[openldap/private-moznss-f17] better checking for a valid tokenname:certnick
jvcelak
jvcelak at fedoraproject.org
Mon Aug 20 15:54:57 UTC 2012
commit 30f4c820b2e683ef78479be2786610ad7fcdccab
Author: Jan Vcelak <jvcelak at redhat.com>
Date: Mon Aug 20 17:54:20 2012 +0200
better checking for a valid tokenname:certnick
openldap-nss-better-checking-for-token-name.patch | 48 +++++++++++++++++++++
openldap.spec | 6 ++-
2 files changed, 52 insertions(+), 2 deletions(-)
---
diff --git a/openldap-nss-better-checking-for-token-name.patch b/openldap-nss-better-checking-for-token-name.patch
new file mode 100644
index 0000000..6adb72d
--- /dev/null
+++ b/openldap-nss-better-checking-for-token-name.patch
@@ -0,0 +1,48 @@
+From d2e8632b88a81229cc2e01ca23aaa469aee2fbda Mon Sep 17 00:00:00 2001
+From: Rich Megginson <rmeggins at redhat.com>
+Date: Mon, 20 Aug 2012 09:18:57 -0600
+Subject: [PATCH] better checking for a valid tokenname:certnick
+
+---
+ libraries/libldap/tls_m.c | 18 +++++++++++++++++-
+ 1 files changed, 17 insertions(+), 1 deletions(-)
+
+diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
+index 3e6f8f7..fee8a79 100644
+--- a/libraries/libldap/tls_m.c
++++ b/libraries/libldap/tls_m.c
+@@ -2058,6 +2058,22 @@ tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ return 0;
+ }
+
++/* returns true if the given string looks like
++ "tokenname" ":" "certnickname"
++ This is true if there is a ':' colon character
++ in the string and the colon is not the first
++ or the last character in the string
++*/
++static int
++tlsm_is_tokenname_certnick( const char *certfile )
++{
++ if ( certfile ) {
++ const char *ptr = PL_strchr( certfile, ':' );
++ return ptr && (ptr != certfile) && (*(ptr+1));
++ }
++ return 0;
++}
++
+ static int
+ tlsm_deferred_ctx_init( void *arg )
+ {
+@@ -2224,7 +2240,7 @@ tlsm_deferred_ctx_init( void *arg )
+ } else {
+ char *tmp_certname;
+
+- if (PL_strchr(lt->lt_certfile, ':')) {
++ if (tlsm_is_tokenname_certnick(lt->lt_certfile)) {
+ /* assume already in form tokenname:certnickname */
+ tmp_certname = PL_strdup(lt->lt_certfile);
+ } else if (ctx->tc_certdb_slot) {
+--
+1.7.1
+
diff --git a/openldap.spec b/openldap.spec
index 28cdcb0..3c655eb 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -8,7 +8,7 @@
Name: openldap
Version: 2.4.32
-Release: 1.4%{?dist}
+Release: 1.5%{?dist}
Summary: LDAP support libraries
Group: System Environment/Daemons
License: OpenLDAP
@@ -42,6 +42,7 @@ Patch10: openldap-man-sasl-nocanon.patch
Patch11: openldap-ai-addrconfig.patch
Patch12: openldap-nss-prefer-unlocked-key.patch
Patch13: openldap-nss-allow-certname-with-token-name.patch
+Patch14: openldap-nss-better-checking-for-token-name.patch
# Fedora specific patches
Patch100: openldap-autoconf-pkgconfig-nss.patch
@@ -157,6 +158,7 @@ ln -s %{_includedir}/nspr4 include/nspr
%patch11 -p1
%patch12 -p1
%patch13 -p1
+%patch14 -p1
%patch101 -p1
@@ -614,7 +616,7 @@ exit 0
%{evolution_connector_prefix}/
%changelog
-* Mon Aug 20 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.32-1.4
+* Mon Aug 20 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.32-1.5
- TEST BUILD
- enhancement: try to find unlocked private key when searching for it
- enhancement: allow certname in form of tokenname:certnickname
More information about the scm-commits
mailing list