|
|
||||||
|
#ifdef HAVE_CRACKLIB
|
||||||
|
-#include "crack.h"
|
||||||
|
+#include <crack.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(DEBUG)
|
||||||
|
@@ -34,18 +34,77 @@
|
||||||
|
#define PASSWORD_TOO_SHORT_SZ \
|
||||||
|
"Password for dn=\"%s\" is too short (%d/6)"
|
||||||
|
#define PASSWORD_QUALITY_SZ \
|
||||||
|
- "Password for dn=\"%s\" does not pass required number of strength checks (%d of %d)"
|
||||||
|
+ "Password for dn=\"%s\" does not pass required number of strength checks for the required character sets (%d of %d)"
|
||||||
|
#define BAD_PASSWORD_SZ \
|
||||||
|
"Bad password for dn=\"%s\" because %s"
|
||||||
|
+#define UNKNOWN_ERROR_SZ \
|
||||||
|
+ "An unknown error occurred, please see your systems administrator"
|
||||||
|
|
||||||
|
typedef int (*validator) (char*);
|
||||||
|
-static int read_config_file (char *);
|
||||||
|
+static int read_config_file ();
|
||||||
|
static validator valid_word (char *);
|
||||||
|
static int set_quality (char *);
|
||||||
|
static int set_cracklib (char *);
|
||||||
|
|
||||||
|
int check_password (char *pPasswd, char **ppErrStr, Entry *pEntry);
|
||||||
|
|
||||||
|
+struct config_entry {
|
||||||
|
+ char* key;
|
||||||
|
+ char* value;
|
||||||
|
+ char* def_value;
|
||||||
|
+} config_entries[] = { { "minPoints", NULL, "3"},
|
||||||
|
+ { "useCracklib", NULL, "1"},
|
||||||
|
+ { "minUpper", NULL, "0"},
|
||||||
|
+ { "minLower", NULL, "0"},
|
||||||
|
+ { "minDigit", NULL, "0"},
|
||||||
|
+ { "minPunct", NULL, "0"},
|
||||||
|
+ { NULL, NULL, NULL }};
|
||||||
|
+
|
||||||
|
+int get_config_entry_int(char* entry) {
|
||||||
|
+ struct config_entry* centry = config_entries;
|
||||||
|
+
|
||||||
|
+ int i = 0;
|
||||||
|
+ char* key = centry[i].key;
|
||||||
|
+ while (key != NULL) {
|
||||||
|
+ if ( strncmp(key, entry, strlen(key)) == 0 ) {
|
||||||
|
+ if ( centry[i].value == NULL ) {
|
||||||
|
+ return atoi(centry[i].def_value);
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ return atoi(centry[i].value);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ i++;
|
||||||
|
+ key = centry[i].key;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return -1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void dealloc_config_entries() {
|
||||||
|
+ struct config_entry* centry = config_entries;
|
||||||
|
+
|
||||||
|
+ int i = 0;
|
||||||
|
+ while (centry[i].key != NULL) {
|
||||||
|
+ if ( centry[i].value != NULL ) {
|
||||||
|
+ ber_memfree(centry[i].value);
|
||||||
|
+ }
|
||||||
|
+ i++;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+char* chomp(char *s)
|
||||||
|
+{
|
||||||
|
+ char* t = ber_memalloc(strlen(s)+1);
|
||||||
|
+ strncpy (t,s,strlen(s)+1);
|
||||||
|
+
|
||||||
|
+ if ( t[strlen(t)-1] == '\n' ) {
|
||||||
|
+ t[strlen(t)-1] = '\0';
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return t;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int set_quality (char *value)
|
||||||
|
{
|
||||||
|
#if defined(DEBUG)
|
||||||
|
@@ -84,12 +143,12 @@
|
||||||
|
char * parameter;
|
||||||
|
validator dealer;
|
||||||
|
} list[] = { { "minPoints", set_quality },
|
||||||
|
- { "useCracklib", set_cracklib },
|
||||||
|
- { "minUpper", set_digit },
|
||||||
|
- { "minLower", set_digit },
|
||||||
|
- { "minDigit", set_digit },
|
||||||
|
- { "minPunct", set_digit },
|
||||||
|
- { NULL, NULL } };
|
||||||
|
+ { "useCracklib", set_cracklib },
|
||||||
|
+ { "minUpper", set_digit },
|
||||||
|
+ { "minLower", set_digit },
|
||||||
|
+ { "minDigit", set_digit },
|
||||||
|
+ { "minPunct", set_digit },
|
||||||
|
+ { NULL, NULL } };
|
||||||
|
int index = 0;
|
||||||
|
|
||||||
|
#if defined(DEBUG)
|
||||||
|
@@ -98,7 +157,7 @@
|
||||||
|
|
||||||
|
while (list[index].parameter != NULL) {
|
||||||
|
if (strlen(word) == strlen(list[index].parameter) &&
|
||||||
|
- strcmp(list[index].parameter, word) == 0) {
|
||||||
|
+ strcmp(list[index].parameter, word) == 0) {
|
||||||
|
#if defined(DEBUG)
|
||||||
|
syslog(LOG_NOTICE, "check_password: Parameter accepted.");
|
||||||
|
#endif
|
||||||
|
@@ -114,13 +173,15 @@
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int read_config_file (char *keyWord)
|
||||||
|
+static int read_config_file ()
|
||||||
|
{
|
||||||
|
FILE * config;
|
||||||
|
char * line;
|
||||||
|
int returnValue = -1;
|
||||||
|
|
||||||
|
- if ((line = ber_memcalloc(260, sizeof(char))) == NULL) {
|
||||||
|
+ line = ber_memcalloc(260, sizeof(char));
|
||||||
|
+
|
||||||
|
+ if ( line == NULL ) {
|
||||||
|
return returnValue;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -133,6 +194,8 @@
|
||||||
|
return returnValue;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ returnValue = 0;
|
||||||
|
+
|
||||||
|
while (fgets(line, 256, config) != NULL) {
|
||||||
|
char *start = line;
|
||||||
|
char *word, *value;
|
||||||
|
@@ -145,23 +208,40 @@
|
||||||
|
|
||||||
|
while (isspace(*start) && isascii(*start)) start++;
|
||||||
|
|
||||||
|
- if (! isascii(*start))
|
||||||
|
+ /* If we've got punctuation, just skip the line. */
|
||||||
|
+ if ( ispunct(*start)) {
|
||||||
|
+#if defined(DEBUG)
|
||||||
|
+ /* Debug traces to syslog. */
|
||||||
|
+ syslog(LOG_NOTICE, "check_password: Skipped line |%s|", line);
|
||||||
|
+#endif
|
||||||
|
continue;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- if ((word = strtok(start, " \t")) && (dealer = valid_word(word)) && (strcmp(keyWord,word)==0)) {
|
||||||
|
- if ((value = strtok(NULL, " \t")) == NULL)
|
||||||
|
- continue;
|
||||||
|
+ if( isascii(*start)) {
|
||||||
|
