Hello community,
here is the log from the commit of package yast2-auth-server for openSUSE:Factory checked in at 2016-04-16 22:07:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-auth-server (Old)
and /work/SRC/openSUSE:Factory/.yast2-auth-server.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-auth-server"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-auth-server/yast2-auth-server.changes 2015-07-28 11:42:00.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-auth-server.new/yast2-auth-server.changes 2016-04-16 22:07:20.000000000 +0200
@@ -1,0 +2,8 @@
+Fri Apr 8 12:12:45 UTC 2016 - hguo(a)suse.com
+
+- The recent OpenLDAP upgrade in Tumbleweed no longer loads DB
+ drivers and essential modules by default, hence adapting to that
+ by explicitly loading them. Bump version to 3.1.16.
+ Address bsc#959760 bsc#964924.
+
+-------------------------------------------------------------------
Old:
----
yast2-auth-server-3.1.15.tar.bz2
New:
----
yast2-auth-server-3.1.16.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-auth-server.spec ++++++
--- /var/tmp/diff_new_pack.w1wwyF/_old 2016-04-16 22:07:21.000000000 +0200
+++ /var/tmp/diff_new_pack.w1wwyF/_new 2016-04-16 22:07:21.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package yast2-auth-server
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: yast2-auth-server
-Version: 3.1.15
+Version: 3.1.16
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-auth-server-3.1.15.tar.bz2 -> yast2-auth-server-3.1.16.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.15/agent/SlapdConfigAgent.cc new/yast2-auth-server-3.1.16/agent/SlapdConfigAgent.cc
--- old/yast2-auth-server-3.1.15/agent/SlapdConfigAgent.cc 2015-07-24 11:06:22.000000000 +0200
+++ new/yast2-auth-server-3.1.16/agent/SlapdConfigAgent.cc 2016-04-12 09:53:24.000000000 +0200
@@ -1,4 +1,6 @@
#include "SlapdConfigAgent.h"
+#include <sys/types.h>
+#include <sys/stat.h>
#include <LDAPConnection.h>
#include <LDAPException.h>
#include <LdifReader.h>
@@ -75,6 +77,46 @@
}
}
+// If system is tumbleweed, return /usr/lib(64)/openldap. Otherwise return empty string.
+const std::string SlapdConfigAgent::getOlcModuleLoadPath()
+{
+ /*
+ * In late January 2016, OpenLDAP on Tumbleweed was updated to exclude
+ * DB and syncprov overlay drivers from the main executable. They will have
+ * to be dynamically loaded from modules' directory.
+ * This function helps to determine location of the directory, depending
+ * on /etc/os-release.
+ * SLES and Leap are not affected.
+ */
+ ifstream osRelease("/etc/os-release");
+ if (!osRelease.is_open())
+ {
+ y2error("Failed to open /etc/os-release");
+ throw std::runtime_error("Failed to open /etc/os-release");
+ }
+ bool isTumbleweed;
+ string osrLine;
+ while (getline(osRelease, osrLine))
+ {
+ if (osrLine.find("Tumbleweed") != std::string::npos)
+ {
+ isTumbleweed = true;
+ break;
+ }
+ }
+ osRelease.close();
+ if (!isTumbleweed)
+ {
+ return "";
+ }
+ struct stat testExistence;
+ if (stat("/usr/lib64/openldap", &testExistence) == 0)
+ {
+ return "/usr/lib64/openldap";
+ }
+ return "/usr/lib/openldap";
+}
+
YCPValue SlapdConfigAgent::Read( const YCPPath &path,
const YCPValue &arg,
const YCPValue &opt)
@@ -372,6 +414,17 @@
olc.updateEntry(**j);
}
deleteableSchema.clear();
+ // If module should be loaded for database drivers, make sure that the module list covers all databases.
