fix: conversion of constraint overlay settings to cn=config is incorrect

Resolves: #733067
This commit is contained in:
Jan Vcelak 2011-08-24 18:58:25 +02:00
parent 8ac21093cd
commit a35a381613
2 changed files with 84 additions and 0 deletions

View File

@ -0,0 +1,81 @@
constraint overlay: fix config emit
Author: Pierangelo Masarati <ando@OpenLDAP.org>
Upstream ITS: #6986
Upstream commit: c0b669e14f4ef5b649f86bb3c1cc4ca76a00efa8
Resolves: #733067
diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
index fcb2830..e6a9267 100644
--- a/servers/slapd/overlays/constraint.c
+++ b/servers/slapd/overlays/constraint.c
@@ -145,6 +145,8 @@ constraint_cf_gen( ConfigArgs *c )
char *tstr = NULL;
int quotes = 0;
int j;
+ size_t val;
+ char val_buf[SLAP_TEXT_BUFLEN] = { '\0' };
bv.bv_len = STRLENOF(" ");
for (j = 0; cp->ap[j]; j++) {
@@ -156,6 +158,7 @@ constraint_cf_gen( ConfigArgs *c )
if (cp->re) {
tstr = REGEX_STR;
+ quotes = 1;
} else if (cp->lud) {
tstr = URI_STR;
quotes = 1;
@@ -164,8 +167,10 @@ constraint_cf_gen( ConfigArgs *c )
quotes = 1;
} else if (cp->size) {
tstr = SIZE_STR;
+ val = cp->size;
} else if (cp->count) {
tstr = COUNT_STR;
+ val = cp->count;
}
bv.bv_len += strlen(tstr);
@@ -175,6 +180,15 @@ constraint_cf_gen( ConfigArgs *c )
bv.bv_len += cp->restrict_val.bv_len + STRLENOF(" restrict=\"\"");
}
+ if (cp->count || cp->size) {
+ int len = snprintf(val_buf, sizeof(val_buf), "%d", val);
+ if (len <= 0) {
+ /* error */
+ return -1;
+ }
+ bv.bv_len += len;
+ }
+
s = bv.bv_val = ch_malloc(bv.bv_len + 1);
s = lutil_strncopy( s, cp->ap[0]->ad_cname.bv_val, cp->ap[0]->ad_cname.bv_len );
@@ -185,9 +199,13 @@ constraint_cf_gen( ConfigArgs *c )
*s++ = ' ';
s = lutil_strcopy( s, tstr );
*s++ = ' ';
- if ( quotes ) *s++ = '"';
- s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
- if ( quotes ) *s++ = '"';
+ if (cp->count || cp->size) {
+ s = lutil_strcopy( s, val_buf );
+ } else {
+ if ( quotes ) *s++ = '"';
+ s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
+ if ( quotes ) *s++ = '"';
+ }
if (cp->restrict_lud != NULL) {
s = lutil_strcopy( s, " restrict=\"" );
s = lutil_strncopy( s, cp->restrict_val.bv_val, cp->restrict_val.bv_len );
@@ -471,7 +489,7 @@ constraint_cf_gen( ConfigArgs *c )
}
}
- ber_str2bv(c->argv[argidx], 0, 1, &ap.restrict_val);
+ ber_str2bv(c->argv[argidx] + STRLENOF("restrict="), 0, 1, &ap.restrict_val);
} else {
/* cleanup */

View File

@ -34,6 +34,7 @@ Patch8: openldap-nss-init-threadsafe.patch
Patch9: openldap-nss-reqcert-hostname.patch Patch9: openldap-nss-reqcert-hostname.patch
Patch10: openldap-nss-verifycert.patch Patch10: openldap-nss-verifycert.patch
Patch11: openldap-nss-memleak-free-certs.patch Patch11: openldap-nss-memleak-free-certs.patch
Patch12: openldap-constraint-overlay-config.patch
# patches for the evolution library (see README.evolution) # patches for the evolution library (see README.evolution)
Patch200: openldap-evolution-ntlm.patch Patch200: openldap-evolution-ntlm.patch
@ -138,6 +139,7 @@ pushd openldap-%{version}
%patch9 -p1 -b .nss-reqcert-hostname %patch9 -p1 -b .nss-reqcert-hostname
%patch10 -p1 -b .nss-verifycert %patch10 -p1 -b .nss-verifycert
%patch11 -p1 -b .nss-memleak-free-certs %patch11 -p1 -b .nss-memleak-free-certs
%patch12 -p1 -b .constraint-overlay-config
cp %{_datadir}/libtool/config/config.{sub,guess} build/ cp %{_datadir}/libtool/config/config.{sub,guess} build/
@ -666,6 +668,7 @@ exit 0
- fix: NSS_Init* functions are not thread safe (#731112) - fix: NSS_Init* functions are not thread safe (#731112)
- fix: incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT (#725819) - fix: incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT (#725819)
- fix: memleak - free the return of tlsm_find_and_verify_cert_key (#725818) - fix: memleak - free the return of tlsm_find_and_verify_cert_key (#725818)
- fix: conversion of constraint overlay settings to cn=config is incorrect (#733067)
* Sun Aug 14 2011 Rex Dieter <rdieter@fedoraproject.org> - 2.4.26-1.1 * Sun Aug 14 2011 Rex Dieter <rdieter@fedoraproject.org> - 2.4.26-1.1
- Rebuilt for rpm (#728707) - Rebuilt for rpm (#728707)