[openldap/f15] fix: conversion of constraint overlay settings to cn=config is incorrect

jvcelak jvcelak at fedoraproject.org
Wed Aug 24 19:26:15 UTC 2011 

commit 37615e0d9a2c5fc64ac854feae30ea40b6fd4cc4
Author: Jan Vcelak <jvcelak at redhat.com>
Date:   Wed Aug 24 18:58:25 2011 +0200

    fix: conversion of constraint overlay settings to cn=config is incorrect
    
    Resolves: #733067

 openldap-constraint-overlay-config.patch |   81 ++++++++++++++++++++++++++++++
 openldap.spec                            |    3 +
 2 files changed, 84 insertions(+), 0 deletions(-)
---
diff --git a/openldap-constraint-overlay-config.patch b/openldap-constraint-overlay-config.patch
new file mode 100644
index 0000000..12e9948
--- /dev/null
+++ b/openldap-constraint-overlay-config.patch
@@ -0,0 +1,81 @@
+constraint overlay: fix config emit
+
+Author: Pierangelo Masarati <ando at OpenLDAP.org>
+Upstream ITS: #6986
+Upstream commit: c0b669e14f4ef5b649f86bb3c1cc4ca76a00efa8
+Resolves: #733067
+
+diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
+index fcb2830..e6a9267 100644
+--- a/servers/slapd/overlays/constraint.c
++++ b/servers/slapd/overlays/constraint.c
+@@ -145,6 +145,8 @@ constraint_cf_gen( ConfigArgs *c )
+ 				char *tstr = NULL;
+ 				int quotes = 0;
+ 				int j;
++				size_t val;
++				char val_buf[SLAP_TEXT_BUFLEN] = { '\0' };
+ 
+ 				bv.bv_len = STRLENOF("  ");
+ 				for (j = 0; cp->ap[j]; j++) {
+@@ -156,6 +158,7 @@ constraint_cf_gen( ConfigArgs *c )
+ 
+ 				if (cp->re) {
+ 					tstr = REGEX_STR;
++					quotes = 1;
+ 				} else if (cp->lud) {
+ 					tstr = URI_STR;
+ 					quotes = 1;
+@@ -164,8 +167,10 @@ constraint_cf_gen( ConfigArgs *c )
+ 					quotes = 1;
+ 				} else if (cp->size) {
+ 					tstr = SIZE_STR;
++					val = cp->size;
+ 				} else if (cp->count) {
+ 					tstr = COUNT_STR;
++					val = cp->count;
+ 				}
+ 
+ 				bv.bv_len += strlen(tstr);
+@@ -175,6 +180,15 @@ constraint_cf_gen( ConfigArgs *c )
+ 					bv.bv_len += cp->restrict_val.bv_len + STRLENOF(" restrict=\"\"");
+ 				}
+ 
++				if (cp->count || cp->size) {
++					int len = snprintf(val_buf, sizeof(val_buf), "%d", val);
++					if (len <= 0) {
++						/* error */
++						return -1;
++					}
++					bv.bv_len += len;
++				}
++
+ 				s = bv.bv_val = ch_malloc(bv.bv_len + 1);
+ 
+ 				s = lutil_strncopy( s, cp->ap[0]->ad_cname.bv_val, cp->ap[0]->ad_cname.bv_len );
+@@ -185,9 +199,13 @@ constraint_cf_gen( ConfigArgs *c )
+ 				*s++ = ' ';
+ 				s = lutil_strcopy( s, tstr );
+ 				*s++ = ' ';
+-				if ( quotes ) *s++ = '"';
+-				s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
+-				if ( quotes ) *s++ = '"';
++				if (cp->count || cp->size) {
++					s = lutil_strcopy( s, val_buf );
++				} else {
++					if ( quotes ) *s++ = '"';
++					s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
++					if ( quotes ) *s++ = '"';
++				}
+ 				if (cp->restrict_lud != NULL) {
+ 					s = lutil_strcopy( s, " restrict=\"" );
+ 					s = lutil_strncopy( s, cp->restrict_val.bv_val, cp->restrict_val.bv_len );
+@@ -471,7 +489,7 @@ constraint_cf_gen( ConfigArgs *c )
+ 							}
+ 						}
+ 
+-						ber_str2bv(c->argv[argidx], 0, 1, &ap.restrict_val);
++						ber_str2bv(c->argv[argidx] + STRLENOF("restrict="), 0, 1, &ap.restrict_val);
+ 
+ 					} else {
+ 						/* cleanup */
diff --git a/openldap.spec b/openldap.spec
index 86bea19..484c0e2 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -40,6 +40,7 @@ Patch17: openldap-nss-free-peer-cert.patch
 Patch18: openldap-nss-reqcert-hostname.patch
 Patch19: openldap-nss-verifycert.patch
 Patch20: openldap-nss-memleak-free-certs.patch
+Patch21: openldap-constraint-overlay-config.patch
 
 # patches for the evolution library (see README.evolution)
 Patch200: openldap-evolution-ntlm.patch
@@ -152,6 +153,7 @@ pushd openldap-%{version}
 %patch18 -p1 -b .nss-reqcert-hostname
 %patch19 -p1 -b .nss-verifycert
 %patch20 -p1 -b .nss-memleak-free-certs
+%patch21 -p1 -b .constraint-overlay-config
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 
@@ -698,6 +700,7 @@ exit 0
 - fix: memleak in tlsm_auth_cert_handler (#717730)
 - fix: incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT (#725819)
 - fix: memleak - free the return of tlsm_find_and_verify_cert_key (#725818)
+- fix: conversion of constraint overlay settings to cn=config is incorrect (#733067)
 
 * Tue Jun 28 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.24-3
 - fix: openldap-servers scriptlets require initscripts package (#716857)

More information about the scm-commits mailing list