Hello community,
here is the log from the commit of package openldap2 for openSUSE:Factory checked in at 2014-02-18 14:46:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openldap2 (Old)
and /work/SRC/openSUSE:Factory/.openldap2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openldap2"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openldap2/openldap2-client.changes 2013-12-12 11:17:10.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.openldap2.new/openldap2-client.changes 2014-02-18 14:46:24.000000000 +0100
@@ -1,0 +2,43 @@
+Wed Feb 12 11:24:08 UTC 2014 - varkoly@suse.com
+
+- Remove PidFile from service definition
+- Update to 2.4.39
+ * Fixed libldap MozNSS crash (ITS#7783)
+ * Fixed libldap memory leak with SASL (ITS#7757)
+ * Fixed libldap assert in parse_passwdpolicy_control (ITS#7759)
+ * Fixed libldap shortcut NULL RDNs (ITS#7762)
+ * Fixed libldap deref to use correct control
+ * Fixed liblmdb keysizes with mdb_update_key (ITS#7756)
+ * Fixed slapd cn=config olcDbConfig modification (ITS#7750)
+ * Fixed slapd-bdb/hdb to bail out of search if config is paused (ITS#7761)
+ * Fixed slapd-bdb/hdb indexing issue with derived attributes (ITS#7778)
+ * Fixed slapd-mdb to bail out of search if config is paused (ITS#7761)
+ * Fixed slapd-mdb indexing issue with derived attributes (ITS#7778)
+ * Fixed slapd-perl to bail out of search if config is paused (ITS#7761)
+ * Fixed slapd-sql to bail out of search if config is paused (ITS#7761)
+ * Fixed slapo-constraint handling of softadd/softdel (ITS#7773)
+ * Fixed slapo-syncprov assert with findbase (ITS#7749)
+ * Build Environment
+ Test suite: Use $(MAKE) for tests (ITS#7753)
+ * Documentation
+ admin24 fix TLSDHParamFile to be correct (ITS#7684)
+
+-------------------------------------------------------------------
+Tue Feb 11 08:49:43 UTC 2014 - varkoly@suse.com
+
+- Add systemd style service definition
+- FATE#315028 remove memory limit for slapd
+- FATE#315415: LDAP compat packages required for older SLES versions
+ For this reson following patches were applied:
+ openldap-2.3.37-libldap-suid.diff
+ openldap-2.3.37-libldap-ldapi_url.dif
+ openldap-2.3.37-libldap-ntlm.diff
+ openldap-2.3.37-libldap-gethostbyname_r.dif
+ openldap-2.3.37-libldap-sasl-max-buff-size.dif
+ openldap-2.3.37-libldap-utf8-ADcanonical.dif
+ openldap-2.3.37-liblber-length-decoding.dif
+ openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
+ openldap-2.3.37-libldap-tls_chkhost-its6239.dif
+ openldap-2.3.37-libldap-ssl.dif
+
+-------------------------------------------------------------------
openldap2.changes: same change
Old:
----
openldap-2.4.38.tgz
New:
----
openldap-2.3.37-liblber-length-decoding.dif
openldap-2.3.37-libldap-gethostbyname_r.dif
openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
openldap-2.3.37-libldap-ldapi_url.dif
openldap-2.3.37-libldap-ntlm.diff
openldap-2.3.37-libldap-sasl-max-buff-size.dif
openldap-2.3.37-libldap-ssl.dif
openldap-2.3.37-libldap-suid.diff
openldap-2.3.37-libldap-tls_chkhost-its6239.dif
openldap-2.3.37-libldap-utf8-ADcanonical.dif
openldap-2.4.39.tgz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openldap2-client.spec ++++++
--- /var/tmp/diff_new_pack.N31ATy/_old 2014-02-18 14:46:25.000000000 +0100
+++ /var/tmp/diff_new_pack.N31ATy/_new 2014-02-18 14:46:25.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openldap2-client
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,6 +17,7 @@
%define run_test_suite 0
+%define version_main 2.4.39
Name: openldap2-client
Summary: The OpenLDAP commandline client tools
@@ -31,7 +32,7 @@
BuildRequires: -pwdutils
BuildRequires: openssl-devel
%endif
-Version: 2.4.38
+Version: 2.4.39
Release: 0
Url: http://www.openldap.org
%if "%{name}" == "openldap2"
@@ -44,7 +45,7 @@
BuildRequires: libdb-4_5-devel
%endif
Conflicts: openldap
-Requires: libldap-2_4-2 = %{version}
+Requires: libldap-2_4-2 = %{version_main}
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
%else
%if 0%{?suse_version} >= 1140
@@ -52,9 +53,10 @@
BuildRequires: krb5-mini
%endif
Conflicts: openldap-client
-Requires: libldap-2_4-2 = %{version}
+Requires: libldap-2_4-2 = %{version_main}
+Requires: systemd
%endif
-Source: openldap-%{version}.tgz
+Source: openldap-%{version_main}.tgz
Source1: openldap-rc.tgz
Source2: addonschema.tar.gz
Source3: DB_CONFIG
@@ -71,6 +73,16 @@
Patch6: 0006-No-Build-date-and-time-in-binaries.dif
Patch7: 0007-Recover-on-DB-version-change.dif
Patch100: openldap-2.3.37.dif
+Patch101: openldap-2.3.37-libldap-suid.diff
+Patch102: openldap-2.3.37-libldap-ldapi_url.dif
+Patch103: openldap-2.3.37-libldap-ntlm.diff
+Patch104: openldap-2.3.37-libldap-gethostbyname_r.dif
+Patch105: openldap-2.3.37-libldap-sasl-max-buff-size.dif
+Patch106: openldap-2.3.37-libldap-utf8-ADcanonical.dif
+Patch107: openldap-2.3.37-liblber-length-decoding.dif
+Patch108: openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
+Patch109: openldap-2.3.37-libldap-tls_chkhost-its6239.dif
+Patch110: openldap-2.3.37-libldap-ssl.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if "%{name}" == "openldap2"
@@ -82,8 +94,9 @@
%package -n openldap2-back-perl
Summary: OpenLDAP Perl Back-End
+License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Servers
-Requires: openldap2 = %{version}
+Requires: openldap2 = %{version_main}
Requires: perl = %{perl_version}
%description -n openldap2-back-perl
@@ -92,8 +105,9 @@
%package -n openldap2-back-meta
Summary: OpenLDAP Meta Back-End
+License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Servers
-Requires: openldap2 = %{version}
+Requires: openldap2 = %{version_main}
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
%description -n openldap2-back-meta
@@ -104,8 +118,9 @@
%package -n openldap2-back-sql
Summary: OpenLDAP SQL Back-End
+License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Servers
-Requires: openldap2 = %{version}
+Requires: openldap2 = %{version_main}
%description -n openldap2-back-sql
The primary purpose of this OpenLDAP backend is to present information
@@ -114,6 +129,7 @@
%package -n openldap2-doc
Summary: OpenLDAP Documentation
+License: OLDAP-2.8
Group: Documentation/Other
Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
%if 0%{?suse_version} > 1110
@@ -123,6 +139,22 @@
%description -n openldap2-doc
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
+%package -n compat-libldap-2_3-0
+Summary: OpenLDAP Client Libraries
+License: BSD-3-Clause and OLDAP-2.8 and OLDAP-2.8
+Group: Productivity/Networking/LDAP/Clients
+Version: 2.3.37
+Release: 2.<RELEASE22>
+
+%description -n compat-libldap-2_3-0
+This package contains the OpenLDAP client libraries.
