[openldap/f15] fix: conversion of constraint overlay settings to cn=config is incorrect
jvcelak
jvcelak at fedoraproject.org
Wed Aug 24 19:26:15 UTC 2011
commit 37615e0d9a2c5fc64ac854feae30ea40b6fd4cc4
Author: Jan Vcelak <jvcelak at redhat.com>
Date: Wed Aug 24 18:58:25 2011 +0200
fix: conversion of constraint overlay settings to cn=config is incorrect
Resolves: #733067
openldap-constraint-overlay-config.patch | 81 ++++++++++++++++++++++++++++++
openldap.spec | 3 +
2 files changed, 84 insertions(+), 0 deletions(-)
---
diff --git a/openldap-constraint-overlay-config.patch b/openldap-constraint-overlay-config.patch
new file mode 100644
index 0000000..12e9948
--- /dev/null
+++ b/openldap-constraint-overlay-config.patch
@@ -0,0 +1,81 @@
+constraint overlay: fix config emit
+
+Author: Pierangelo Masarati <ando at OpenLDAP.org>
+Upstream ITS: #6986
+Upstream commit: c0b669e14f4ef5b649f86bb3c1cc4ca76a00efa8
+Resolves: #733067
+
+diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
+index fcb2830..e6a9267 100644
+--- a/servers/slapd/overlays/constraint.c
++++ b/servers/slapd/overlays/constraint.c
+@@ -145,6 +145,8 @@ constraint_cf_gen( ConfigArgs *c )
+ char *tstr = NULL;
+ int quotes = 0;
+ int j;
++ size_t val;
++ char val_buf[SLAP_TEXT_BUFLEN] = { '\0' };
+
+ bv.bv_len = STRLENOF(" ");
+ for (j = 0; cp->ap[j]; j++) {
+@@ -156,6 +158,7 @@ constraint_cf_gen( ConfigArgs *c )
+
+ if (cp->re) {
+ tstr = REGEX_STR;
++ quotes = 1;
+ } else if (cp->lud) {
+ tstr = URI_STR;
+ quotes = 1;
+@@ -164,8 +167,10 @@ constraint_cf_gen( ConfigArgs *c )
+ quotes = 1;
+ } else if (cp->size) {
+ tstr = SIZE_STR;
++ val = cp->size;
+ } else if (cp->count) {
+ tstr = COUNT_STR;
++ val = cp->count;
+ }
+
+ bv.bv_len += strlen(tstr);
+@@ -175,6 +180,15 @@ constraint_cf_gen( ConfigArgs *c )
+ bv.bv_len += cp->restrict_val.bv_len + STRLENOF(" restrict=\"\"");
+ }
+
++ if (cp->count || cp->size) {
++ int len = snprintf(val_buf, sizeof(val_buf), "%d", val);
++ if (len <= 0) {
++ /* error */
++ return -1;
++ }
++ bv.bv_len += len;
++ }
++
+ s = bv.bv_val = ch_malloc(bv.bv_len + 1);
+
+ s = lutil_strncopy( s, cp->ap[0]->ad_cname.bv_val, cp->ap[0]->ad_cname.bv_len );
+@@ -185,9 +199,13 @@ constraint_cf_gen( ConfigArgs *c )
+ *s++ = ' ';
+ s = lutil_strcopy( s, tstr );
+ *s++ = ' ';
+- if ( quotes ) *s++ = '"';
+- s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
+- if ( quotes ) *s++ = '"';
++ if (cp->count || cp->size) {
++ s = lutil_strcopy( s, val_buf );
++ } else {
++ if ( quotes ) *s++ = '"';
++ s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
++ if ( quotes ) *s++ = '"';
++ }
+ if (cp->restrict_lud != NULL) {
+ s = lutil_strcopy( s, " restrict=\"" );
+ s = lutil_strncopy( s, cp->restrict_val.bv_val, cp->restrict_val.bv_len );
+@@ -471,7 +489,7 @@ constraint_cf_gen( ConfigArgs *c )
+ }
+ }
+
+- ber_str2bv(c->argv[argidx], 0, 1, &ap.restrict_val);
++ ber_str2bv(c->argv[argidx] + STRLENOF("restrict="), 0, 1, &ap.restrict_val);
+
+ } else {
+ /* cleanup */
diff --git a/openldap.spec b/openldap.spec
index 86bea19..484c0e2 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -40,6 +40,7 @@ Patch17: openldap-nss-free-peer-cert.patch
Patch18: openldap-nss-reqcert-hostname.patch
Patch19: openldap-nss-verifycert.patch
Patch20: openldap-nss-memleak-free-certs.patch
+Patch21: openldap-constraint-overlay-config.patch
# patches for the evolution library (see README.evolution)
Patch200: openldap-evolution-ntlm.patch
@@ -152,6 +153,7 @@ pushd openldap-%{version}
%patch18 -p1 -b .nss-reqcert-hostname
%patch19 -p1 -b .nss-verifycert
%patch20 -p1 -b .nss-memleak-free-certs
+%patch21 -p1 -b .constraint-overlay-config
cp %{_datadir}/libtool/config/config.{sub,guess} build/
@@ -698,6 +700,7 @@ exit 0
- fix: memleak in tlsm_auth_cert_handler (#717730)
- fix: incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT (#725819)
- fix: memleak - free the return of tlsm_find_and_verify_cert_key (#725818)
+- fix: conversion of constraint overlay settings to cn=config is incorrect (#733067)
* Tue Jun 28 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.24-3
- fix: openldap-servers scriptlets require initscripts package (#716857)
More information about the scm-commits
mailing list