+ std::string moduleLoadPath = getOlcModuleLoadPath();
+ if (moduleLoadPath != "")
+ {
+ OlcModuleListEntry moduleListEntry = olc.getModuleListEntry();
+ moduleListEntry.setLoadPath(moduleLoadPath);
+ moduleListEntry.addEssentialModules();
+ y2milestone("olcModuleList: %s", moduleListEntry.toLdif().c_str());
+ olc.updateEntry(moduleListEntry);
+ }
+ // Continue adding new databases and modifying existing databases
OlcDatabaseList::iterator i;
for ( i = databases.begin(); i != databases.end() ; i++ )
{
@@ -422,11 +475,38 @@
attrs.add("contextCSN");
LDAPSearchResults *sr = m_lc->search( "cn=config", LDAPConnection::SEARCH_SUB,
"objectclass=*", attrs );
+ std::vector<LDAPEntry> searchResult;
+ while (LDAPEntry *e = sr->getNext())
+ {
+ searchResult.push_back(LDAPEntry(*e));
+ }
+ OlcModuleListEntry moduleListEntry;
+ std::string moduleLoadPath = getOlcModuleLoadPath();
+ if (moduleLoadPath != "")
+ {
+ // Modify olcModuleLoadPath to load DB drivers and syncprov.so
+ for (std::vector<LDAPEntry>::iterator it = searchResult.begin(); it < searchResult.end(); it++)
+ {
+ if ((*it).getDN() == OlcModuleListEntry::DN)
+ {
+ moduleListEntry = OlcModuleListEntry(*it);
+ it = searchResult.erase(it);
+ }
+ }
+ moduleListEntry.addEssentialModules();
+ moduleListEntry.setLoadPath(moduleLoadPath);
+ }
+ // Convert LDAP entries into one LDIF string
std::ostringstream ldifStream;
- LdifWriter ldif(ldifStream);
- while ( LDAPEntry *e = sr->getNext() )
+ LdifWriter entryToLdif(ldifStream);
+ for (std::vector<LDAPEntry>::iterator it = searchResult.begin(); it < searchResult.end(); it++)
{
- ldif.writeRecord( *e );
+ // Place OlcModuleList above config database, per OpenLDAP convention.
+ if (moduleLoadPath != "" && (*it).getDN() == "olcDatabase={0}config,cn=config")
+ {
+ ldifStream << std::endl << moduleListEntry.toLdif() << std::endl;
+ }
+ entryToLdif.writeRecord(*it);
}
return YCPString( ldifStream.str() );
} catch ( LDAPException e ) {
@@ -2147,33 +2227,45 @@
YCPString SlapdConfigAgent::ConfigToLdif() const
{
y2milestone("ConfigToLdif");
- std::ostringstream ldif;
+ std::ostringstream allLdif, globalLdif, moduleLdif, dbLdif;
if ( ! globals )
{
throw std::runtime_error("Configuration not initialized. Can't create LDIF dump." );
}
- ldif << globals->toLdif() << std::endl;
+ // Global LDIF consists of daemon/authorization settings and schema definitions
+ globalLdif << globals->toLdif() << std::endl;
if ( schemaBase )
{
- ldif << schemaBase->toLdif() << std::endl;
+ globalLdif << schemaBase->toLdif() << std::endl;
OlcSchemaList::const_iterator j;
for ( j = schema.begin(); j != schema.end() ; j++ )
{
- ldif << (*j)->toLdif() << std::endl;
+ globalLdif << (*j)->toLdif() << std::endl;
}
}
- OlcDatabaseList::const_iterator i = databases.begin();
+ // Database LDIF consits of database type and index configuration
+ OlcDatabaseList::const_iterator i = databases.cbegin();
for ( ; i != databases.end(); i++ )
{
- ldif << (*i)->toLdif() << std::endl;
+ dbLdif << (*i)->toLdif() << std::endl;
OlcOverlayList overlays = (*i)->getOverlays();
OlcOverlayList::iterator k;
for ( k = overlays.begin(); k != overlays.end(); k++ )
{
- ldif << (*k)->toLdif() << std::endl;
+ dbLdif << (*k)->toLdif() << std::endl;
}
}
- return YCPString(ldif.str());
+ // Module LDIF loads database drivers in case they are not built into slapd executable
+ std::string moduleLoadPath = getOlcModuleLoadPath();
+ if (moduleLoadPath != "")
+ {
+ OlcModuleListEntry moduleEntry;
+ moduleEntry.setLoadPath(moduleLoadPath);
+ moduleEntry.addEssentialModules();
+ moduleLdif << moduleEntry.toLdif();
+ }
+ allLdif << globalLdif.str() << std::endl << moduleLdif.str() << std::endl << dbLdif.str() << std::endl;
+ return YCPString(allLdif.str());
}
static void initLdapParameters( const YCPValue &arg, std::string &targetUrl,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.15/agent/SlapdConfigAgent.h new/yast2-auth-server-3.1.16/agent/SlapdConfigAgent.h
--- old/yast2-auth-server-3.1.15/agent/SlapdConfigAgent.h 2015-07-24 11:06:22.000000000 +0200
+++ new/yast2-auth-server-3.1.16/agent/SlapdConfigAgent.h 2016-04-12 09:53:24.000000000 +0200
@@ -89,6 +89,7 @@
std::list<std::string> deleteableSchema;
boost::shared_ptr<OlcGlobalConfig> globals;
boost::shared_ptr<OlcSchemaConfig> schemaBase;
+ static const std::string getOlcModuleLoadPath();
};
#endif /* _SlapdConfigAgent_h */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.15/lib/slapd-config.cpp new/yast2-auth-server-3.1.16/lib/slapd-config.cpp
--- old/yast2-auth-server-3.1.15/lib/slapd-config.cpp 2015-07-24 11:06:22.000000000 +0200
+++ new/yast2-auth-server-3.1.16/lib/slapd-config.cpp 2016-04-12 09:53:24.000000000 +0200
@@ -140,6 +140,23 @@
}
}
+// Return the LDAP entry with index number stripped.