+
|
||||||
|
+ struct config_entry* centry = config_entries;
|
||||||
|
+ int i = 0;
|
||||||
|
+ char* keyWord = centry[i].key;
|
||||||
|
+ if ((word = strtok(start, " \t")) && (value = strtok(NULL, " \t"))) {
|
||||||
|
+ while ( keyWord != NULL ) {
|
||||||
|
+ if ((strncmp(keyWord,word,strlen(keyWord)) == 0) && (dealer = valid_word(word)) ) {
|
||||||
|
|
||||||
|
#if defined(DEBUG)
|
||||||
|
- syslog(LOG_NOTICE, "check_password: Word = %s, value = %s", word, value);
|
||||||
|
+ syslog(LOG_NOTICE, "check_password: Word = %s, value = %s", word, value);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- returnValue = (*dealer)(value);
|
||||||
|
+ centry[i].value = chomp(value);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ i++;
|
||||||
|
+ keyWord = centry[i].key;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
-
|
||||||
|
fclose(config);
|
||||||
|
ber_memfree(line);
|
||||||
|
+
|
||||||
|
return returnValue;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -170,7 +250,7 @@
|
||||||
|
if (curlen < nextlen + MEMORY_MARGIN) {
|
||||||
|
#if defined(DEBUG)
|
||||||
|
syslog(LOG_WARNING, "check_password: Reallocating szErrStr from %d to %d",
|
||||||
|
- curlen, nextlen + MEMORY_MARGIN);
|
||||||
|
+ curlen, nextlen + MEMORY_MARGIN);
|
||||||
|
#endif
|
||||||
|
ber_memfree(*target);
|
||||||
|
curlen = nextlen + MEMORY_MARGIN;
|
||||||
|
@@ -180,7 +260,7 @@
|
||||||
|
return curlen;
|
||||||
|
}
|
||||||
|
|
||||||
|
- int
|
||||||
|
+int
|
||||||
|
check_password (char *pPasswd, char **ppErrStr, Entry *pEntry)
|
||||||
|
{
|
||||||
|
|
||||||
|
@@ -210,20 +290,22 @@
|
||||||
|
nLen = strlen (pPasswd);
|
||||||
|
if ( nLen < 6) {
|
||||||
|
mem_len = realloc_error_message(&szErrStr, mem_len,
|
||||||
|
- strlen(PASSWORD_TOO_SHORT_SZ) +
|
||||||
|
- strlen(pEntry->e_name.bv_val) + 1);
|
||||||
|
+ strlen(PASSWORD_TOO_SHORT_SZ) +
|
||||||
|
+ strlen(pEntry->e_name.bv_val) + 1);
|
||||||
|
sprintf (szErrStr, PASSWORD_TOO_SHORT_SZ, pEntry->e_name.bv_val, nLen);
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Read config file */
|
||||||
|
- minQuality = read_config_file("minPoints");
|
||||||
|
+ if (read_config_file() == -1) {
|
||||||
|
+ syslog(LOG_ERR, "Warning: Could not read values from config file %s. Using defaults.", CONFIG_FILE);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- useCracklib = read_config_file("useCracklib");
|
||||||
|
- minUpper = read_config_file("minUpper");
|
||||||
|
- minLower = read_config_file("minLower");
|
||||||
|
- minDigit = read_config_file("minDigit");
|
||||||
|
- minPunct = read_config_file("minPunct");
|
||||||
|
+ minQuality = get_config_entry_int("minPoints");
|
||||||
|
+ useCracklib = get_config_entry_int("useCracklib");
|
||||||
|
+ minUpper = get_config_entry_int("minUpper");
|
||||||
|
+ minLower = get_config_entry_int("minLower");
|
||||||
|
+ minDigit = get_config_entry_int("minDigit");
|
||||||
|
+ minPunct = get_config_entry_int("minPunct");
|
||||||
|
|
||||||
|
/** The password must have at least minQuality strength points with one
|
||||||
|
* point for the first occurrance of a lower, upper, digit and
|
||||||
|
@@ -232,8 +314,6 @@
|
||||||
|
|
||||||
|
for ( i = 0; i < nLen; i++ ) {
|
||||||
|
|
||||||
|
- if ( nQuality >= minQuality ) break;
|
||||||
|
-
|
||||||
|
if ( islower (pPasswd[i]) ) {
|
||||||
|
minLower--;
|
||||||
|
if ( !nLower && (minLower < 1)) {
|
||||||
|
@@ -279,12 +359,23 @@
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ( nQuality < minQuality ) {
|
||||||
|
+ /*
|
||||||
|
+ * If you have a required field, then it should be required in the strength
|
||||||
|
+ * checks.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ if (
|
||||||
|
+ (minLower > 0 ) ||
|
||||||
|
+ (minUpper > 0 ) ||
|
||||||
|
+ (minDigit > 0 ) ||
|
||||||
|
+ (minPunct > 0 ) ||
|
||||||
|
+ (nQuality < minQuality)
|
||||||
|
+ ) {
|
||||||
|
mem_len = realloc_error_message(&szErrStr, mem_len,
|
||||||
|
- strlen(PASSWORD_QUALITY_SZ) +
|
||||||
|
- strlen(pEntry->e_name.bv_val) + 2);
|
||||||
|
+ strlen(PASSWORD_QUALITY_SZ) +
|
||||||
|
+ strlen(pEntry->e_name.bv_val) + 2);
|
||||||
|
sprintf (szErrStr, PASSWORD_QUALITY_SZ, pEntry->e_name.bv_val,
|
||||||
|
- nQuality, minQuality);
|
||||||
|
+ nQuality, minQuality);
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -306,7 +397,7 @@
|
||||||
|
for ( j = 0; j < 3; j++ ) {
|
||||||
|
|
||||||
|
snprintf (filename, FILENAME_MAXLEN - 1, "%s.%s", \
|
||||||
|
- CRACKLIB_DICTPATH, ext[j]);
|
||||||
|
+ CRACKLIB_DICTPATH, ext[j]);
|
||||||
|
|
||||||
|
if (( fp = fopen ( filename, "r")) == NULL ) {
|
||||||
|
|
||||||
|
@@ -326,9 +417,9 @@
|
||||||
|
r = (char *) FascistCheck (pPasswd, CRACKLIB_DICTPATH);
|
||||||
|
if ( r != NULL ) {
|
||||||
|
mem_len = realloc_error_message(&szErrStr, mem_len,
|
||||||
|
- strlen(BAD_PASSWORD_SZ) +
|
||||||
|
- strlen(pEntry->e_name.bv_val) +
|
||||||
|
- strlen(r));
|
||||||
|
+ strlen(BAD_PASSWORD_SZ) +
|
||||||
|
+ strlen(pEntry->e_name.bv_val) +
|
||||||
|
+ strlen(r));
|
||||||
|
sprintf (szErrStr, BAD_PASSWORD_SZ, pEntry->e_name.bv_val, r);
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
@@ -342,15 +433,15 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
-
|
||||||
|
+ dealloc_config_entries();
|
||||||
|
*ppErrStr = strdup ("");
|
||||||
|
ber_memfree(szErrStr);
|
||||||
|
return (LDAP_SUCCESS);
|
||||||
|
|
||||||
|
fail:
|
||||||
|
+ dealloc_config_entries();
|
||||||
|
*ppErrStr = strdup (szErrStr);
|
||||||
|
ber_memfree(szErrStr);
|
||||||
|
return (EXIT_FAILURE);