+
+
+
+Authors:
+--------
+ The OpenLDAP Project
+
%else
%description
@@ -130,6 +162,7 @@
%package -n openldap2-devel
Summary: Libraries, Header Files and Documentation for OpenLDAP
+License: OLDAP-2.8
Group: Development/Libraries/C and C++
# bug437293
%ifarch ppc64
@@ -137,7 +170,7 @@
%endif
#
Conflicts: openldap-devel
-Requires: libldap-2_4-2 = %{version}
+Requires: libldap-2_4-2 = %{version_main}
%description -n openldap2-devel
This package provides the OpenLDAP libraries, header files, and
@@ -145,6 +178,7 @@
%package -n openldap2-devel-static
Summary: Static libraries for the OpenLDAP libraries
+License: OLDAP-2.8
Group: Development/Libraries/C and C++
Requires: openldap2-devel = %version
%if %sles_version == 10
@@ -160,6 +194,7 @@
%package -n libldap-2_4-2
Summary: OpenLDAP Client Libraries
+License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Clients
%description -n libldap-2_4-2
@@ -168,7 +203,7 @@
%endif
%prep
-%setup -q -n openldap-%{version} -a1 -a2 -b100
+%setup -q -n openldap-%{version_main} -a1 -a2 -b100
%patch1 -p1
%patch2 -p1
%patch3 -p1
@@ -180,6 +215,16 @@
cp %{SOURCE6} .
cd ../openldap-2.3.37
%patch100
+%patch101
+%patch102
+%patch103
+%patch104
+%patch105
+%patch106
+%patch107
+%patch108
+%patch109 -p1
+%patch110
%build
%{?suse_update_config:%{suse_update_config -f build}}
@@ -222,7 +267,7 @@
make depend
make %{?jobs:-j%jobs}
%if "%{name}" == "openldap2"
-%if %suse_version < 1130
+#%if %suse_version < 1130
# build a static slapcat binary from the OpenLDAP 2.3 release
# to be able to update existing databases
cd ../openldap-2.3.37
@@ -230,18 +275,18 @@
libtoolize --force
#aclocal -I build
autoreconf
-export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED"
+export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS"
./configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc \
--localstatedir=/var/run/slapd --libexecdir=/usr/lib/openldap \
--libdir=%{_libdir} --mandir=%{_mandir} --enable-aci \
--enable-hdb --enable-bdb --enable-ldbm --enable-crypt \
--enable-ipv6=no \
--enable-ldap --enable-monitor --enable-meta --enable-rewrite \
- --enable-dynamic=no --enable-shared=no
+ --enable-dynamic=no --enable-shared=yes
make depend
-make %{?jobs:-j%jobs}
+make -C libraries %{?jobs:-j%jobs}
-%endif
+#%endif
%endif
%check
@@ -270,11 +315,12 @@
%endif
%install
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
+mkdir -p $RPM_BUILD_ROOT/usr/lib/openldap/
mkdir -p $RPM_BUILD_ROOT/usr/sbin
+mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/system
make STRIP="" DESTDIR=$RPM_BUILD_ROOT install
-install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap
-ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap
+install -m 755 start $RPM_BUILD_ROOT/usr/lib/openldap/start
+install -m 644 slapd.service $RPM_BUILD_ROOT/usr/lib/systemd/system
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
@@ -319,6 +365,10 @@
# install 2.3 slapcat
install -m 755 ../openldap-2.3.37/servers/slapd/slapcat $RPM_BUILD_ROOT/usr/sbin/openldap-2.3-slapcat
%endif
+# install sle-10 compat libraries
+pushd ../openldap-2.3.37/libraries
+make DESTDIR=$RPM_BUILD_ROOT install
+popd
%endif
rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
@@ -334,21 +384,19 @@
#put filelists into files
cat >openldap2.filelist < compat-libldap.filelist < openldap2-client.filelist < libldap.filelist < openldap2-devel.filelist <http://www.openldap.org
%if "%{name}" == "openldap2"
@@ -44,7 +45,7 @@
BuildRequires: libdb-4_5-devel
%endif
Conflicts: openldap
-Requires: libldap-2_4-2 = %{version}
+Requires: libldap-2_4-2 = %{version_main}
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
%else
%if 0%{?suse_version} >= 1140
@@ -52,9 +53,10 @@
BuildRequires: krb5-mini
%endif
Conflicts: openldap-client
-Requires: libldap-2_4-2 = %{version}
+Requires: libldap-2_4-2 = %{version_main}
+Requires: systemd
%endif
-Source: openldap-%{version}.tgz
+Source: openldap-%{version_main}.tgz
Source1: openldap-rc.tgz
Source2: addonschema.tar.gz
Source3: DB_CONFIG
@@ -71,6 +73,16 @@
Patch6: 0006-No-Build-date-and-time-in-binaries.dif
Patch7: 0007-Recover-on-DB-version-change.dif
Patch100: openldap-2.3.37.dif
+Patch101: openldap-2.3.37-libldap-suid.diff
+Patch102: openldap-2.3.37-libldap-ldapi_url.dif
+Patch103: openldap-2.3.37-libldap-ntlm.diff
+Patch104: openldap-2.3.37-libldap-gethostbyname_r.dif
+Patch105: openldap-2.3.37-libldap-sasl-max-buff-size.dif
+Patch106: openldap-2.3.37-libldap-utf8-ADcanonical.dif
+Patch107: openldap-2.3.37-liblber-length-decoding.dif
+Patch108: openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
+Patch109: openldap-2.3.37-libldap-tls_chkhost-its6239.dif
+Patch110: openldap-2.3.37-libldap-ssl.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if "%{name}" == "openldap2"
@@ -82,8 +94,9 @@
%package -n openldap2-back-perl
Summary: OpenLDAP Perl Back-End
+License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Servers
-Requires: openldap2 = %{version}
+Requires: openldap2 = %{version_main}
Requires: perl = %{perl_version}
%description -n openldap2-back-perl
@@ -92,8 +105,9 @@
%package -n openldap2-back-meta
Summary: OpenLDAP Meta Back-End
+License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Servers
-Requires: openldap2 = %{version}
+Requires: openldap2 = %{version_main}
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
%description -n openldap2-back-meta
@@ -104,8 +118,9 @@
%package -n openldap2-back-sql
Summary: OpenLDAP SQL Back-End
+License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Servers
-Requires: openldap2 = %{version}
+Requires: openldap2 = %{version_main}
%description -n openldap2-back-sql
The primary purpose of this OpenLDAP backend is to present information
@@ -114,6 +129,7 @@
%package -n openldap2-doc
Summary: OpenLDAP Documentation
+License: OLDAP-2.8
Group: Documentation/Other
Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
%if 0%{?suse_version} > 1110
@@ -123,6 +139,22 @@
%description -n openldap2-doc
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
+%package -n compat-libldap-2_3-0
+Summary: OpenLDAP Client Libraries
+License: BSD-3-Clause and OLDAP-2.8 and OLDAP-2.8
+Group: Productivity/Networking/LDAP/Clients
+Version: 2.3.37
+Release: 2.<RELEASE22>
+
+%description -n compat-libldap-2_3-0
+This package contains the OpenLDAP client libraries.