+std::string OlcConfigEntry::stripIndexFromLdapValue(const std::string& ldapValue)
+{
+ size_t closingBracket = ldapValue.find_last_of('}');
+ if (closingBracket == std::string::npos)
+ {
+ // The value does not contain index, return as-is.
+ return ldapValue;
+ }
+ else
+ {
+ // The value looks like {1234}mydb
+ // Strip index number from value
+ return ldapValue.substr(closingBracket + 1);
+ }
+}
+
void OlcConfigEntry::setIndex( int index, bool origEntry )
{
this->entryIndex = index;
@@ -1651,6 +1668,15 @@
return false;
}
+/*
+ * Return the type (frontent, config, hdb, bdb, mdb) of this database.
+ */
+std::string OlcDatabase::getDatabaseType()
+{
+ std::string attr = getStringValue("olcDatabase");
+ return stripIndexFromLdapValue(attr);
+}
+
OlcDatabase* OlcDatabase::createFromLdapEntry( const LDAPEntry& e)
{
if ( OlcDatabase::isBdbDatabase( e ) )
@@ -2429,6 +2455,22 @@
return res;
}
+OlcModuleListEntry OlcConfig::getModuleListEntry()
+{
+ if ( ! m_lc )
+ {
+ throw std::runtime_error("LDAP Connection not initialized");
+ }
+ try {
+ LDAPSearchResults *sr = m_lc->search("cn=config", LDAPConnection::SEARCH_ONE, "objectclass=" + OlcModuleListEntry::OBJECT_CLASS);
+ LDAPEntry *moduleList = sr->getNext();
+ return moduleList ? OlcModuleListEntry(*moduleList) : OlcModuleListEntry();
+ } catch (LDAPException e) {
+ log_it(SLAPD_LOG_INFO, e.getResultMsg() + " " + e.getServerMsg() );
+ throw;
+ }
+}
+
OlcSchemaList OlcConfig::getSchemaNames()
{
OlcSchemaList res;
@@ -2468,3 +2510,44 @@
SlapdConfigLogCallback *OlcConfig::logCallback = defaultLogCallback;
+const std::string OlcModuleListEntry::DN = "cn=module{0},cn=config";
+const std::string OlcModuleListEntry::CN = "module{0}";
+const std::string OlcModuleListEntry::OBJECT_CLASS = "olcModuleList";
+
+OlcModuleListEntry::OlcModuleListEntry()
+{
+ // olcModuleLoad entry has predefined CN
+ m_dbEntryChanged.setDN(DN);
+ m_dbEntryChanged.addAttribute(LDAPAttribute("objectClass", OBJECT_CLASS));
+ m_dbEntryChanged.addAttribute(LDAPAttribute("cn", CN));
+}
+
+// Set the search path for modules.
+void OlcModuleListEntry::setLoadPath(const std::string& absPath)
+{
+ setStringValue("olcModulePath", absPath);
+}
+
+// Add an olcModuleLoad entry. Will not repeat an entry if it already exists.
+void OlcModuleListEntry::addLoadModule(const std::string& moduleFileName)
+{
+ // Avoid adding a module if the file name is already present
+ StringList alreadyLoaded = getStringValues("olcModuleLoad");
+ for (StringList::const_iterator fileName = alreadyLoaded.begin(); fileName != alreadyLoaded.end(); fileName++)
+ {
+ if (stripIndexFromLdapValue(*fileName) == moduleFileName)
+ {
+ return;
+ }
+ }
+ addStringValue("olcModuleLoad", moduleFileName);
+}
+
+// Add hdb, mdb, bdb, and synproc into module list (for Tumbleweed since January 2016).