|
||||||
|
|
||||||
|
}
|
||||||
|
-
|
|
@ -0,0 +1,28 @@
|
||||||
|
#
|
||||||
|
# LDAP Defaults
|
||||||
|
#
|
||||||
|
|
||||||
|
# See ldap.conf(5) for details
|
||||||
|
# This file should be world readable but not world writable.
|
||||||
|
|
||||||
|
#BASE dc=example,dc=com
|
||||||
|
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
|
||||||
|
|
||||||
|
#SIZELIMIT 12
|
||||||
|
#TIMELIMIT 15
|
||||||
|
#DEREF never
|
||||||
|
|
||||||
|
# When no CA certificates are specified the Shared System Certificates
|
||||||
|
# are in use. In order to have these available along with the ones specified
|
||||||
|
# by TLS_CACERTDIR one has to include them explicitly:
|
||||||
|
#TLS_CACERT /etc/pki/tls/cert.pem
|
||||||
|
|
||||||
|
# System-wide Crypto Policies provide up to date cipher suite which should
|
||||||
|
# be used unless one needs a finer grinded selection of ciphers. Hence, the
|
||||||
|
# PROFILE=SYSTEM value represents the default behavior which is in place
|
||||||
|
# when no explicit setting is used. (see openssl-ciphers(1) for more info)
|
||||||
|
#TLS_CIPHER_SUITE PROFILE=SYSTEM
|
||||||
|
|
||||||
|
# Turning this off breaks GSSAPI used with krb5 when rdns = false
|
||||||
|
SASL_NOCANON on
|
||||||
|
|
|
@ -0,0 +1,91 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# Author: Jan Vcelak <jvcelak@redhat.com>
|
||||||
|
|
||||||
|
. /usr/libexec/openldap/functions
|
||||||
|
|
||||||
|
function check_config_syntax()
|
||||||
|
{
|
||||||
|
retcode=0
|
||||||
|
tmp_slaptest=`mktemp --tmpdir=/var/run/openldap`
|
||||||
|
run_as_ldap "/usr/sbin/slaptest $SLAPD_GLOBAL_OPTIONS -u" &>$tmp_slaptest
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
error "Checking configuration file failed:"
|
||||||
|
cat $tmp_slaptest >&2
|
||||||
|
retcode=1
|
||||||
|
fi
|
||||||
|
rm $tmp_slaptest
|
||||||
|
return $retcode
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_certs_perms()
|
||||||
|
{
|
||||||
|
retcode=0
|
||||||
|
for cert in `certificates`; do
|
||||||
|
run_as_ldap "/usr/bin/test -e \"$cert\""
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
error "TLS certificate/key/DB '%s' was not found." "$cert"
|
||||||
|
retcoder=1
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
run_as_ldap "/usr/bin/test -r \"$cert\""
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
error "TLS certificate/key/DB '%s' is not readable." "$cert"
|
||||||
|
retcode=1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
return $retcode
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_db_perms()
|
||||||
|
{
|
||||||
|
retcode=0
|
||||||
|
for dbdir in `databases`; do
|
||||||
|
[ -d "$dbdir" ] || continue
|
||||||
|
for dbfile in `find ${dbdir} -maxdepth 1 -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name "alock"`; do
|
||||||
|
run_as_ldap "/usr/bin/test -r \"$dbfile\" -a -w \"$dbfile\""
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
error "Read/write permissions for DB file '%s' are required." "$dbfile"
|
||||||
|
retcode=1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done
|
||||||
|
return $retcode
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_everything()
|
||||||
|
{
|
||||||
|
retcode=0
|
||||||
|
check_config_syntax || retcode=1
|
||||||
|
# TODO: need support for Mozilla NSS, disabling temporarily
|
||||||
|
#check_certs_perms || retcode=1
|
||||||
|
check_db_perms || retcode=1
|
||||||
|
return $retcode
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ `id -u` -ne 0 ]; then
|
||||||
|
error "You have to be root to run this script."
|
||||||
|
exit 4
|
||||||
|
fi
|
||||||
|
|
||||||
|
load_sysconfig
|
||||||
|
|
||||||
|
if [ -n "$SLAPD_CONFIG_DIR" ]; then
|
||||||
|
if [ ! -d "$SLAPD_CONFIG_DIR" ]; then
|
||||||
|
error "Configuration directory '%s' does not exist." "$SLAPD_CONFIG_DIR"
|
||||||
|
else
|
||||||
|
check_everything
|
||||||
|
exit $?
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$SLAPD_CONFIG_FILE" ]; then
|
||||||
|
if [ ! -f "$SLAPD_CONFIG_FILE" ]; then
|
||||||
|
error "Configuration file '%s' does not exist." "$SLAPD_CONFIG_FILE"
|
||||||
|
else
|
||||||
|
error "Warning: Usage of a configuration file is obsolete!"
|
||||||
|
check_everything
|
||||||
|
exit $?
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 1
|
|
@ -0,0 +1,134 @@
|
||||||
|
# Author: Jan Vcelak <jvcelak@redhat.com>
|
||||||
|
|
||||||
|
SLAPD_USER=
|
||||||
|
SLAPD_CONFIG_FILE=
|
||||||
|
SLAPD_CONFIG_DIR=
|
||||||
|
SLAPD_CONFIG_CUSTOM=
|
||||||
|
SLAPD_GLOBAL_OPTIONS=
|
||||||
|
SLAPD_SYSCONFIG_FILE=
|
||||||
|
|
||||||
|
function default_config()
|
||||||
|
{
|
||||||
|
SLAPD_USER=ldap
|
||||||
|
SLAPD_CONFIG_FILE=/etc/openldap/slapd.conf
|
||||||
|
SLAPD_CONFIG_DIR=/etc/openldap/slapd.d
|
||||||
|
SLAPD_CONFIG_CUSTOM=
|
||||||
|
SLAPD_GLOBAL_OPTIONS=
|
||||||
|
SLAPD_SYSCONFIG_FILE=/etc/sysconfig/slapd
|
||||||
|
}
|
||||||
|
|
||||||
|
function parse_config_options()
|
||||||
|
{
|
||||||
|
user=
|
||||||
|
config_file=
|
||||||
|
config_dir=
|
||||||
|
while getopts :u:f:F: opt; do
|
||||||
|
case "$opt" in
|
||||||
|
u)
|
||||||
|
user="$OPTARG"
|
||||||
|
;;
|
||||||
|
f)
|
||||||
|
config_file="$OPTARG"
|
||||||
|
;;
|
||||||
|
F)
|
||||||
|
config_dir="$OPTARG"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -n "$user" ]; then
|
||||||
|
SLAPD_USER="$user"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$config_dir" ]; then
|
||||||
|
SLAPD_CONFIG_DIR="$config_dir"
|
||||||
|
SLAPD_CONFIG_FILE=
|
||||||
|
SLAPD_CONFIG_CUSTOM=1
|
||||||
|
SLAPD_GLOBAL_OPTIONS="-F '$config_dir'"
|
||||||
|
elif [ -n "$config_file" ]; then
|
||||||
|
SLAPD_CONFIG_DIR=
|
||||||
|
SLAPD_CONFIG_FILE="$config_file"
|
||||||
|
SLAPD_CONFIG_CUSTOM=1
|
||||||
|
SLAPD_GLOBAL_OPTIONS="-f '$config_file'"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function uses_new_config()
|
||||||
|
{
|
||||||
|
[ -n "$SLAPD_CONFIG_DIR" ]
|
||||||
|
return $?
|
||||||
|
}
|
||||||
|
|
||||||
|
function run_as_ldap()
|
||||||
|
{
|
||||||
|
/sbin/runuser --shell /bin/sh --session-command "$1" "$SLAPD_USER"
|
||||||
|
return $?