+
+
+
+Authors:
+--------
+ The OpenLDAP Project
+
%else
%description
@@ -130,6 +162,7 @@
%package -n openldap2-devel
Summary: Libraries, Header Files and Documentation for OpenLDAP
+License: OLDAP-2.8
Group: Development/Libraries/C and C++
# bug437293
%ifarch ppc64
@@ -137,7 +170,7 @@
%endif
#
Conflicts: openldap-devel
-Requires: libldap-2_4-2 = %{version}
+Requires: libldap-2_4-2 = %{version_main}
%description -n openldap2-devel
This package provides the OpenLDAP libraries, header files, and
@@ -145,6 +178,7 @@
%package -n openldap2-devel-static
Summary: Static libraries for the OpenLDAP libraries
+License: OLDAP-2.8
Group: Development/Libraries/C and C++
Requires: openldap2-devel = %version
%if %sles_version == 10
@@ -160,6 +194,7 @@
%package -n libldap-2_4-2
Summary: OpenLDAP Client Libraries
+License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Clients
%description -n libldap-2_4-2
@@ -168,7 +203,7 @@
%endif
%prep
-%setup -q -n openldap-%{version} -a1 -a2 -b100
+%setup -q -n openldap-%{version_main} -a1 -a2 -b100
%patch1 -p1
%patch2 -p1
%patch3 -p1
@@ -180,6 +215,16 @@
cp %{SOURCE6} .
cd ../openldap-2.3.37
%patch100
+%patch101
+%patch102
+%patch103
+%patch104
+%patch105
+%patch106
+%patch107
+%patch108
+%patch109 -p1
+%patch110
%build
%{?suse_update_config:%{suse_update_config -f build}}
@@ -222,7 +267,7 @@
make depend
make %{?jobs:-j%jobs}
%if "%{name}" == "openldap2"
-%if %suse_version < 1130
+#%if %suse_version < 1130
# build a static slapcat binary from the OpenLDAP 2.3 release
# to be able to update existing databases
cd ../openldap-2.3.37
@@ -230,18 +275,18 @@
libtoolize --force
#aclocal -I build
autoreconf
-export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED"
+export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS"
./configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc \
--localstatedir=/var/run/slapd --libexecdir=/usr/lib/openldap \
--libdir=%{_libdir} --mandir=%{_mandir} --enable-aci \
--enable-hdb --enable-bdb --enable-ldbm --enable-crypt \
--enable-ipv6=no \
--enable-ldap --enable-monitor --enable-meta --enable-rewrite \
- --enable-dynamic=no --enable-shared=no
+ --enable-dynamic=no --enable-shared=yes
make depend
-make %{?jobs:-j%jobs}
+make -C libraries %{?jobs:-j%jobs}
-%endif
+#%endif
%endif
%check
@@ -270,11 +315,12 @@
%endif
%install
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
+mkdir -p $RPM_BUILD_ROOT/usr/lib/openldap/
mkdir -p $RPM_BUILD_ROOT/usr/sbin
+mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/system
make STRIP="" DESTDIR=$RPM_BUILD_ROOT install
-install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap
-ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap
+install -m 755 start $RPM_BUILD_ROOT/usr/lib/openldap/start
+install -m 644 slapd.service $RPM_BUILD_ROOT/usr/lib/systemd/system
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
@@ -319,6 +365,10 @@
# install 2.3 slapcat
install -m 755 ../openldap-2.3.37/servers/slapd/slapcat $RPM_BUILD_ROOT/usr/sbin/openldap-2.3-slapcat
%endif
+# install sle-10 compat libraries
+pushd ../openldap-2.3.37/libraries
+make DESTDIR=$RPM_BUILD_ROOT install
+popd
%endif
rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
@@ -334,21 +384,19 @@
#put filelists into files
cat >openldap2.filelist < compat-libldap.filelist < openldap2-client.filelist < libldap.filelist < openldap2-devel.filelist <ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
- (char *)&ber->ber_len + LENSIZE*2 -1) {
+ (char *)&ber->ber_len + LENSIZE*2) {
ber_slen_t sblen;
char buf[sizeof(ber->ber_len)-1];
ber_len_t tlen = 0;
+ /* The tag & len can be at most 9 bytes; we try to read up to 8 here */
sock_errset(0);
- sblen=ber_int_sb_read( sb, ber->ber_rwptr,
- ((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
+ sblen=((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr;
+ /* Trying to read the last len byte of a 9 byte tag+len */
+ if (sblen<1)
+ sblen = 1;
+ sblen=ber_int_sb_read( sb, ber->ber_rwptr, sblen );
if (sblen<=0) return LBER_DEFAULT;
ber->ber_rwptr += sblen;
@@ -552,7 +556,7 @@ ber_get_next(
int i;
unsigned char *p = (unsigned char *)ber->ber_ptr;
int llen = *p++ & 0x7f;
- if (llen > (int)sizeof(ber_len_t)) {
+ if (llen > LENSIZE) {
sock_errset(ERANGE);
return LBER_DEFAULT;
}
Index: libraries/libldap/result.c
===================================================================
--- libraries/libldap/result.c.orig
+++ libraries/libldap/result.c
@@ -296,18 +296,20 @@
#endif
if ( !lc_ready ) {
+ int err;
rc = ldap_int_select( ld, tvp );
-#ifdef LDAP_DEBUG
if ( rc == -1 ) {
+ err = sock_errno();
+#ifdef LDAP_DEBUG
Debug( LDAP_DEBUG_TRACE,
"ldap_int_select returned -1: errno %d\n",
- sock_errno(), 0, 0 );
- }
+ err, 0, 0 );
#endif
+ }
if ( rc == 0 || ( rc == -1 && (
!LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART)
- || sock_errno() != EINTR )))
+ || err != EINTR )))
{
ld->ld_errno = (rc == -1 ? LDAP_SERVER_DOWN :
LDAP_TIMEOUT);
@@ -410,7 +412,7 @@
LDAPRequest *lr, *tmplr;
LDAPConn *lc;
BerElement tmpber;
- int rc, refer_cnt, hadref, simple_request;
+ int rc, refer_cnt, hadref, simple_request, err;
ber_int_t lderr;
#ifdef LDAP_CONNECTIONLESS
@@ -469,15 +471,16 @@
}
if ( tag != LDAP_TAG_MESSAGE ) {
if ( tag == LBER_DEFAULT) {
+ err = sock_errno();
#ifdef LDAP_DEBUG
Debug( LDAP_DEBUG_CONNS,
"ber_get_next failed.\n", 0, 0, 0 );
-#endif
+#endif
#ifdef EWOULDBLOCK
- if ( sock_errno() == EWOULDBLOCK ) return LDAP_MSG_X_KEEP_LOOKING;
+ if ( err == EWOULDBLOCK ) return LDAP_MSG_X_KEEP_LOOKING;
#endif
#ifdef EAGAIN
- if ( sock_errno() == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING;
+ if ( err == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING;
