rpms/openldap/F-12 openldap-2.4.19-tls-accept.patch, NONE, 1.1 .cvsignore, 1.48, 1.49 ldap.init, 1.34, 1.35 openldap.spec, 1.153, 1.154 sources, 1.50, 1.51

Wed Nov 18 15:33:17 UTC 2009

Author: jzeleny

Update of /cvs/extras/rpms/openldap/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28902

Modified Files:
	.cvsignore ldap.init openldap.spec sources 
Added Files:
	openldap-2.4.19-tls-accept.patch 
Log Message:
- rebased openldap to 2.4.19 (bugfixing release)
- rebased bdb to 4.8.24
- fixed tls connection accepting when TLSVerifyClient = allow
- /etc/openldap/ldap.conf removed from files owned by openldap-servers
- minor changes in spec file to supress warnings
- some changes in init script, so it would be possible to use it when
  using old configuration style


openldap-2.4.19-tls-accept.patch:
 connection.c |   13 +++++++++++++
 1 file changed, 13 insertions(+)

--- NEW FILE openldap-2.4.19-tls-accept.patch ---
--- openldap-2.4.19/servers/slapd/connection.c.orig	2009-11-16 12:54:33.000000000 +0100
+++ openldap-2.4.19/servers/slapd/connection.c	2009-11-16 13:23:25.000000000 +0100
@@ -1376,6 +1376,11 @@ connection_read( ber_socket_t s, conn_re
 			    c->c_connid, (int) s, c->c_tls_ssf, c->c_ssf, 0 );
 			slap_sasl_external( c, c->c_tls_ssf, &authid );
 			if ( authid.bv_val ) free( authid.bv_val );
+		} else if ( rc == 1 ) { /* need to retry */
+			slapd_set_read( s, 0 );
+			slapd_set_write( s, 1 );
+			connection_return( c );
+			return 0;
 		}
 
 		/* if success and data is ready, fall thru to data input loop */
@@ -1875,6 +1880,14 @@ int connection_write(ber_socket_t s)
 		return -1;
 	}
 
+#ifdef HAVE_TLS
+	if ( c->c_is_tls && c->c_needs_tls_accept ) {
+		connection_return( c );
+		connection_read_activate( s );
+		return 0;
+	}
+#endif
+
 	c->c_n_write++;
 
 	Debug( LDAP_DEBUG_TRACE,


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/openldap/F-12/.cvsignore,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -p -r1.48 -r1.49
--- .cvsignore	18 Sep 2009 10:01:45 -0000	1.48
+++ .cvsignore	18 Nov 2009 15:33:17 -0000	1.49
@@ -1,2 +1,2 @@
-openldap-2.4.18.tgz
-db-4.7.25.tar.gz
+openldap-2.4.19.tgz
+db-4.8.24.tar.gz


Index: ldap.init
===================================================================
RCS file: /cvs/extras/rpms/openldap/F-12/ldap.init,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -p -r1.34 -r1.35
--- ldap.init	24 Sep 2009 11:30:24 -0000	1.34
+++ ldap.init	18 Nov 2009 15:33:17 -0000	1.35
@@ -43,6 +43,7 @@ slapd=/usr/sbin/slapd
 slaptest=/usr/sbin/slaptest
 lockfile=/var/lock/subsys/slapd
 configdir=/etc/openldap/slapd.d/
+configfile=/etc/openldap/slapd.conf
 pidfile=/var/run/slapd.pid
 slapd_pidfile=/var/run/openldap/slapd.pid
 