|
||||||
|
}
|
||||||
|
|
||||||
|
function ldif_unbreak()
|
||||||
|
{
|
||||||
|
sed ':a;N;s/\n //;ta;P;D'
|
||||||
|
}
|
||||||
|
|
||||||
|
function ldif_value()
|
||||||
|
{
|
||||||
|
sed 's/^[^:]*: //'
|
||||||
|
}
|
||||||
|
|
||||||
|
function databases_new()
|
||||||
|
{
|
||||||
|
slapcat $SLAPD_GLOBAL_OPTIONS -c \
|
||||||
|
-H 'ldap:///cn=config???(|(objectClass=olcBdbConfig)(objectClass=olcHdbConfig))' 2>/dev/null | \
|
||||||
|
ldif_unbreak | \
|
||||||
|
grep '^olcDbDirectory: ' | \
|
||||||
|
ldif_value
|
||||||
|
}
|
||||||
|
|
||||||
|
function databases_old()
|
||||||
|
{
|
||||||
|
awk 'begin { database="" }
|
||||||
|
$1 == "database" { database=$2 }
|
||||||
|
$1 == "directory" { if (database == "bdb" || database == "hdb") print $2}' \
|
||||||
|
"$SLAPD_CONFIG_FILE"
|
||||||
|
}
|
||||||
|
|
||||||
|
function certificates_new()
|
||||||
|
{
|
||||||
|
slapcat $SLAPD_GLOBAL_OPTIONS -c -H 'ldap:///cn=config???(cn=config)' 2>/dev/null | \
|
||||||
|
ldif_unbreak | \
|
||||||
|
grep '^olcTLS\(CACertificateFile\|CACertificatePath\|CertificateFile\|CertificateKeyFile\): ' | \
|
||||||
|
ldif_value
|
||||||
|
}
|
||||||
|
|
||||||
|
function certificates_old()
|
||||||
|
{
|
||||||
|
awk '$1 ~ "^TLS(CACertificate(File|Path)|CertificateFile|CertificateKeyFile)$" { print $2 } ' \
|
||||||
|
"$SLAPD_CONFIG_FILE"
|
||||||
|
}
|
||||||
|
|
||||||
|
function certificates()
|
||||||
|
{
|
||||||
|
uses_new_config && certificates_new || certificates_old
|
||||||
|
}
|
||||||
|
|
||||||
|
function databases()
|
||||||
|
{
|
||||||
|
uses_new_config && databases_new || databases_old
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function error()
|
||||||
|
{
|
||||||
|
format="$1\n"; shift
|
||||||
|
printf "$format" $@ >&2
|
||||||
|
}
|
||||||
|
|
||||||
|
function load_sysconfig()
|
||||||
|
{
|
||||||
|
[ -r "$SLAPD_SYSCONFIG_FILE" ] || return
|
||||||
|
|
||||||
|
. "$SLAPD_SYSCONFIG_FILE"
|
||||||
|
[ -n "$SLAPD_OPTIONS" ] && parse_config_options $SLAPD_OPTIONS
|
||||||
|
}
|
||||||
|
|
||||||
|
default_config
|
|
@ -0,0 +1,40 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# Author: Jan Vcelak <jvcelak@redhat.com>
|
||||||
|
|
||||||
|
. /usr/libexec/openldap/functions
|
||||||
|
|
||||||
|
if [ `id -u` -ne 0 ]; then
|
||||||
|
error "You have to be root to run this command."
|
||||||
|
exit 4
|
||||||
|
fi
|
||||||
|
|
||||||
|
load_sysconfig
|
||||||
|
retcode=0
|
||||||
|
|
||||||
|
for dbdir in `databases`; do
|
||||||
|
upgrade_log="$dbdir/db_upgrade.`date +%Y%m%d%H%M%S`.log"
|
||||||
|
bdb_files=`find "$dbdir" -maxdepth 1 -name "*.bdb" -printf '"%f" '`
|
||||||
|
|
||||||
|
# skip uninitialized database
|
||||||
|
[ -z "$bdb_files"] || continue
|
||||||
|
|
||||||
|
printf "Updating '%s', logging into '%s'\n" "$dbdir" "$upgrade_log"
|
||||||
|
|
||||||
|
# perform the update
|
||||||
|
for command in \
|
||||||
|
"/usr/bin/db_recover -v -h \"$dbdir\"" \
|
||||||
|
"/usr/bin/db_upgrade -v -h \"$dbdir\" $bdb_files" \
|
||||||
|
"/usr/bin/db_checkpoint -v -h \"$dbdir\" -1" \
|
||||||
|
; do
|
||||||
|
printf "Executing: %s\n" "$command" &>>$upgrade_log
|
||||||
|
run_as_ldap "$command" &>>$upgrade_log
|
||||||
|
result=$?
|
||||||
|
printf "Exit code: %d\n" $result >>"$upgrade_log"
|
||||||
|
if [ $result -ne 0 ]; then
|
||||||
|
printf "Upgrade failed: %d\n" $result
|
||||||
|
retcode=1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
exit $retcode
|
|
@ -0,0 +1,20 @@
|
||||||
|
use AI_ADDRCONFIG if defined in the environment
|
||||||
|
|
||||||
|
Author: Jan Vcelak <jvcelak@redhat.com>
|
||||||
|
Upstream ITS: #7326
|
||||||
|
Resolves: #835013
|
||||||
|
|
||||||
|
diff --git a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c
|
||||||
|
index b31e05d..fa361ab 100644
|
||||||
|
--- a/libraries/libldap/os-ip.c
|
||||||
|
+++ b/libraries/libldap/os-ip.c
|
||||||
|
@@ -594,8 +594,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
|
||||||
|
|
||||||
|
#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
|
||||||
|
memset( &hints, '\0', sizeof(hints) );
|
||||||
|
-#ifdef USE_AI_ADDRCONFIG /* FIXME: configure test needed */
|
||||||
|
- /* Use AI_ADDRCONFIG only on systems where its known to be needed. */
|
||||||
|
+#ifdef AI_ADDRCONFIG
|
||||||
|
hints.ai_flags = AI_ADDRCONFIG;
|
||||||
|
#endif
|
||||||
|
hints.ai_family = ldap_int_inet4or6;
|
|
@ -0,0 +1,40 @@
|
||||||
|
Compile AllOp together with other overlays.
|
||||||
|
|
||||||
|
Author: Matus Honek <mhonek@redhat.com>
|
||||||
|
Resolves: #1319782
|
||||||
|
|
||||||
|
diff --git a/servers/slapd/overlays/Makefile.in b/servers/slapd/overlays/Makefile.in
|
||||||
|
--- a/servers/slapd/overlays/Makefile.in
|
||||||
|
+++ b/servers/slapd/overlays/Makefile.in
|
||||||
|
@@ -33,7 +33,8 @@ SRCS = overlays.c \
|
||||||
|
translucent.c \
|
||||||
|
unique.c \
|
||||||
|
valsort.c \
|
||||||
|
- smbk5pwd.c
|
||||||
|
+ smbk5pwd.c \
|
||||||
|
+ allop.c
|
||||||
|
OBJS = statover.o \
|
||||||
|
@SLAPD_STATIC_OVERLAYS@ \
|
||||||
|
overlays.o
|
||||||
|
@@ -53,7 +54,7 @@ NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
|
||||||
|
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
|
||||||
|
|
||||||
|
LIBRARY = ../liboverlays.a
|
||||||
|
-PROGRAMS = @SLAPD_DYNAMIC_OVERLAYS@ smbk5pwd.la
|
||||||
|
+PROGRAMS = @SLAPD_DYNAMIC_OVERLAYS@ smbk5pwd.la allop.la
|
||||||
|
|
||||||
|
XINCPATH = -I.. -I$(srcdir)/..
|
||||||
|
XDEFS = $(MODULES_CPPFLAGS)
|
||||||
|
@@ -125,6 +126,12 @@ unique.la : unique.lo
|
||||||
|
smbk5pwd.la : smbk5pwd.lo
|
||||||
|
$(LTLINK_MOD) -module -o $@ smbk5pwd.lo version.lo $(LINK_LIBS) $(shell pkg-config openssl --libs)
|
||||||
|
|
||||||
|
+allop.lo : allop.c
|
||||||
|
+ $(LTCOMPILE_MOD) -DDO_SAMBA -UHAVE_MOZNSS -DHAVE_OPENSSL $(shell pkg-config openssl --cflags) $<
|
||||||
|
+
|
||||||
|
+allop.la : allop.lo
|
||||||
|
+ $(LTLINK_MOD) -module -o $@ allop.lo version.lo $(LINK_LIBS) $(shell pkg-config openssl --libs)
|
||||||
|
+
|
||||||
|
install-local: $(PROGRAMS)
|
||||||
|
@if test -n "$?" ; then \
|
||||||
|
$(MKDIR) $(DESTDIR)$(moduledir); \
|
|
@ -0,0 +1,73 @@
|
||||||
|
Various manual pages changes:
|
||||||
|
* removes LIBEXECDIR from slapd.8
|
||||||
|
* removes references to non-existing manpages (bz 624616)
|
||||||
|
|
||||||
|
diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
|
||||||
|
index 3def6da..466c772 100644
|
||||||
|
--- a/doc/man/man1/ldapmodify.1
|
||||||
|
+++ b/doc/man/man1/ldapmodify.1
|
||||||
|
@@ -397,8 +397,7 @@ exit status and a diagnostic message being written to standard error.