#endif
ld->ld_errno = LDAP_SERVER_DOWN;
return -1;
++++++ openldap-2.3.37-libldap-gethostbyname_r.dif ++++++
--- libraries/libldap/util-int.c 2005/08/23 16:07:09 1.1
+++ libraries/libldap/util-int.c 2005/08/23 16:16:03
@@ -52,7 +52,7 @@
#ifndef LDAP_R_COMPILE
# undef HAVE_REENTRANT_FUNCTIONS
# undef HAVE_CTIME_R
-# undef HAVE_GETHOSTBYNAME_R
+/* # undef HAVE_GETHOSTBYNAME_R */
# undef HAVE_GETHOSTBYADDR_R
#else
@@ -110,7 +110,7 @@
#define BUFSTART (1024-32)
#define BUFMAX (32*1024-32)
-#if defined(LDAP_R_COMPILE)
+#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R)
static char *safe_realloc( char **buf, int len );
#if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R))
++++++ openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif ++++++
Index: libraries/libldap/request.c
===================================================================
--- libraries/libldap/request.c.orig
+++ libraries/libldap/request.c
@@ -601,6 +601,9 @@ ldap_free_connection( LDAP *ld, LDAPConn
} else {
prevlc->lconn_next = tmplc->lconn_next;
}
+ if ( ld->ld_defconn == lc ) {
+ ld->ld_defconn = NULL;
+ }
break;
}
prevlc = tmplc;
@@ -631,6 +634,8 @@ ldap_free_connection( LDAP *ld, LDAPConn
}
if ( lc->lconn_sb != ld->ld_sb ) {
ber_sockbuf_free( lc->lconn_sb );
+ } else {
+ ber_int_sb_close( lc->lconn_sb );
}
if ( lc->lconn_rebind_queue != NULL) {
int i;
++++++ openldap-2.3.37-libldap-ldapi_url.dif ++++++
--- include/ldap_defaults.h 2004/04/14 14:13:27 1.1
+++ include/ldap_defaults.h 2004/04/14 14:14:01
@@ -39,7 +39,7 @@
#define LDAP_ENV_PREFIX "LDAP"
/* default ldapi:// socket */
-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"
+#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "ldapi"
/*
* SLAPD DEFINITIONS
++++++ openldap-2.3.37-libldap-ntlm.diff ++++++
Index: include/ldap.h
===================================================================
--- include/ldap.h.orig
+++ include/ldap.h
@@ -2118,5 +2118,26 @@ LDAP_F( const char * )
ldap_passwordpolicy_err2txt LDAP_P(( LDAPPasswordPolicyError ));
#endif /* LDAP_CONTROL_PASSWORDPOLICYREQUEST */
+/*
+ * hacks for NTLM
+ */
+#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
+#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
+LDAP_F( int )
+ldap_ntlm_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+LDAP_F( int )
+ldap_parse_ntlm_bind_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge));
+
+
LDAP_END_DECL
#endif /* _LDAP_H */
Index: libraries/libldap/Makefile.in
===================================================================
--- libraries/libldap/Makefile.in.orig
+++ libraries/libldap/Makefile.in
@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
- sasl.c sbind.c kbind.c unbind.c cancel.c \
+ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c sortctrl.c vlvctrl.c \
@@ -31,7 +31,7 @@ SRCS = bind.c open.c result.c error.c co
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
Index: libraries/libldap/ntlm.c
===================================================================
--- /dev/null
+++ libraries/libldap/ntlm.c
@@ -0,0 +1,137 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
+/*
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+/* Mostly copied from sasl.c */
+
+#include "portable.h"
+
+#include
+#include
+
+#include
+#include
+#include
+#include
+
+#include "ldap-int.h"
+
+int
+ldap_ntlm_bind(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ if( msgidp == NULL ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ assert( LBER_VALID( ber ) );
+
+ LDAP_NEXT_MSGID( ld, id );
+ rc = ber_printf( ber, "{it{istON}" /*}*/,
+ id, LDAP_REQ_BIND,
+ ld->ld_version, dn, tag,
+ cred );
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
+
+ if(*msgidp < 0)
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_parse_ntlm_bind_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge)
+{
+ ber_int_t errcode;
+ ber_tag_t tag;
+ BerElement *ber;
+ ber_len_t len;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+
+ if ( ld == NULL || res == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ if( res->lm_msgtype != LDAP_RES_BIND ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ if ( ld->ld_matched ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ /* parse results */
+
+ ber = ber_dup( res->lm_ber );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ tag = ber_scanf( ber, "{ioa" /*}*/,
+ &errcode, challenge, &ld->ld_error );
+ ber_free( ber, 0 );
+
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ ld->ld_errno = errcode;
+
+ return( ld->ld_errno );
+}
++++++ openldap-2.3.37-libldap-sasl-max-buff-size.dif ++++++
Index: libraries/libldap/cyrus.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/cyrus.c,v
retrieving revision 1.139
retrieving revision 1.140
diff -u -r1.139 -r1.140
--- libraries/libldap/cyrus.c 2 Jan 2007 19:00:58 -0000 1.139
+++ libraries/libldap/cyrus.c 23 Apr 2007 12:21:48 -0000 1.140
@@ -208,7 +208,7 @@
| buf[2] << 8
| buf[3];
- if ( size > SASL_MAX_BUFF_SIZE ) {
+ if ( size >= SASL_MAX_BUFF_SIZE ) {
/* somebody is trying to mess me up. */
ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
"sb_sasl_pkt_length: received illegal packet length "
++++++ openldap-2.3.37-libldap-ssl.dif ++++++
Index: libraries/libldap/tls.c
===================================================================
--- libraries/libldap/tls.c 2013-11-12 17:09:55.284965672 +0100
+++ libraries/libldap/tls.c 2013-11-12 17:10:22.829163042 +0100
@@ -918,10 +918,6 @@
{
/* If peer cert was bad, treat as if no cert was given */
if (SSL_get_verify_result(s)) {
- /* If we can send an alert, do so */
- if (SSL_version(s) != SSL2_VERSION) {
- ssl3_send_alert(s,SSL3_AL_WARNING,SSL3_AD_BAD_CERTIFICATE);