+void OlcModuleListEntry::addEssentialModules()
+{
+ addLoadModule("back_bdb.so");
+ addLoadModule("back_mdb.so");
+ addLoadModule("back_hdb.so");
+ addLoadModule("syncprov.so");
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.15/lib/slapd-config.h new/yast2-auth-server-3.1.16/lib/slapd-config.h
--- old/yast2-auth-server-3.1.15/lib/slapd-config.h 2015-07-24 11:06:22.000000000 +0200
+++ new/yast2-auth-server-3.1.16/lib/slapd-config.h 2016-04-12 09:53:24.000000000 +0200
@@ -38,6 +38,7 @@
static bool isScheamEntry( const LDAPEntry& le);
static bool isOverlayEntry( const LDAPEntry& le);
static bool isGlobalEntry( const LDAPEntry& le);
+ static std::string stripIndexFromLdapValue(const std::string& ldapValue);
inline OlcConfigEntry() : m_dbEntry(), m_dbEntryChanged() {}
inline OlcConfigEntry(const LDAPEntry& le) : m_dbEntry(le), m_dbEntryChanged(le) {}
@@ -96,6 +97,18 @@
static const std::list<std::string> orderedAttrs;
};
+// OpenLDAP's mechanism to implement dynamic module loading, useful for loading LDAP database drivers.
+class OlcModuleListEntry: public OlcConfigEntry
+{
+public:
+ static const std::string DN, CN, OBJECT_CLASS;
+ OlcModuleListEntry();
+ OlcModuleListEntry(const LDAPEntry& le): OlcConfigEntry(le) {};
+ void setLoadPath(const std::string& absPath);
+ void addEssentialModules();
+ void addLoadModule(const std::string& moduleFileName);
+};
+
enum IndexType {
Default,
Present,
@@ -398,6 +411,7 @@
void addOverlay(boost::shared_ptr<OlcOverlay> overlay);
OlcOverlayList& getOverlays() ;
+ std::string getDatabaseType();
protected:
virtual void resetMemberAttrs();
@@ -526,6 +540,7 @@
boost::shared_ptr<OlcGlobalConfig> getGlobals();
OlcDatabaseList getDatabases();
OlcSchemaList getSchemaNames();
+ OlcModuleListEntry getModuleListEntry();
void setGlobals( OlcGlobalConfig &olcg);
void updateEntry( OlcConfigEntry &oce );
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.15/package/yast2-auth-server.changes new/yast2-auth-server-3.1.16/package/yast2-auth-server.changes
--- old/yast2-auth-server-3.1.15/package/yast2-auth-server.changes 2015-07-24 11:06:22.000000000 +0200
+++ new/yast2-auth-server-3.1.16/package/yast2-auth-server.changes 2016-04-12 09:53:24.000000000 +0200
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Fri Apr 8 12:12:45 UTC 2016 - hguo(a)suse.com
+
+- The recent OpenLDAP upgrade in Tumbleweed no longer loads DB
+ drivers and essential modules by default, hence adapting to that
+ by explicitly loading them. Bump version to 3.1.16.
+ Address bsc#959760 bsc#964924.