|
||||||
|
.BR ldap_add_ext (3),
|
||||||
|
.BR ldap_delete_ext (3),
|
||||||
|
.BR ldap_modify_ext (3),
|
||||||
|
-.BR ldap_modrdn_ext (3),
|
||||||
|
-.BR ldif (5).
|
||||||
|
+.BR ldif (5)
|
||||||
|
.SH AUTHOR
|
||||||
|
The OpenLDAP Project <http://www.openldap.org/>
|
||||||
|
.SH ACKNOWLEDGEMENTS
|
||||||
|
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
|
||||||
|
index cfde143..63592cb 100644
|
||||||
|
--- a/doc/man/man5/ldap.conf.5
|
||||||
|
+++ b/doc/man/man5/ldap.conf.5
|
||||||
|
@@ -317,6 +317,7 @@ certificates in separate individual files. The
|
||||||
|
.B TLS_CACERT
|
||||||
|
is always used before
|
||||||
|
.B TLS_CACERTDIR.
|
||||||
|
+The specified directory must be managed with the OpenSSL c_rehash utility.
|
||||||
|
This parameter is ignored with GnuTLS.
|
||||||
|
|
||||||
|
When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key
|
||||||
|
diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8
|
||||||
|
index b739f4d..e2a1a00 100644
|
||||||
|
--- a/doc/man/man8/slapd.8
|
||||||
|
+++ b/doc/man/man8/slapd.8
|
||||||
|
@@ -5,7 +5,7 @@
|
||||||
|
.SH NAME
|
||||||
|
slapd \- Stand-alone LDAP Daemon
|
||||||
|
.SH SYNOPSIS
|
||||||
|
-.B LIBEXECDIR/slapd
|
||||||
|
+.B slapd
|
||||||
|
[\c
|
||||||
|
.BR \-4 | \-6 ]
|
||||||
|
[\c
|
||||||
|
@@ -317,7 +317,7 @@ the LDAP databases defined in the default config file, just type:
|
||||||
|
.LP
|
||||||
|
.nf
|
||||||
|
.ft tt
|
||||||
|
- LIBEXECDIR/slapd
|
||||||
|
+ slapd
|
||||||
|
.ft
|
||||||
|
.fi
|
||||||
|
.LP
|
||||||
|
@@ -328,7 +328,7 @@ on voluminous debugging which will be printed on standard error, type:
|
||||||
|
.LP
|
||||||
|
.nf
|
||||||
|
.ft tt
|
||||||
|
- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
|
||||||
|
+ slapd -f /var/tmp/slapd.conf -d 255
|
||||||
|
.ft
|
||||||
|
.fi
|
||||||
|
.LP
|
||||||
|
@@ -336,7 +336,7 @@ To test whether the configuration file is correct or not, type:
|
||||||
|
.LP
|
||||||
|
.nf
|
||||||
|
.ft tt
|
||||||
|
- LIBEXECDIR/slapd \-Tt
|
||||||
|
+ slapd -Tt
|
||||||
|
.ft
|
||||||
|
.fi
|
||||||
|
.LP
|
||||||
|
--
|
||||||
|
1.8.1.4
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
Reference default system-wide CA certificates in manpages
|
||||||
|
|
||||||
|
OpenSSL, unless explicitly configured, uses system-wide default set of CA
|
||||||
|
certificates.
|
||||||
|
|
||||||
|
Author: Matus Honek <mhonek@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
|
||||||
|
--- a/doc/man/man5/ldap.conf.5
|
||||||
|
+++ b/doc/man/man5/ldap.conf.5
|
||||||
|
@@ -307,6 +307,9 @@ are more options you can specify. These options are used when an
|
||||||
|
.B ldaps:// URI
|
||||||
|
is selected (by default or otherwise) or when the application
|
||||||
|
negotiates TLS by issuing the LDAP StartTLS operation.
|
||||||
|
+.LP
|
||||||
|
+When using OpenSSL, if neither \fBTLS_CACERT\fP nor \fBTLS_CACERTDIR\fP
|
||||||
|
+is set, the system-wide default set of CA certificates is used.
|
||||||
|
.TP
|
||||||
|
.B TLS_CACERT <filename>
|
||||||
|
Specifies the file that contains certificates for all of the Certificate
|
||||||
|
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
|
||||||
|
--- a/doc/man/man5/slapd-config.5
|
||||||
|
+++ b/doc/man/man5/slapd-config.5
|
||||||
|
@@ -801,6 +801,10 @@ If
|
||||||
|
.B slapd
|
||||||
|
is built with support for Transport Layer Security, there are more options
|
||||||
|
you can specify.
|
||||||
|
+.LP
|
||||||
|
+When using OpenSSL, if neither \fBolcTLSCACertificateFile\fP nor
|
||||||
|
+\fBolcTLSCACertificatePath\fP is set, the system-wide default set of CA
|
||||||
|
+certificates is used.
|
||||||
|
.TP
|
||||||
|
.B olcTLSCipherSuite: <cipher-suite-spec>
|
||||||
|
Permits configuring what ciphers will be accepted and the preference order.
|
||||||
|
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
|
||||||
|
--- a/doc/man/man5/slapd.conf.5
|
||||||
|
+++ b/doc/man/man5/slapd.conf.5
|
||||||
|
@@ -1032,6 +1032,10 @@ If
|
||||||
|
.B slapd
|
||||||
|
is built with support for Transport Layer Security, there are more options
|
||||||
|
you can specify.
|
||||||
|
+.LP
|
||||||
|
+When using OpenSSL, if neither \fBTLSCACertificateFile\fP nor
|
||||||
|
+\fBTLSCACertificatePath\fP is set, the system-wide default set of CA
|
||||||
|
+certificates is used.
|
||||||
|
.TP
|
||||||
|
.B TLSCipherSuite <cipher-suite-spec>
|
||||||
|
Permits configuring what ciphers will be accepted and the preference order.
|
|
@ -0,0 +1,33 @@
|
||||||
|
The non-reentrant gethostbyXXXX() functions deadlock if called recursively, for
|
||||||
|
example if libldap needs to be initialized from within gethostbyXXXX() (which
|
||||||
|
actually happens if nss_ldap is used for hostname resolution and earlier
|
||||||
|
modules can't resolve the local host name), so use the reentrant versions of
|
||||||
|
the functions, even if we're not being compiled for use in libldap_r
|
||||||
|
|
||||||
|
Resolves: #179730
|
||||||
|
Author: Jeffery Layton <jlayton@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c
|
||||||
|
index 373c81c..a012062 100644
|
||||||
|
--- a/libraries/libldap/util-int.c
|
||||||
|
+++ b/libraries/libldap/util-int.c
|
||||||
|
@@ -52,8 +52,8 @@ extern int h_errno;
|
||||||
|
#ifndef LDAP_R_COMPILE
|
||||||
|
# undef HAVE_REENTRANT_FUNCTIONS
|
||||||
|
# undef HAVE_CTIME_R
|
||||||
|
-# undef HAVE_GETHOSTBYNAME_R
|
||||||
|
-# undef HAVE_GETHOSTBYADDR_R
|
||||||
|
+/* # undef HAVE_GETHOSTBYNAME_R */
|
||||||
|
+/* # undef HAVE_GETHOSTBYADDR_R */
|
||||||
|
|
||||||
|
#else
|
||||||
|
# include <ldap_pvt_thread.h>
|
||||||
|
@@ -317,7 +317,7 @@ ldap_pvt_csnstr(char *buf, size_t len, unsigned int replica, unsigned int mod)
|
||||||
|
#define BUFSTART (1024-32)
|
||||||
|
#define BUFMAX (32*1024-32)
|
||||||
|
|
||||||
|
-#if defined(LDAP_R_COMPILE)
|
||||||
|
+#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R)
|
||||||
|
static char *safe_realloc( char **buf, int len );
|
||||||
|
|
||||||
|
#if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R))
|
|
@ -0,0 +1,62 @@
|
||||||
|
Compile smbk5pwd together with other overlays.