- }
return NULL;
}
return SSL_get_peer_certificate(s);
++++++ openldap-2.3.37-libldap-suid.diff ++++++
Index: libraries/libldap/init.c
===================================================================
--- libraries/libldap/init.c.orig
+++ libraries/libldap/init.c
@@ -579,6 +579,7 @@ void ldap_int_initialize( struct ldapopt
#endif
openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
+ if( getuid() == geteuid() ){
openldap_ldap_init_w_userconf(LDAP_USERRC_FILE);
{
@@ -608,4 +609,5 @@ void ldap_int_initialize( struct ldapopt
}
openldap_ldap_init_w_env(gopts, NULL);
+ }
}
++++++ openldap-2.3.37-libldap-tls_chkhost-its6239.dif ++++++
Index: openldap-2.3.32/libraries/libldap/tls.c
===================================================================
--- openldap-2.3.32.orig/libraries/libldap/tls.c
+++ openldap-2.3.32/libraries/libldap/tls.c
@@ -981,7 +981,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
X509 *x;
const char *name;
char *ptr;
- int ntype = IS_DNS;
+ int ntype = IS_DNS, nlen;
#ifdef LDAP_PF_INET6
struct in6_addr addr;
#else
@@ -995,6 +995,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
} else {
name = name_in;
}
+ nlen = strlen(name);
x = tls_get_cert((SSL *)s);
if (!x) {
@@ -1028,15 +1029,14 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
ex = X509_get_ext(x, i);
alt = X509V3_EXT_d2i(ex);
if (alt) {
- int n, len1 = 0, len2 = 0;
+ int n, len2 = 0;
char *domain = NULL;
GENERAL_NAME *gn;
if (ntype == IS_DNS) {
- len1 = strlen(name);
domain = strchr(name, '.');
if (domain) {
- len2 = len1 - (domain-name);
+ len2 = nlen - (domain-name);
}
}
n = sk_GENERAL_NAME_num(alt);
@@ -1054,7 +1054,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
if (sl == 0) continue;
/* Is this an exact match? */
- if ((len1 == sl) && !strncasecmp(name, sn, len1)) {
+ if ((nlen == sl) && !strncasecmp(name, sn, nlen)) {
break;
}
@@ -1094,13 +1094,27 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
if (ret != LDAP_SUCCESS) {
X509_NAME *xn;
- char buf[2048];
- buf[0] = '\0';
+ X509_NAME_ENTRY *ne;
+ ASN1_OBJECT *obj;
+ ASN1_STRING *cn = NULL;
+ int navas;
+
+ /* find the last CN */
+ obj = OBJ_nid2obj( NID_commonName );
+ if ( !obj ) goto no_cn; /* should never happen */
xn = X509_get_subject_name(x);
- if( X509_NAME_get_text_by_NID( xn, NID_commonName,
- buf, sizeof(buf)) == -1)
- {
+ navas = X509_NAME_entry_count( xn );
+ for ( i=navas-1; i>=0; i-- ) {
+ ne = X509_NAME_get_entry( xn, i );
+ if ( !OBJ_cmp( ne->object, obj )) {
+ cn = X509_NAME_ENTRY_get_data( ne );
+ break;
+ }
+ }
+
+ if( !cn ){
+no_cn:
Debug( LDAP_DEBUG_ANY,
"TLS: unable to get common name from peer certificate.\n",
0, 0, 0 );
@@ -1111,21 +1125,20 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
ld->ld_error = LDAP_STRDUP(
_("TLS: unable to get CN from peer certificate"));
- } else if (strcasecmp(name, buf) == 0 ) {
+ } else if ( cn->length == nlen &&
+ strncasecmp( name, (char *) cn->data, nlen ) == 0 ) {
ret = LDAP_SUCCESS;
- } else if (( buf[0] == '*' ) && ( buf[1] == '.' )) {
+ } else if (( cn->data[0] == '*' ) && ( cn->data[1] == '.' )) {
char *domain = strchr(name, '.');
if( domain ) {
- size_t dlen = 0;
- size_t sl;
+ size_t dlen;
- sl = strlen(name);
- dlen = sl - (domain-name);
- sl = strlen(buf);
+ dlen = nlen - (domain-name);
/* Is this a wildcard match? */
- if ((dlen == sl-1) && !strncasecmp(domain, &buf[1], dlen)) {
+ if ((dlen == cn->length-1) &&
+ !strncasecmp(domain, (char *) &cn->data[1], dlen)) {
ret = LDAP_SUCCESS;
}
}
@@ -1133,8 +1146,8 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
if( ret == LDAP_LOCAL_ERROR ) {
Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
- "common name in certificate (%s).\n",
- name, buf, 0 );
+ "common name in certificate (%.*s).\n",
+ name, cn->length, cn->data );
ret = LDAP_CONNECT_ERROR;
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
++++++ openldap-2.3.37-libldap-utf8-ADcanonical.dif ++++++
Index: libraries/libldap/getdn.c
===================================================================
--- libraries/libldap/getdn.c.orig
+++ libraries/libldap/getdn.c
@@ -2377,12 +2377,12 @@ strval2DCEstr( struct berval *val, char
/*
* Length of the (supposedly) AD canonical string representation,
- * accounting for escaped hex of UTF-8 chars
+ * accounting for chars that need to be escaped
*/
static int
strval2ADstrlen( struct berval *val, unsigned flags, ber_len_t *len )
{
- ber_len_t l;
+ ber_len_t l, cl;
char *p;
assert( val != NULL );
@@ -2393,37 +2393,31 @@ strval2ADstrlen( struct berval *val, uns
return( 0 );
}
- if ( flags & LDAP_AVA_NONPRINTABLE ) {
- /*
- * FIXME: Turn the value into a binary encoded BER?
- */
- return( -1 );
-
- } else {
- for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) {
- if ( LDAP_DN_NEEDESCAPE_AD( p[ 0 ] ) ) {
- l += 2;
-
- } else {
- l++;
- }
+ for ( l = 0, p = val->bv_val; p[ 0 ]; p += cl ) {
+ cl = LDAP_UTF8_CHARLEN2( p, cl );
+ if ( cl == 0 ) {
+ /* illegal utf-8 char */
+ return -1;
+ } else if ( (cl == 1) && LDAP_DN_NEEDESCAPE_AD( p[ 0 ] ) ) {
+ l += 2;
+ } else {
+ l += cl;
}
}
*len = l;
-
+
return( 0 );
}
/*
- * convert to (supposedly) AD string representation,
- * escaping with hex the UTF-8 stuff;
+ * convert to (supposedly) AD string representation,
* assume the destination has enough room for escaping
*/
static int
strval2ADstr( struct berval *val, char *str, unsigned flags, ber_len_t *len )
{
- ber_len_t s, d;
+ ber_len_t s, d, cl;
assert( val != NULL );
assert( str != NULL );
@@ -2434,24 +2428,20 @@ strval2ADstr( struct berval *val, char *
return( 0 );
}
- if ( flags & LDAP_AVA_NONPRINTABLE ) {
- /*
- * FIXME: Turn the value into a binary encoded BER?