@@ -104,7 +105,6 @@ function checkkeytab() {
 
 function configtest() {
 	local user= ldapuid= dbdir= file=
-	[ -d $configdir ] || exit 6
 	# Check for simple-but-common errors.
 	user=ldap
 	prog=`basename ${slapd}`
@@ -112,11 +112,20 @@ function configtest() {
 	# Unaccessible database files.
 	slaptestflags=""
 	dbdirs=""
-	for configfile in `ls -1 $configdir/cn\=config/olcDatabase*`; do
-		dbdirs=$dbdirs"
-		"`LANG=C egrep '^olcDbDirectory[[:space:]]*:[[:space:]]+[[:print:]]+$' $configfile | sed 's,^olcDbDirectory: ,,'`
-	done
+    if [ -d $configdir ]; then
+	    for configfile in `ls -1 $configdir/cn\=config/olcDatabase*`; do
+		    dbdirs=$dbdirs"
+		    "`LANG=C egrep '^olcDbDirectory[[:space:]]*:[[:space:]]+[[:print:]]+$' $configfile | sed 's,^olcDbDirectory: ,,'`
+	    done
+    elif [ -f $configfile ]; then
+		    dbdirs=`LANG=C egrep '^directory[[:space:]]+' $configfile | sed 's,^directory[[:space:]]*,,'`
+    else
+        exit 6
+    fi
 	for dbdir in $dbdirs; do
+		if [ ! -d $dbdir ]; then
+			exit 6
+		fi
 		for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do
 			echo -n $"$file is not owned by \"$user\"" ; warning ; echo
 		done
@@ -134,7 +143,11 @@ function configtest() {
 		echo -n $"$file is not readable by \"$user\"" ; warning ; echo
 	fi
 	# Unaccessible TLS configuration files.
-	tlsconfigs=`LANG=C egrep '^olc(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]*:[[:space:]]' $configdir/cn\=config.ldif | awk '{print $2}'`
+    if [ -d $configdir ]; then
+	    tlsconfigs=`LANG=C egrep '^olc(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]*:[[:space:]]' $configdir/cn\=config.ldif | awk '{print $2}'`
+    elif [ -f $configfile ]; then
+	    tlsconfigs=`LANG=C egrep '^(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]+' $configfile | awk '{print $2}'`
+    fi
 	for file in $tlsconfigs ; do
 		if ! testasuser $user -r $file ; then
 			echo -n $"$file is not readable by \"$user\"" ; warning ; echo
@@ -218,24 +231,39 @@ case "$1" in
 	configtest
 	;;
     start)
-	start
+	msg=`status -p $pidfile ${slapd} > /dev/null 2>&1`
 	RETVAL=$?
+	if [ "$RETVAL" = "0" ]; then
+		echo $msg
+		RETVAL=1
+	else
+		start
+		RETVAL=$?
+	fi
 	;;
     stop)
-	stop
+	msg=`status -p $pidfile ${slapd} > /dev/null 2>&1`
 	RETVAL=$?
+	if [ "$RETVAL" != "0" ]; then
+		echo $msg
+		RETVAL=7
+	else
+		stop
+		RETVAL=$?
+	fi
 	;;
     status)
 	status -p $pidfile ${slapd}
 	RETVAL=$?
 	;;
     restart|force-reload)
+	status -p $pidfile ${slapd} > /dev/null 2>&1 || exit 7
 	stop
 	start
 	RETVAL=$?
 	;;
     condrestart|try-restart)
-	status -p $pidfile ${slapd} || exit 0
+	status -p $pidfile ${slapd} > /dev/null 2>&1 || exit 0
 	stop
 	start
 	;;


Index: openldap.spec
===================================================================
RCS file: /cvs/extras/rpms/openldap/F-12/openldap.spec,v
retrieving revision 1.153
retrieving revision 1.154
diff -u -p -r1.153 -r1.154
--- openldap.spec	7 Oct 2009 13:04:36 -0000	1.153
+++ openldap.spec	18 Nov 2009 15:33:17 -0000	1.154
@@ -1,9 +1,9 @@
 # We distribute own version of Berkeley DB to prevent 
 # problems on db4.rpm upgrade - some versions of db4 do
 # not work with some versions of OpenLDAP.
-%define db_version 4.7.25
+%define db_version 4.8.24
 %define ldbm_backend berkeley
-%define version 2.4.18
+%define version 2.4.19
 %define evolution_connector_prefix %{_libdir}/evolution-openldap
 %define evolution_connector_includedir %{evolution_connector_prefix}/include
 %define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
@@ -11,7 +11,7 @@
 Summary: LDAP support libraries
 Name: openldap
 Version: %{version}
-Release: 5%{?dist}
+Release: 1%{?dist}
 License: OpenLDAP
 Group: System Environment/Daemons
 Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
@@ -35,16 +35,11 @@ Patch6: openldap-2.3.19-gethostbyXXXX_r.
 Patch9: openldap-2.3.37-smbk5pwd.patch
 Patch10: openldap-2.4.6-multilib.patch
 Patch11: openldap-2.4.16-doc-cacertdir.patch
-Patch12: openldap-2.4.18-ldif-buf-overflow.patch
+Patch12: openldap-2.4.19-tls-accept.patch
 