|
||||||
|
|
||||||
|
Author: Jan Šafránek <jsafrane@redhat.com>
|
||||||
|
Resolves: #550895
|
||||||
|
|
||||||
|
Update to link against OpenSSL
|
||||||
|
|
||||||
|
Author: Jan Vcelak <jvcelak@redhat.com>
|
||||||
|
Resolves: #841560
|
||||||
|
|
||||||
|
diff --git a/contrib/slapd-modules/smbk5pwd/README b/contrib/slapd-modules/smbk5pwd/README
|
||||||
|
index f20ad94..b6433ff 100644
|
||||||
|
--- a/contrib/slapd-modules/smbk5pwd/README
|
||||||
|
+++ b/contrib/slapd-modules/smbk5pwd/README
|
||||||
|
@@ -1,3 +1,8 @@
|
||||||
|
+******************************************************************************
|
||||||
|
+Red Hat note: We do not provide Heimdal Kerberos but MIT. Therefore the module
|
||||||
|
+is compiled only with Samba features in Fedora and Red Hat Enterprise Linux.
|
||||||
|
+******************************************************************************
|
||||||
|
+
|
||||||
|
This directory contains a slapd overlay, smbk5pwd, that extends the
|
||||||
|
PasswordModify Extended Operation to update Kerberos keys and Samba
|
||||||
|
password hashes for an LDAP user.
|
||||||
|
diff --git a/servers/slapd/overlays/Makefile.in b/servers/slapd/overlays/Makefile.in
|
||||||
|
index 3af20e8..ef73663 100644
|
||||||
|
--- a/servers/slapd/overlays/Makefile.in
|
||||||
|
+++ b/servers/slapd/overlays/Makefile.in
|
||||||
|
@@ -33,7 +33,8 @@ SRCS = overlays.c \
|
||||||
|
syncprov.c \
|
||||||
|
translucent.c \
|
||||||
|
unique.c \
|
||||||
|
- valsort.c
|
||||||
|
+ valsort.c \
|
||||||
|
+ smbk5pwd.c
|
||||||
|
OBJS = statover.o \
|
||||||
|
@SLAPD_STATIC_OVERLAYS@ \
|
||||||
|
overlays.o
|
||||||
|
@@ -53,7 +54,7 @@ NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
|
||||||
|
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
|
||||||
|
|
||||||
|
LIBRARY = ../liboverlays.a
|
||||||
|
-PROGRAMS = @SLAPD_DYNAMIC_OVERLAYS@
|
||||||
|
+PROGRAMS = @SLAPD_DYNAMIC_OVERLAYS@ smbk5pwd.la
|
||||||
|
|
||||||
|
XINCPATH = -I.. -I$(srcdir)/..
|
||||||
|
XDEFS = $(MODULES_CPPFLAGS)
|
||||||
|
@@ -125,6 +126,12 @@ unique.la : unique.lo
|
||||||
|
valsort.la : valsort.lo
|
||||||
|
$(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS)
|
||||||
|
|
||||||
|
+smbk5pwd.lo : smbk5pwd.c
|
||||||
|
+ $(LTCOMPILE_MOD) -DDO_SAMBA -UHAVE_MOZNSS -DHAVE_OPENSSL $(shell pkg-config openssl --cflags) $<
|
||||||
|
+
|
||||||
|
+smbk5pwd.la : smbk5pwd.lo
|
||||||
|
+ $(LTLINK_MOD) -module -o $@ smbk5pwd.lo version.lo $(LINK_LIBS) $(shell pkg-config openssl --libs)
|
||||||
|
+
|
||||||
|
install-local: $(PROGRAMS)
|
||||||
|
@if test -n "$?" ; then \
|
||||||
|
$(MKDIR) $(DESTDIR)$(moduledir); \
|
||||||
|
--
|
||||||
|
1.7.10.4
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
From: Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de>
|
||||||
|
Date: Tue, 18 May 2010 17:47:05 +0200
|
||||||
|
Subject: [PATCH] Switch to lt_dlopenadvise() to get RTLD_GLOBAL set.
|
||||||
|
|
||||||
|
Proof of concept for fixing http://bugs.debian.org/327585
|
||||||
|
(patch ported from freeradius bug http://bugs.debian.org/416266)
|
||||||
|
|
||||||
|
Resolves: #960048
|
||||||
|
---
|
||||||
|
--- openldap/servers/slapd/module.c.orig 2010-05-18 17:42:04.000000000 +0200
|
||||||
|
+++ openldap/servers/slapd/module.c 2010-05-18 17:45:46.000000000 +0200
|
||||||
|
@@ -117,6 +117,20 @@
|
||||||
|
return -1; /* not found */
|
||||||
|
}
|
||||||
|
|
||||||
|
+static lt_dlhandle slapd_lt_dlopenext_global( const char *filename )
|
||||||
|
+{
|
||||||
|
+ lt_dlhandle handle = 0;
|
||||||
|
+ lt_dladvise advise;
|
||||||
|
+
|
||||||
|
+ if (!lt_dladvise_init (&advise) && !lt_dladvise_ext (&advise)
|
||||||
|
+ && !lt_dladvise_global (&advise))
|
||||||
|
+ handle = lt_dlopenadvise (filename, advise);
|
||||||
|
+
|
||||||
|
+ lt_dladvise_destroy (&advise);
|
||||||
|
+
|
||||||
|
+ return handle;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int module_load(const char* file_name, int argc, char *argv[])
|
||||||
|
{
|
||||||
|
module_loaded_t *module;
|
||||||
|
@@ -180,7 +194,7 @@
|
||||||
|
* to calling Debug. This is because Debug is a macro that expands
|
||||||
|
* into multiple function calls.
|
||||||
|
*/
|
||||||
|
- if ((module->lib = lt_dlopenext(file)) == NULL) {
|
||||||
|
+ if ((module->lib = slapd_lt_dlopenext_global(file)) == NULL) {
|
||||||
|
error = lt_dlerror();
|
||||||
|
#ifdef HAVE_EBCDIC
|
||||||
|
strcpy( ebuf, error );
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,158 @@
|
||||||
|
#
|
||||||
|
# See slapd-config(5) for details on configuration options.
|
||||||
|
# This file should NOT be world readable.
|
||||||
|
#
|
||||||
|
|
||||||
|
dn: cn=config
|
||||||
|
objectClass: olcGlobal
|
||||||
|
cn: config
|
||||||
|
#
|
||||||
|
# TLS settings
|
||||||
|
#
|
||||||
|
# When no CA certificates are specified the Shared System Certificates
|
||||||
|
# are in use. In order to have these available along with the ones specified
|
||||||
|
# by oclTLSCACertificatePath one has to include them explicitly:
|
||||||
|
#olcTLSCACertificateFile: /etc/pki/tls/cert.pem
|
||||||
|
#
|
||||||
|
# Private cert and key are not pregenerated.
|
||||||
|
#olcTLSCertificateFile:
|
||||||
|
#olcTLSCertificateKeyFile:
|
||||||
|
#
|
||||||
|
# System-wide Crypto Policies provide up to date cipher suite which should
|
||||||
|
# be used unless one needs a finer grinded selection of ciphers. Hence, the
|
||||||
|
# PROFILE=SYSTEM value represents the default behavior which is in place
|
||||||
|
# when no explicit setting is used. (see openssl-ciphers(1) for more info)
|
||||||
|
#olcTLSCipherSuite: PROFILE=SYSTEM
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Do not enable referrals until AFTER you have a working directory