- */
- *len = 0;
- return( -1 );
-
- } else {
-
- /*
- * we assume the string has enough room for the hex encoding
- * of the value
- */
+ /*
+ * we assume the string has enough room for the escaping
+ * of the value
+ */
- for ( s = 0, d = 0; s < val->bv_len; ) {
- if ( LDAP_DN_NEEDESCAPE_AD( val->bv_val[ s ] ) ) {
- str[ d++ ] = '\\';
- }
+ for ( s = 0, d = 0; s < val->bv_len; ) {
+ cl = LDAP_UTF8_CHARLEN2( val->bv_val+s, cl );
+ if ( cl == 0 ) {
+ /* illegal utf-8 char */
+ return -1;
+ } else if ( (cl == 1) && LDAP_DN_NEEDESCAPE_AD(val->bv_val[ s ]) ) {
+ str[ d++ ] = '\\';
+ }
+ for (; cl--;) {
str[ d++ ] = val->bv_val[ s++ ];
}
}
++++++ openldap-2.4.38.tgz -> openldap-2.4.39.tgz ++++++
++++ 15432 lines of diff (skipped)
++++++ openldap-rc.tgz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rc.ldap new/rc.ldap
--- old/rc.ldap 2012-11-16 10:21:31.000000000 +0100
+++ new/rc.ldap 1970-01-01 01:00:00.000000000 +0100
@@ -1,310 +0,0 @@
-#! /bin/sh
-# Copyright (c) 1997-2000 SuSE GmbH Nuernberg, Germany.
-# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
-#
-# Author: Carsten Hoeger
-# Ralf Haferkamp
-#
-# /etc/init.d/ldap
-#
-### BEGIN INIT INFO
-# Provides: ldap
-# Required-Start: $network $remote_fs
-# Required-Stop: $network $remote_fs
-# Default-Start: 3 5
-# Default-Stop: 0 1 2 6
-# Short-Description: OpenLDAP Server (slapd)
-# Description: Start and Stop the OpenLDAP Server (slapd) to
-# provide LDAP directory services.
-### END INIT INFO
-
-# Determine the base and follow a runlevel link name.
-base=${0##*/}
-link=${base#*[SK][0-9][0-9]}
-
-test -f /etc/sysconfig/openldap && . /etc/sysconfig/openldap
-
-SLAPD_BIN=/usr/lib/openldap/slapd
-LDAP_URLS=""
-LDAPS_URLS=""
-LDAPI_URLS=""
-SLAPD_CONFIG_ARG="-F /etc/openldap/slapd.d"
-SLAPD_PID_DIR="/var/run/slapd/"
-
-test -x $SLAPD_BIN || exit 5
-
-# Shell functions sourced from /etc/rc.status:
-# rc_check check and set local and overall rc status
-# rc_status check and set local and overall rc status
-# rc_status -v ditto but be verbose in local rc status
-# rc_status -v -r ditto and clear the local rc status
-# rc_failed set local and overall rc status to failed
-# rc_failed <num> set local and overall rc status to <num><num>
-# rc_reset clear local rc status (overall remains)
-# rc_exit exit appropriate to overall rc status
-. /etc/rc.status
-
-# First reset status of this service
-rc_reset
-
-function init_ldap_listener_urls(){
- case "$OPENLDAP_START_LDAP" in
- [Yy][Ee][Ss])
- if [ -n "$OPENLDAP_LDAP_INTERFACES" ]
- then
- for iface in $OPENLDAP_LDAP_INTERFACES ;do
- LDAP_URLS="$LDAP_URLS ldap://$iface"
- done
- else
- LDAP_URLS="ldap:///"
- fi
- ;;
- esac
-}
-
-function init_ldapi_listener_urls(){
- case "$OPENLDAP_START_LDAPI" in
- [Yy][Ee][Ss])
- if [ -n "$OPENLDAP_LDAPI_INTERFACES" ]
- then
- for iface in $OPENLDAP_LDAPI_INTERFACES ;do
- esc_iface=`echo "$iface" | sed -e s'/\\//\\%2f/'g`
- LDAPI_URLS="$LDAPI_URLS ldapi://$esc_iface"
- done
- else
- LDAPI_URLS="ldapi:///"
- fi
- ;;
- esac
-}
-
-function init_ldaps_listener_urls(){
- case "$OPENLDAP_START_LDAPS" in
- [Yy][Ee][Ss])
- if [ -n "$OPENLDAP_LDAPS_INTERFACES" ]
- then
- for iface in $OPENLDAP_LDAPS_INTERFACES ;do
- LDAPS_URLS="$LDAPS_URLS ldaps://$iface"
- done
- else
- LDAPS_URLS="ldaps:///"
- fi
- ;;
- esac
-}
-
-function check_connection(){
- SLAPD_TIMEOUT=10
- START=$( date +%s)
- while [ $(( $( date +%s) - ${START} )) -lt ${SLAPD_TIMEOUT} ]; do
- ldapsearch -x -H "$LDAP_URLS $LDAPI_URLS $LDAPS_URLS" -b "" -s base &>/dev/null
- LDAPSEARCH_RC=$?
- if [ ${LDAPSEARCH_RC} -ge 0 ] && [ ${LDAPSEARCH_RC} -le 80 ] ; then break
- else sleep 1
- fi
- done
-}
-
-depth=0;
-
-function chown_database_dirs_bconfig() {
- ldapdir=$(find $1 -type f -name "olcDatabase*" | xargs grep -i olcdbdirectory | awk '{print $2}')
- for dir in $ldapdir; do
- [ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
- chown -R $OPENLDAP_USER $dir 2>/dev/null
- [ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
- chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null
- done
-}
-
-function chown_database_dirs() {
- ldapdir=`grep ^directory $1 | awk '{print $2}'`
- for dir in $ldapdir; do
- [ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
- chown -R $OPENLDAP_USER $dir 2>/dev/null
- [ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
- chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null
- done
- includes=`grep ^include $1 | awk '{print $2}'`
- if [ $depth -le 50 ]; then
- depth=$(( $depth + 1 ));
- for i in $includes; do
- chown_database_dirs "$i" ;
- done
- fi
-}
-
-USER_CMD=""
-GROUP_CMD=""
-[ ! "x$OPENLDAP_USER" = "x" ] && USER_CMD="-u $OPENLDAP_USER"
-[ ! "x$OPENLDAP_GROUP" = "x" ] && GROUP_CMD="-g $OPENLDAP_GROUP"
-[ ! "x$OPENLDAP_CONFIG_BACKEND" = "xldap" ] && SLAPD_CONFIG_ARG="-f /etc/openldap/slapd.conf"
-
-
-
-# Return values acc. to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
-#
-# Note that starting an already running service, stopping
-# or restarting a not-running service as well as the restart
-# with force-reload (in case signalling is not supported) are
-# considered a success.
-
-case "$1" in
- start)
- if [ -f /etc/openldap/UPDATE_NEEDED ]; then
- rc_failed 6
- echo " The configuration of your LDAP server needs to be updated."
- echo " Please see /usr/share/doc/packages/openldap2/README.update"
- echo " for details."