 # Patches for the evolution library
 Patch200: openldap-2.4.6-evolution-ntlm.patch
 
-# Patches for db4 library
-Patch400: patch.4.7.25.1
-Patch401: patch.4.7.25.2
-Patch402: patch.4.7.25.3
-
 URL: http://www.openldap.org/
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: cyrus-sasl-devel >= 2.1, gdbm-devel, libtool >= 1.5.6-2, krb5-devel
@@ -125,12 +120,6 @@ programs needed for accessing and modify
 %prep
 %setup -q -c -a 1
 
-pushd db-%{db_version}
-%patch400 -p0 -b .patch1
-%patch401 -p0 -b .patch2
-%patch402 -p0 -b .patch3
-popd
-
 pushd openldap-%{version}
 %patch0 -p1 -b .config
 %patch1 -p1 -b .ldaprc
@@ -142,7 +131,7 @@ pushd openldap-%{version}
 %patch9 -p1 -b .smbk5pwd
 %patch10 -p1 -b .multilib
 %patch11 -p1 -b .cacertdir
-%patch12 -p1 -b .malloc
+%patch12 -p1 -b .tls-accept
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 popd
@@ -503,7 +492,7 @@ if [ -f /var/lib/ldap/need_db_upgrade ];
 fi
 
 if [ ! -f %{_sysconfdir}/pki/tls/certs/slapd.pem ] ; then
-pushd %{_sysconfdir}/pki/tls/certs
+pushd %{_sysconfdir}/pki/tls/certs > /dev/null 2>&1
 umask 077
 cat << EOF | make slapd.pem > /dev/null 2>&1
 --
@@ -599,7 +588,6 @@ fi
 %doc README.schema
 %ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/slapd.pem
 %attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/slapd
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/ldap*.conf
 %attr(0640,root,ldap) %config(noreplace,missingok) %{_sysconfdir}/openldap/slapd.conf
 %attr(0640,root,ldap) %ghost %{_sysconfdir}/openldap/slapd.conf.bak
 %attr(0640,ldap,ldap) %ghost %{_sysconfdir}/openldap/slapd.d
@@ -645,6 +633,15 @@ fi
 %attr(0644,root,root)      %{evolution_connector_libdir}/*.a
 
 %changelog
+* Wed Nov 18 2009 Jan Zeleny <jzeleny at redhat.com> - 2.4.19-1
+- fixed tls connection accepting when TLSVerifyClient = allow
+- /etc/openldap/ldap.conf removed from files owned by openldap-servers
+- minor changes in spec file to supress warnings
+- some changes in init script, so it would be possible to use it when
+  using old configuration style
+- rebased openldap to 2.4.19
+- rebased bdb to 4.8.24
+
 * Wed Oct 07 2009 Jan Zeleny <jzeleny at redhat.com> 2.4.18-5
 - updated smbk5pwd patch to be linked with libldap (#526500)
 


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/openldap/F-12/sources,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -p -r1.50 -r1.51
--- sources	18 Sep 2009 10:01:45 -0000	1.50
+++ sources	18 Nov 2009 15:33:17 -0000	1.51
@@ -1,2 +1,2 @@
-fecd7a64b6d9a0eb79b817d2562956ed  openldap-2.4.18.tgz
-ec2b87e833779681a0c3a814aa71359e  db-4.7.25.tar.gz
+4a6dab2711fcf141f19bb680bc335887  openldap-2.4.19.tgz
+147afdecf438ff99ade105a5272db158  db-4.8.24.tar.gz