+
+-------------------------------------------------------------------
Tue Jun 30 05:46:47 UTC 2015 - mfilka(a)suse.com
- bnc#923990
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.15/package/yast2-auth-server.spec new/yast2-auth-server-3.1.16/package/yast2-auth-server.spec
--- old/yast2-auth-server-3.1.15/package/yast2-auth-server.spec 2015-07-24 11:06:22.000000000 +0200
+++ new/yast2-auth-server-3.1.16/package/yast2-auth-server.spec 2016-04-12 09:53:24.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-auth-server
-Version: 3.1.15
+Version: 3.1.16
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.15/src/modules/AuthServer.pm new/yast2-auth-server-3.1.16/src/modules/AuthServer.pm
--- old/yast2-auth-server-3.1.15/src/modules/AuthServer.pm 2015-07-24 11:06:22.000000000 +0200
+++ new/yast2-auth-server-3.1.16/src/modules/AuthServer.pm 2016-04-12 09:53:24.000000000 +0200
@@ -1909,7 +1909,7 @@
Progress->set($progress_orig);
Progress->NextStage();
- if( ! SCR->Execute('.ldapserver.commitChanges' ) )
+ if( ! SCR->Execute('.ldapserver.commitChanges') )
{
my $err = SCR->Error(".ldapserver");
y2error($err->{'summary'}." ".$err->{'description'});
@@ -2089,7 +2089,7 @@
$defaultIndexes = $defIdxBak;
$defaultDbAcls = $defAclBak;
- my $ldif = SCR->Read('.ldapserver.configAsLdif' );
+ my $ldif = SCR->Read('.ldapserver.configAsLdif');
y2debug($ldif);
return 1;
}
@@ -3863,7 +3863,7 @@
SCR->Write(".ldapserver.database.{".$i."}.mirrormode", YaST::YCP::Boolean(0) );
}
}
- SCR->Execute(".ldapserver.commitChanges" );
+ SCR->Execute(".ldapserver.commitChanges");
return YaST::YCP::Boolean(1);
}
@@ -4707,8 +4707,8 @@
}
}
y2milestone("Updating remote configuration");
- SCR->Execute(".ldapserver.commitChanges" );
- $masterldif = SCR->Execute(".ldapserver.dumpConfDb" );
+ SCR->Execute(".ldapserver.commitChanges");
+ $masterldif = SCR->Execute(".ldapserver.dumpConfDb");
SCR->Execute(".ldapserver.reset" );
$globals_initialized = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.15/src/modules/LdapDatabase.rb new/yast2-auth-server-3.1.16/src/modules/LdapDatabase.rb
--- old/yast2-auth-server-3.1.15/src/modules/LdapDatabase.rb 2015-07-24 11:06:22.000000000 +0200
+++ new/yast2-auth-server-3.1.16/src/modules/LdapDatabase.rb 2016-04-12 09:53:24.000000000 +0200
@@ -615,12 +615,6 @@
if Ops.greater_than(Builtins.size(ppolicy), 0)
ppolicyEntry = Ops.get_map(ppolicy, "ppolicy", {})
elsif Ops.greater_than(dbindex, 0) # try to read the ppolicy from the server
- Ldap.Import(
- {
- "ldap_server" => "localhost",
- "bind_dn" => Ops.get_string(db, "rootdn", "")
- }
- )
Ldap.LDAPInit
pw = ""
authinfo = AuthServer.ReadAuthInfo(Ops.get_string(db, "suffix", ""))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.15/tools/ldap-server-ssl-check.cpp new/yast2-auth-server-3.1.16/tools/ldap-server-ssl-check.cpp
--- old/yast2-auth-server-3.1.15/tools/ldap-server-ssl-check.cpp 2015-07-24 11:06:22.000000000 +0200
+++ new/yast2-auth-server-3.1.16/tools/ldap-server-ssl-check.cpp 2016-04-12 09:53:24.000000000 +0200
@@ -2,23 +2,31 @@
#include <stdlib.h>
int main(int argc, char** argv)
{
- if ( argc != 3 )
- {
- std::cerr << "usage: " << argv[0] << " <ldap-uri> <path-to-ca-cert>" << std::endl;
- exit(-1);
- }
- std::string uri(argv[1]);
- setenv("LDAPTLS_REQCERT", "hard", 1);
- setenv("LDAPTLS_CACERT", argv[2], 1);
- try
- {
- LDAPConnection lc( uri );
- lc.start_tls();
- }
- catch ( LDAPException e )
- {
- std::cerr << e << std::endl;
- exit(-1);
- }
- exit(0);
+ if ( argc != 3 )
+ {
+ std::cerr << "usage: " << argv[0] << " <ldap-uri> <path-to-ca-cert>" << std::endl;
+ exit(-1);
+ }
+ std::string uri(argv[1]);
+ setenv("LDAPTLS_REQCERT", "hard", 1);
+ setenv("LDAPTLS_CACERT", argv[2], 1);
+ try
+ {
+ LDAPConnection lc( uri );
+ try {
+ lc.bind();
+ exit(0);
+ } catch (LDAPException e) {
+ if (e.getResultCode() == 49) {
+ exit(0);
+ }
+ }
+ lc.start_tls();
+ }
+ catch ( LDAPException e )
+ {
+ std::cerr << e << std::endl;
+ exit(-1);
+ }
+ exit(0);
}