- echo " After the update please remove the file:"
- echo " /etc/openldap/UPDATE_NEEDED"
- rc_status -v
- exit
- fi
- # chown backend directories if OPENLDAP_CHOWN_DIRS ist set
- if [ "$(echo "$OPENLDAP_CHOWN_DIRS" | tr 'A-Z' 'a-z')" = "yes" ]; then
- if [ -n "$OPENLDAP_USER" -o -n "$OPENLDAP_GROUP" ]; then
- if [ -n "$OPENLDAP_CONFIG_BACKEND" -a "$OPENLDAP_CONFIG_BACKEND" = "ldap" ]; then
- chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
- chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
- chown_database_dirs_bconfig "/etc/openldap/slapd.d"
- # assume back-config usage if slapd.conf is not present but slapd.d is
- elif [ ! -f /etc/openldap/slapd.conf -a /etc/openldap/slapd.d ]; then
- chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
- chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
- chown_database_dirs_bconfig "/etc/openldap/slapd.d"
- else
- chown_database_dirs "/etc/openldap/slapd.conf"
- chgrp $OPENLDAP_GROUP /etc/openldap/slapd.conf 2>/dev/null
- fi
- if test -f /etc/sasl2/slapd.conf ; then
- chgrp $OPENLDAP_GROUP /etc/sasl2/slapd.conf 2>/dev/null
- chmod 640 /etc/sasl2/slapd.conf 2>/dev/null
- fi
- if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
- keytabfile=${OPENLDAP_KRB5_KEYTAB/#FILE:/}
- if test -f $keytabfile ; then
- chgrp $OPENLDAP_GROUP $keytabfile 2>/dev/null
- chmod g+r $keytabfile 2>/dev/null
- fi
- fi
- fi
- fi
- if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
- export KRB5_KTNAME=$OPENLDAP_KRB5_KEYTAB
- fi
- case "$OPENLDAP_REGISTER_SLP" in
- [Yy][Ee][Ss])
- SLAPD_SLP_REG="-o slp=on"
- ;;
- *)
- SLAPD_SLP_REG="-o slp=off"
- ;;
- esac
-
- init_ldap_listener_urls
- init_ldapi_listener_urls
- init_ldaps_listener_urls
-
- if [ ! -d $SLAPD_PID_DIR ]; then
- mkdir -p $SLAPD_PID_DIR
- chown ldap:ldap $SLAPD_PID_DIR
- fi
- echo -n "Starting ldap-server"
- /sbin/startproc -t 1 -p /var/run/slapd/slapd.pid $SLAPD_BIN \
- -h "$LDAP_URLS $LDAPS_URLS $LDAPI_URLS" \
- $SLAPD_CONFIG_ARG $USER_CMD $GROUP_CMD \
- $OPENLDAP_SLAPD_PARAMS $SLAPD_SLP_REG
-
- # Remember status and be verbose
- rc_status -v
- STARTPROC_RC=$?
- if [ ${STARTPROC_RC} -eq 0 ]; then
- check_connection
- fi
- ;;
- stop)
- echo -n "Shutting down ldap-server"
- /sbin/killproc -t 10 -TERM -p /var/run/slapd/slapd.pid $SLAPD_BIN
- # Remember status and be verbose
- rc_status -v
-
- ;;
- try-restart)
- ## Stop the service and if this succeeds (i.e. the
- ## service was running before), start it again.
- ## Note: try-restart is not (yet) part of LSB (as of 0.7.5)
- $0 status >/dev/null && $0 restart
-
- # Remember status and be quiet
- rc_status
- ;;
- restart)
- ## Stop the service and regardless of whether it was
- ## running or not, start it again.
- $0 stop
- # sometimes slapd needs some time to stop
- sleep 3
- $0 start
-
- # Remember status and be quiet
- rc_status
- ;;
- force-reload)
- ## Signal the daemon to reload its config. Most daemons
- ## do this on signal 1 (SIGHUP).
- ## If it does not support it, restart.
-
- #echo -n "Reload ldap server"
- # if it supports it:
- #killproc -HUP $SLAPD_BIN
- #touch /var/run/FOO.pid
- #rc_status -v
-
- ## Otherwise:
- $0 stop; sleep 3; $0 start
- rc_status
- ;;
- reload)
- echo -n "Reload ldap server"
-
- # If it supports signalling:
- #killproc -HUP $SLAPD_BIN
- #touch /var/run/FOO.pid
- #rc_status -v
-
- ## Otherwise if it does not support reload:
- rc_failed 3
- rc_status -v
- ;;
- status)
- echo -n "Checking for service ldap: "
- ## Check status with checkproc(8), if process is running
- ## checkproc will return with exit status 0.
-
- # Status has a slightly different for the status command:
- # 0 - service running
- # 1 - service dead, but /var/run/ pid file exists
- # 2 - service dead, but /var/lock/ lock file exists
- # 3 - service not running
-
- # NOTE: checkproc returns LSB compliant status values.
-
- checkproc -p /var/run/slapd/slapd.pid $SLAPD_BIN
- rc_status -v
-
- ;;
- *)
- echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
- exit 1
-esac
-rc_exit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slapd.service new/slapd.service
--- old/slapd.service 1970-01-01 01:00:00.000000000 +0100
+++ new/slapd.service 2014-02-12 12:20:55.000000000 +0100
@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenLDAP Server Daemon
+After=syslog.target network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/lib/openldap/start
+
+[Install]
+WantedBy=multi-user.target
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/start new/start
--- old/start 1970-01-01 01:00:00.000000000 +0100
+++ new/start 2014-02-11 09:40:49.000000000 +0100
@@ -0,0 +1,208 @@
+#! /bin/sh
+# Copyright (c) 1997-2000 SuSE GmbH Nuernberg, Germany.
+# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
+# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+#
+# Author: Carsten Hoeger
+# Ralf Haferkamp
+#
+# /etc/init.d/ldap
+#
+### BEGIN INIT INFO
+# Provides: ldap
+# Required-Start: $network $remote_fs
+# Required-Stop: $network $remote_fs
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Short-Description: OpenLDAP Server (slapd)
+# Description: Start and Stop the OpenLDAP Server (slapd) to
+# provide LDAP directory services.
+### END INIT INFO
+
+# Determine the base and follow a runlevel link name.