|
||||||
|
# service AND an understanding of referrals.
|
||||||
|
#
|
||||||
|
#olcReferral: ldap://root.openldap.org
|
||||||
|
#
|
||||||
|
# Sample security restrictions
|
||||||
|
# Require integrity protection (prevent hijacking)
|
||||||
|
# Require 112-bit (3DES or better) encryption for updates
|
||||||
|
# Require 64-bit encryption for simple bind
|
||||||
|
#
|
||||||
|
#olcSecurity: ssf=1 update_ssf=112 simple_bind=64
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Load dynamic backend modules:
|
||||||
|
# - modulepath is architecture dependent value (32/64-bit system)
|
||||||
|
# - back_sql.la backend requires openldap-servers-sql package
|
||||||
|
# - dyngroup.la and dynlist.la cannot be used at the same time
|
||||||
|
#
|
||||||
|
|
||||||
|
#dn: cn=module,cn=config
|
||||||
|
#objectClass: olcModuleList
|
||||||
|
#cn: module
|
||||||
|
#olcModulepath: /usr/lib/openldap
|
||||||
|
#olcModulepath: /usr/lib64/openldap
|
||||||
|
#olcModuleload: accesslog.la
|
||||||
|
#olcModuleload: auditlog.la
|
||||||
|
#olcModuleload: back_dnssrv.la
|
||||||
|
#olcModuleload: back_ldap.la
|
||||||
|
#olcModuleload: back_mdb.la
|
||||||
|
#olcModuleload: back_meta.la
|
||||||
|
#olcModuleload: back_null.la
|
||||||
|
#olcModuleload: back_passwd.la
|
||||||
|
#olcModuleload: back_relay.la
|
||||||
|
#olcModuleload: back_shell.la
|
||||||
|
#olcModuleload: back_sock.la
|
||||||
|
#olcModuleload: collect.la
|
||||||
|
#olcModuleload: constraint.la
|
||||||
|
#olcModuleload: dds.la
|
||||||
|
#olcModuleload: deref.la
|
||||||
|
#olcModuleload: dyngroup.la
|
||||||
|
#olcModuleload: dynlist.la
|
||||||
|
#olcModuleload: memberof.la
|
||||||
|
#olcModuleload: pcache.la
|
||||||
|
#olcModuleload: ppolicy.la
|
||||||
|
#olcModuleload: refint.la
|
||||||
|
#olcModuleload: retcode.la
|
||||||
|
#olcModuleload: rwm.la
|
||||||
|
#olcModuleload: seqmod.la
|
||||||
|
#olcModuleload: smbk5pwd.la
|
||||||
|
#olcModuleload: sssvlv.la
|
||||||
|
#olcModuleload: syncprov.la
|
||||||
|
#olcModuleload: translucent.la
|
||||||
|
#olcModuleload: unique.la
|
||||||
|
#olcModuleload: valsort.la
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Schema settings
|
||||||
|
#
|
||||||
|
|
||||||
|
dn: cn=schema,cn=config
|
||||||
|
objectClass: olcSchemaConfig
|
||||||
|
cn: schema
|
||||||
|
|
||||||
|
include: file:///etc/openldap/schema/core.ldif
|
||||||
|
|
||||||
|
#
|
||||||
|
# Frontend settings
|
||||||
|
#
|
||||||
|
|
||||||
|
dn: olcDatabase=frontend,cn=config
|
||||||
|
objectClass: olcDatabaseConfig
|
||||||
|
olcDatabase: frontend
|
||||||
|
#
|
||||||
|
# Sample global access control policy:
|
||||||
|
# Root DSE: allow anyone to read it
|
||||||
|
# Subschema (sub)entry DSE: allow anyone to read it
|
||||||
|
# Other DSEs:
|
||||||
|
# Allow self write access
|
||||||
|
# Allow authenticated users read access
|
||||||
|
# Allow anonymous users to authenticate
|
||||||
|
#
|
||||||
|
#olcAccess: to dn.base="" by * read
|
||||||
|
#olcAccess: to dn.base="cn=Subschema" by * read
|
||||||
|
#olcAccess: to *
|
||||||
|
# by self write
|
||||||
|
# by users read
|
||||||
|
# by anonymous auth
|
||||||
|
#
|
||||||
|
# if no access controls are present, the default policy
|
||||||
|
# allows anyone and everyone to read anything but restricts
|
||||||
|
# updates to rootdn. (e.g., "access to * by * read")
|
||||||
|
#
|
||||||
|
# rootdn can always read and write EVERYTHING!
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# Configuration database
|
||||||
|
#
|
||||||
|
|
||||||
|
dn: olcDatabase=config,cn=config
|
||||||
|
objectClass: olcDatabaseConfig
|
||||||
|
olcDatabase: config
|
||||||
|
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
|
||||||
|
n=auth" manage by * none
|
||||||
|
|
||||||
|
#
|
||||||
|
# Server status monitoring
|
||||||
|
#
|
||||||
|
|
||||||
|
dn: olcDatabase=monitor,cn=config
|
||||||
|
objectClass: olcDatabaseConfig
|
||||||
|
olcDatabase: monitor
|
||||||
|
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
|
||||||
|
n=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none
|
||||||
|
|
||||||
|
#
|
||||||
|
# Backend database definitions
|
||||||
|
#
|
||||||
|
|
||||||
|
dn: olcDatabase=mdb,cn=config
|
||||||
|
objectClass: olcDatabaseConfig
|
||||||
|
objectClass: olcMdbConfig
|
||||||
|
olcDatabase: mdb
|
||||||
|
olcSuffix: dc=my-domain,dc=com
|
||||||
|
olcRootDN: cn=Manager,dc=my-domain,dc=com
|
||||||
|
olcDbDirectory: /var/lib/ldap
|
||||||
|
olcDbIndex: objectClass eq,pres
|
||||||
|
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
|
|
@ -0,0 +1,17 @@
|
||||||
|
[Unit]
|
||||||
|
Description=OpenLDAP Server Daemon
|
||||||
|
After=syslog.target network-online.target
|
||||||
|
Documentation=man:slapd
|
||||||
|
Documentation=man:slapd-config
|
||||||
|
Documentation=man:slapd-hdb
|
||||||
|
Documentation=man:slapd-mdb
|
||||||
|
Documentation=file:///usr/share/doc/openldap-servers/guide.html
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
||||||
|
ExecStartPre=/usr/libexec/openldap/check-config.sh
|
||||||
|
ExecStart=/usr/sbin/slapd -u ldap -h "ldap:/// ldaps:/// ldapi:///"
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
Alias=openldap.service
|
|
@ -0,0 +1,2 @@
|
||||||
|
# openldap runtime directory for slapd.arg and slapd.pid
|
||||||
|
d /var/run/openldap 0755 ldap ldap -
|
|
@ -0,0 +1,2 @@
|
||||||
|
SHA512 (ltb-project-openldap-ppolicy-check-password-1.1.tar.gz) = f3384a164ce5db488908cf6380bad8500b800b09d12a8f04e1b6ccb6f6af6ab3971fcdbe4acca7a1b6d16b408a11065c2b1ab2497863fe07d3c28262b0f6776e
|
||||||
|
SHA512 (openldap-2.4.54.tgz) = 30cbe23f310f1901a0300ac0d123fc2e6fcc5bde8b15692f2fd8291d1f1e5b7e97426823eb1be9977a15d728fd175c8938c6790a57582a72d10be0b497c3ef5f
