fix: conversion of constraint overlay settings to cn=config is incorrect
Resolves: #733067
This commit is contained in:
parent
8ac21093cd
commit
a35a381613
81
openldap-constraint-overlay-config.patch
Normal file
81
openldap-constraint-overlay-config.patch
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
constraint overlay: fix config emit
|
||||||
|
|
||||||
|
Author: Pierangelo Masarati <ando@OpenLDAP.org>
|
||||||
|
Upstream ITS: #6986
|
||||||
|
Upstream commit: c0b669e14f4ef5b649f86bb3c1cc4ca76a00efa8
|
||||||
|
Resolves: #733067
|
||||||
|
|
||||||
|
diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
|
||||||
|
index fcb2830..e6a9267 100644
|
||||||
|
--- a/servers/slapd/overlays/constraint.c
|
||||||
|
+++ b/servers/slapd/overlays/constraint.c
|
||||||
|
@@ -145,6 +145,8 @@ constraint_cf_gen( ConfigArgs *c )
|
||||||
|
char *tstr = NULL;
|
||||||
|
int quotes = 0;
|
||||||
|
int j;
|
||||||
|
+ size_t val;
|
||||||
|
+ char val_buf[SLAP_TEXT_BUFLEN] = { '\0' };
|
||||||
|
|
||||||
|
bv.bv_len = STRLENOF(" ");
|
||||||
|
for (j = 0; cp->ap[j]; j++) {
|
||||||
|
@@ -156,6 +158,7 @@ constraint_cf_gen( ConfigArgs *c )
|
||||||
|
|
||||||
|
if (cp->re) {
|
||||||
|
tstr = REGEX_STR;
|
||||||
|
+ quotes = 1;
|
||||||
|
} else if (cp->lud) {
|
||||||
|
tstr = URI_STR;
|
||||||
|
quotes = 1;
|
||||||
|
@@ -164,8 +167,10 @@ constraint_cf_gen( ConfigArgs *c )
|
||||||
|
quotes = 1;
|
||||||
|
} else if (cp->size) {
|
||||||
|
tstr = SIZE_STR;
|
||||||
|
+ val = cp->size;
|
||||||
|
} else if (cp->count) {
|
||||||
|
tstr = COUNT_STR;
|
||||||
|
+ val = cp->count;
|
||||||
|
}
|
||||||
|
|
||||||
|
bv.bv_len += strlen(tstr);
|
||||||
|
@@ -175,6 +180,15 @@ constraint_cf_gen( ConfigArgs *c )
|
||||||
|
bv.bv_len += cp->restrict_val.bv_len + STRLENOF(" restrict=\"\"");
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (cp->count || cp->size) {
|
||||||
|
+ int len = snprintf(val_buf, sizeof(val_buf), "%d", val);
|
||||||
|
+ if (len <= 0) {
|
||||||
|
+ /* error */
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+ bv.bv_len += len;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
s = bv.bv_val = ch_malloc(bv.bv_len + 1);
|
||||||
|
|
||||||
|
s = lutil_strncopy( s, cp->ap[0]->ad_cname.bv_val, cp->ap[0]->ad_cname.bv_len );
|
||||||
|
@@ -185,9 +199,13 @@ constraint_cf_gen( ConfigArgs *c )
|
||||||
|
*s++ = ' ';
|
||||||
|
s = lutil_strcopy( s, tstr );
|
||||||
|
*s++ = ' ';
|
||||||
|
- if ( quotes ) *s++ = '"';
|
||||||
|
- s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
|
||||||
|
- if ( quotes ) *s++ = '"';
|
||||||
|
+ if (cp->count || cp->size) {
|
||||||
|
+ s = lutil_strcopy( s, val_buf );
|
||||||
|
+ } else {
|
||||||
|
+ if ( quotes ) *s++ = '"';
|
||||||
|
+ s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
|
||||||
|
+ if ( quotes ) *s++ = '"';
|
||||||
|
+ }
|
||||||
|
if (cp->restrict_lud != NULL) {
|
||||||
|
s = lutil_strcopy( s, " restrict=\"" );
|
||||||
|
s = lutil_strncopy( s, cp->restrict_val.bv_val, cp->restrict_val.bv_len );
|
||||||
|
@@ -471,7 +489,7 @@ constraint_cf_gen( ConfigArgs *c )
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- ber_str2bv(c->argv[argidx], 0, 1, &ap.restrict_val);
|
||||||
|
+ ber_str2bv(c->argv[argidx] + STRLENOF("restrict="), 0, 1, &ap.restrict_val);
|
||||||
|
|
||||||
|
} else {
|
||||||
|
/* cleanup */
|
@ -34,6 +34,7 @@ Patch8: openldap-nss-init-threadsafe.patch
|
|||||||
Patch9: openldap-nss-reqcert-hostname.patch
|
Patch9: openldap-nss-reqcert-hostname.patch
|
||||||
Patch10: openldap-nss-verifycert.patch
|
Patch10: openldap-nss-verifycert.patch
|
||||||
Patch11: openldap-nss-memleak-free-certs.patch
|
Patch11: openldap-nss-memleak-free-certs.patch
|
||||||
|
Patch12: openldap-constraint-overlay-config.patch
|
||||||
|
|
||||||
# patches for the evolution library (see README.evolution)
|
# patches for the evolution library (see README.evolution)
|
||||||
Patch200: openldap-evolution-ntlm.patch
|
Patch200: openldap-evolution-ntlm.patch
|
||||||
@ -138,6 +139,7 @@ pushd openldap-%{version}
|
|||||||
%patch9 -p1 -b .nss-reqcert-hostname
|
%patch9 -p1 -b .nss-reqcert-hostname
|
||||||
%patch10 -p1 -b .nss-verifycert
|
%patch10 -p1 -b .nss-verifycert
|
||||||
%patch11 -p1 -b .nss-memleak-free-certs
|
%patch11 -p1 -b .nss-memleak-free-certs
|
||||||
|
%patch12 -p1 -b .constraint-overlay-config
|
||||||
|
|
||||||
cp %{_datadir}/libtool/config/config.{sub,guess} build/
|
cp %{_datadir}/libtool/config/config.{sub,guess} build/
|
||||||
|
|
||||||
@ -666,6 +668,7 @@ exit 0
|
|||||||
- fix: NSS_Init* functions are not thread safe (#731112)
|
- fix: NSS_Init* functions are not thread safe (#731112)
|
||||||
- fix: incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT (#725819)
|
- fix: incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT (#725819)
|
||||||
- fix: memleak - free the return of tlsm_find_and_verify_cert_key (#725818)
|
- fix: memleak - free the return of tlsm_find_and_verify_cert_key (#725818)
|
||||||
|
- fix: conversion of constraint overlay settings to cn=config is incorrect (#733067)
|
||||||
|
|
||||||
* Sun Aug 14 2011 Rex Dieter <rdieter@fedoraproject.org> - 2.4.26-1.1
|
* Sun Aug 14 2011 Rex Dieter <rdieter@fedoraproject.org> - 2.4.26-1.1
|
||||||
- Rebuilt for rpm (#728707)
|
- Rebuilt for rpm (#728707)
|
||||||
|
Loading…
Reference in New Issue
Block a user