+base=${0##*/}
+link=${base#*[SK][0-9][0-9]}
+
+test -f /etc/sysconfig/openldap && . /etc/sysconfig/openldap
+
+SLAPD_BIN=/usr/lib/openldap/slapd
+LDAP_URLS=""
+LDAPS_URLS=""
+LDAPI_URLS=""
+SLAPD_CONFIG_ARG="-F /etc/openldap/slapd.d"
+SLAPD_PID_DIR="/var/run/slapd/"
+
+test -x $SLAPD_BIN || exit 5
+
+# Shell functions sourced from /etc/rc.status:
+# rc_check check and set local and overall rc status
+# rc_status check and set local and overall rc status
+# rc_status -v ditto but be verbose in local rc status
+# rc_status -v -r ditto and clear the local rc status
+# rc_failed set local and overall rc status to failed
+# rc_failed <num> set local and overall rc status to <num><num>
+# rc_reset clear local rc status (overall remains)
+# rc_exit exit appropriate to overall rc status
+. /etc/rc.status
+
+# First reset status of this service
+rc_reset
+
+function init_ldap_listener_urls(){
+ case "$OPENLDAP_START_LDAP" in
+ [Yy][Ee][Ss])
+ if [ -n "$OPENLDAP_LDAP_INTERFACES" ]
+ then
+ for iface in $OPENLDAP_LDAP_INTERFACES ;do
+ LDAP_URLS="$LDAP_URLS ldap://$iface"
+ done
+ else
+ LDAP_URLS="ldap:///"
+ fi
+ ;;
+ esac
+}
+
+function init_ldapi_listener_urls(){
+ case "$OPENLDAP_START_LDAPI" in
+ [Yy][Ee][Ss])
+ if [ -n "$OPENLDAP_LDAPI_INTERFACES" ]
+ then
+ for iface in $OPENLDAP_LDAPI_INTERFACES ;do
+ esc_iface=`echo "$iface" | sed -e s'/\\//\\%2f/'g`
+ LDAPI_URLS="$LDAPI_URLS ldapi://$esc_iface"
+ done
+ else
+ LDAPI_URLS="ldapi:///"
+ fi
+ ;;
+ esac
+}
+
+function init_ldaps_listener_urls(){
+ case "$OPENLDAP_START_LDAPS" in
+ [Yy][Ee][Ss])
+ if [ -n "$OPENLDAP_LDAPS_INTERFACES" ]
+ then
+ for iface in $OPENLDAP_LDAPS_INTERFACES ;do
+ LDAPS_URLS="$LDAPS_URLS ldaps://$iface"
+ done
+ else
+ LDAPS_URLS="ldaps:///"
+ fi
+ ;;
+ esac
+}
+
+function check_connection(){
+ SLAPD_TIMEOUT=10
+ START=$( date +%s)
+ while [ $(( $( date +%s) - ${START} )) -lt ${SLAPD_TIMEOUT} ]; do
+ ldapsearch -x -H "$LDAP_URLS $LDAPI_URLS $LDAPS_URLS" -b "" -s base &>/dev/null
+ LDAPSEARCH_RC=$?
+ if [ ${LDAPSEARCH_RC} -ge 0 ] && [ ${LDAPSEARCH_RC} -le 80 ] ; then break
+ else sleep 1
+ fi
+ done
+}
+
+depth=0;
+
+function chown_database_dirs_bconfig() {
+ ldapdir=$(find $1 -type f -name "olcDatabase*" | xargs grep -i olcdbdirectory | awk '{print $2}')
+ for dir in $ldapdir; do
+ [ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
+ chown -R $OPENLDAP_USER $dir 2>/dev/null
+ [ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
+ chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null
+ done
+}
+
+function chown_database_dirs() {
+ ldapdir=`grep ^directory $1 | awk '{print $2}'`
+ for dir in $ldapdir; do
+ [ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
+ chown -R $OPENLDAP_USER $dir 2>/dev/null
+ [ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
+ chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null
+ done
+ includes=`grep ^include $1 | awk '{print $2}'`
+ if [ $depth -le 50 ]; then
+ depth=$(( $depth + 1 ));
+ for i in $includes; do
+ chown_database_dirs "$i" ;
+ done
+ fi
+}
+
+USER_CMD=""
+GROUP_CMD=""
+[ ! "x$OPENLDAP_USER" = "x" ] && USER_CMD="-u $OPENLDAP_USER"
+[ ! "x$OPENLDAP_GROUP" = "x" ] && GROUP_CMD="-g $OPENLDAP_GROUP"
+[ ! "x$OPENLDAP_CONFIG_BACKEND" = "xldap" ] && SLAPD_CONFIG_ARG="-f /etc/openldap/slapd.conf"
+
+
+if [ -f /etc/openldap/UPDATE_NEEDED ]; then
+ rc_failed 6
+ echo " The configuration of your LDAP server needs to be updated."
+ echo " Please see /usr/share/doc/packages/openldap2/README.update"
+ echo " for details."
+ echo " After the update please remove the file:"
+ echo " /etc/openldap/UPDATE_NEEDED"
+ rc_status -v
+ exit
+fi
+# chown backend directories if OPENLDAP_CHOWN_DIRS ist set
+if [ "$(echo "$OPENLDAP_CHOWN_DIRS" | tr 'A-Z' 'a-z')" = "yes" ]; then
+ if [ -n "$OPENLDAP_USER" -o -n "$OPENLDAP_GROUP" ]; then
+ if [ -n "$OPENLDAP_CONFIG_BACKEND" -a "$OPENLDAP_CONFIG_BACKEND" = "ldap" ]; then
+ chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
+ chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
+ chown_database_dirs_bconfig "/etc/openldap/slapd.d"
+ # assume back-config usage if slapd.conf is not present but slapd.d is
+ elif [ ! -f /etc/openldap/slapd.conf -a /etc/openldap/slapd.d ]; then
+ chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
+ chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
+ chown_database_dirs_bconfig "/etc/openldap/slapd.d"
+ else
+ chown_database_dirs "/etc/openldap/slapd.conf"
+ chgrp $OPENLDAP_GROUP /etc/openldap/slapd.conf 2>/dev/null
+ fi
+ if test -f /etc/sasl2/slapd.conf ; then
+ chgrp $OPENLDAP_GROUP /etc/sasl2/slapd.conf 2>/dev/null
+ chmod 640 /etc/sasl2/slapd.conf 2>/dev/null
+ fi
+ if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
+ keytabfile=${OPENLDAP_KRB5_KEYTAB/#FILE:/}
+ if test -f $keytabfile ; then
+ chgrp $OPENLDAP_GROUP $keytabfile 2>/dev/null
+ chmod g+r $keytabfile 2>/dev/null
+ fi
+ fi
+ fi
+fi
+if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
+ export KRB5_KTNAME=$OPENLDAP_KRB5_KEYTAB
+fi
+case "$OPENLDAP_REGISTER_SLP" in
+ [Yy][Ee][Ss])
+ SLAPD_SLP_REG="-o slp=on"
+ ;;
+ *)
+ SLAPD_SLP_REG="-o slp=off"
+ ;;
+esac
+
+init_ldap_listener_urls
+init_ldapi_listener_urls
+init_ldaps_listener_urls
+
+if [ ! -d $SLAPD_PID_DIR ]; then
+ mkdir -p $SLAPD_PID_DIR
+ chown ldap:ldap $SLAPD_PID_DIR
+fi
+echo -n "Starting ldap-server"
+exec $SLAPD_BIN -h "$LDAP_URLS $LDAPS_URLS $LDAPI_URLS" \
+ $SLAPD_CONFIG_ARG $USER_CMD $GROUP_CMD \
+ $OPENLDAP_SLAPD_PARAMS $SLAPD_SLP_REG
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysconfig.openldap new/sysconfig.openldap
--- old/sysconfig.openldap 2007-11-23 10:31:37.000000000 +0100
+++ new/sysconfig.openldap 2014-01-24 09:39:55.000000000 +0100
@@ -148,3 +148,11 @@
#
OPENLDAP_CONFIG_BACKEND=""
+## Type: yesno
+## Default: "yes"
+## ServiceRestart: ldap
+#
+# Here you can configure if the slapd shall start with or without memory limit.
+#
+OPENLDAP_MEMORY_LIMIT="yes"
+
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org