|
|
@ -0,0 +1,85 @@
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/openldap/Sanity/smoke-test
|
||||||
|
# Description: Test calls upstream test suite.
|
||||||
|
# Author: Ondrej Moris <omoris@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/openldap/Sanity/smoke-test
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
chmod a+x runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Ondrej Moris <omoris@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: Test calls upstream test suite." >> $(METADATA)
|
||||||
|
@echo "Type: Sanity" >> $(METADATA)
|
||||||
|
@echo "TestTime: 3h" >> $(METADATA)
|
||||||
|
@echo "RunFor: openldap" >> $(METADATA)
|
||||||
|
@echo "Requires: openldap" >> $(METADATA)
|
||||||
|
@echo "Requires: openldap-clients" >> $(METADATA)
|
||||||
|
@echo "Requires: openldap-servers" >> $(METADATA)
|
||||||
|
@echo "Requires: cyrus-sasl-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: gdbm-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: libtool" >> $(METADATA)
|
||||||
|
@echo "Requires: krb5-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: openssl-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: pam-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: perl" >> $(METADATA)
|
||||||
|
@echo "Requires: pkgconfig" >> $(METADATA)
|
||||||
|
@echo "Requires: tcp_wrappers-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: bind-libbind-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: unixODBC-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: libtool-ltdl-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: nfs-utils" >> $(METADATA)
|
||||||
|
@echo "Requires: rpm-build" >> $(METADATA)
|
||||||
|
@echo "Requires: nss-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: libdb-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: groff" >> $(METADATA)
|
||||||
|
@echo "Requires: cracklib-devel" >> $(METADATA)
|
||||||
|
@echo "Requires: perl-ExtUtils-Embed" >> $(METADATA)
|
||||||
|
@echo "Requires: yum-utils" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
|
@ -0,0 +1,3 @@
|
||||||
|
PURPOSE of /CoreOS/openldap/Sanity/smoke-test
|
||||||
|
Description: Test calls upstream test suite.
|
||||||
|
Author: Ondrej Moris <omoris@redhat.com>
|
|
@ -0,0 +1,126 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/openldap/Sanity/smoke-test
|
||||||
|
# Description: Test calls upstream test suite.
|
||||||
|
# Author: Ondrej Moris <omoris@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include rhts environment
|
||||||
|
. /usr/bin/rhts-environment.sh
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="openldap"
|
||||||
|
|
||||||
|
PACKAGES=("openldap" \
|
||||||
|
"openldap-clients" \
|
||||||
|
"openldap-servers" \
|
||||||
|
"cyrus-sasl-devel" \
|
||||||
|
"gdbm-devel" \
|
||||||
|
"libtool" \
|
||||||
|
"krb5-devel" \
|
||||||
|
"openssl-devel" \
|
||||||
|
"pam-devel" \
|
||||||
|
"perl" \
|
||||||
|
"unixODBC-devel" \
|
||||||
|
"libtool-ltdl-devel" \
|
||||||
|
"nfs-utils" \
|
||||||
|
"rpm-build" )
|
||||||
|
|
||||||
|
if rlIsRHEL 5; then
|
||||||
|
PACKAGES=( ${PACKAGES[@]} "bind-libbind-devel" )
|
||||||
|
elif rlIsRHEL 6; then
|
||||||
|
PACKAGES=( ${PACKAGES[@]} "tcp_wrappers-devel" )
|
||||||
|
else
|
||||||
|
PACKAGES=( ${PACKAGES[@]} "tcp_wrappers-devel" "nss-devel" "libdb-devel" "groff" "cracklib-devel" "perl-ExtUtils-Embed" )
|
||||||
|
fi
|
||||||
|
if rlIsFedora; then
|
||||||
|
PACKAGES=( ${PACKAGES[@]} "pkgconf-pkg-config" )
|
||||||
|
else
|
||||||
|
PACKAGES=( ${PACKAGES[@]} "pkgconfig" )
|
||||||
|
fi
|
||||||
|
|
||||||
|
if rlIsRHEL 5; then
|
||||||
|
LDAP_SERVICE='ldap'
|
||||||
|
else
|
||||||
|
LDAP_SERVICE='slapd'
|
||||||
|
fi
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
|
||||||
|
rlPhaseStartSetup "General Setup"
|
||||||
|
|
||||||
|
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||||
|
rlRun "pushd $TmpDir"
|
||||||
|
|
||||||
|
for P in "${PACKAGES[@]}"; do rlCheckRpm $P || rlDie; done
|
||||||
|
|
||||||
|
rlFetchSrcForInstalled $PACKAGE
|
||||||
|
rlRun "yum-builddep -y openldap*src.rpm" 0
|
||||||
|
rlRun "rpm -ihv *.rpm" 0
|
||||||
|
|
||||||
|
rlServiceStop $LDAP_SERVICE
|
||||||
|
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
|
||||||
|
TOPDIR=`rpm --eval %_topdir`
|
||||||
|
rlRun "pushd $TOPDIR" 0
|
||||||
|
|
||||||
|
rlRun "rpmbuild -vv -bc SPECS/openldap.spec >build.log 2>&1" 0
|
||||||
|
[[ $? -ne 0 ]] && cat build.log
|
||||||
|
VERSION=`rpm -q --qf "%{VERSION}\n" openldap | tail -1`
|
||||||
|
rlRun "pushd BUILD/openldap-${VERSION}/openldap-${VERSION}" 0
|
||||||
|
# workaround for failing test, it tests unsupported configuration
|
||||||
|
# see http://www.openldap.org/lists/openldap-technical/201204/msg00080.html for upstream reply
|
||||||
|
# change of check after test is not enough because run of all tests with hdb is skipped if test058 fails with bdb
|
||||||
|
rm -f tests/scripts/test058-syncrepl-asymmetric
|
||||||
|
rlIsRHEL 5 6 && rlRun "pushd build-servers" 0
|
||||||
|
|
||||||
|
rlRun "make check > make_check.out 2>&1" 0
|
||||||
|
|
||||||
|
grep ">>>>" make_check.out > make_check.results
|
||||||
|
cat make_check.out
|
||||||
|
echo -e "\n\nResults:\n\n"
|
||||||
|
cat make_check.results
|
||||||
|
|
||||||
|
rlAssertNotGrep "failed" make_check.results
|
||||||
|
|
||||||
|
rlIsRHEL 5 6 && rlRun "popd" 0
|
||||||
|
rlRun "popd" 0
|
||||||
|
rlRun "popd" 0
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
|
||||||
|
rlServiceRestore $LDAP_SERVICE
|
||||||
|
rlRun "rm -rf BUILD/opendap-`rpm -q --qf "%{VERSION}" openldap`" 0
|
||||||
|
rlRun "popd"
|
||||||
|
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||||
|
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlJournalPrintText
|
||||||
|
|
||||||
|
rlJournalEnd
|
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
# Tests that run in all contexts
|
||||||
|
- hosts: localhost
|
||||||
|
roles:
|
||||||
|
- role: standard-test-beakerlib
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
tests:
|
||||||
|
- smoke-test
|
||||||
|
required_packages:
|
||||||
|
- openldap # Required for smoke-test
|
||||||
|
- openldap-clients # Required for smoke-test
|
||||||
|
- openldap-servers # Required for smoke-test
|
||||||
|
- cyrus-sasl-devel # Required for smoke-test
|
||||||
|
- gdbm-devel # Required for smoke-test
|
||||||
|
- libtool # Required for smoke-test
|
||||||
|
- krb5-devel # Required for smoke-test
|
||||||
|
- openssl-devel # Required for smoke-test
|
||||||
|
- pam-devel # Required for smoke-test
|
||||||
|
- perl # Required for smoke-test
|
||||||
|
- pkgconfig # Required for smoke-test
|
||||||
|
- tcp_wrappers-devel # Required for smoke-test
|
||||||
|
- bind-libbind-devel # Required for smoke-test
|
||||||
|
- unixODBC-devel # Required for smoke-test
|
||||||
|
- nfs-utils # Required for smoke-test
|
||||||
|
- rpm-build # Required for smoke-test
|
||||||
|
- nss-devel # Required for smoke-test
|
||||||
|
- libdb-devel # Required for smoke-test
|
||||||
|
- groff # Required for smoke-test
|
||||||
|
- cracklib-devel # Required for smoke-test
|
||||||
|
- perl-ExtUtils-Embed # Required for smoke-test
|
||||||
|
- yum-utils # Required for smoke-test
|
||||||
|
- libtool-ltdl-devel # Required for smoke-test
|
||||||
|
- wget # Required for smoke-test
|
Loading…
Reference in New Issue