packages/openldap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!117 sync some patches from upstream

Browse Source 
From: @yangl777 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
This commit is contained in:
openeuler-ci-bot 2025-02-13 09:32:54 +00:00 committed by Gitee
commit aa5beefe0d
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
7 changed files with 313 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
backport-ITS-10193-Asyncmeta-starts-more-than-one-timeout-loo.patch Normal file
View File

@ -0,0 +1,64 @@
From 729a604192edd2943e1464de998626c76b808ebd Mon Sep 17 00:00:00 2001
From: Nadezhda Ivanova <nivanova@symas.com>
Date: Tue, 2 Apr 2024 13:34:07 +0300
Subject: [PATCH 1/1] ITS#10193 Asyncmeta starts more than one timeout loop per
database and slaptest crashes
Reference:https://git.openldap.org/openldap/openldap/-/commit/729a604192edd2943e1464de998626c76b808ebd
Conflict:NA
---
servers/slapd/back-asyncmeta/config.c | 9 ++++++---
servers/slapd/back-asyncmeta/init.c | 2 +-
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/servers/slapd/back-asyncmeta/config.c b/servers/slapd/back-asyncmeta/config.c
index fbc9681418..aae054ab0a 100644
--- a/servers/slapd/back-asyncmeta/config.c
+++ b/servers/slapd/back-asyncmeta/config.c
@@ -497,7 +497,8 @@ asyncmeta_cfadd( Operation *op, SlapReply *rs, Entry *p, ConfigArgs *c )
static int
asyncmeta_back_new_target(
a_metatarget_t **mtp,
- a_metainfo_t *mi )
+ a_metainfo_t *mi,
+ BackendDB *db )
{
a_metatarget_t *mt;
@@ -516,7 +517,9 @@ asyncmeta_back_new_target(
mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
*mtp = mt;
-
+ if ( !SLAP_DBOPEN(db) || !(slapMode & SLAP_SERVER_MODE)) {
+ return 0;
+ }
for ( i = 0; i < mi->mi_num_conns; i++ ) {
a_metaconn_t *mc = &mi->mi_conns[i];
mc->mc_conns = ch_realloc( mc->mc_conns, sizeof( a_metasingleconn_t ) * mi->mi_ntargets);
@@ -1907,7 +1910,7 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
return 1;
}
- if ( asyncmeta_back_new_target( &mi->mi_targets[ i ], mi ) != 0 ) {
+ if ( asyncmeta_back_new_target( &mi->mi_targets[ i ], mi, c->be ) != 0 ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"unable to init server"
" in \"%s <protocol>://<server>[:port]/<naming context>\"",
diff --git a/servers/slapd/back-asyncmeta/init.c b/servers/slapd/back-asyncmeta/init.c
index 5c8016fb2b..45fccf03ec 100644
--- a/servers/slapd/back-asyncmeta/init.c
+++ b/servers/slapd/back-asyncmeta/init.c
@@ -275,7 +275,7 @@ asyncmeta_back_db_open(
ber_dupbv ( &mi->mi_suffix, &be->be_suffix[0] );
- if ( mi->mi_ntargets > 0 ) {
+ if ( ( slapMode & SLAP_SERVER_MODE ) && mi->mi_ntargets > 0 ) {
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
mi->mi_task = ldap_pvt_runqueue_insert( &slapd_rq, 1,
asyncmeta_timeout_loop, mi, "asyncmeta_timeout_loop", mi->mi_suffix.bv_val );
--
2.33.0

28
backport-ITS-10204-slapo-constraint-fix-double-free-on-invali.patch Normal file
View File

@ -0,0 +1,28 @@
From 6d5400a2c701125c71d907988ef57130c038759c Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Tue, 30 Apr 2024 15:55:01 +0100
Subject: [PATCH 1/1] ITS#10204 slapo-constraint: fix double-free on invalid
attr
Reference:https://git.openldap.org/openldap/openldap/-/commit/6d5400a2c701125c71d907988ef57130c038759c
Conflict:NA
---
servers/slapd/overlays/constraint.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
index 0d6156af4d..9622c29929 100644
--- a/servers/slapd/overlays/constraint.c
+++ b/servers/slapd/overlays/constraint.c
@@ -369,6 +369,7 @@ constraint_cf_gen( ConfigArgs *c )
ap.attrs[i] = NULL;
if ( slap_str2ad( ap.lud->lud_attrs[i], &ap.attrs[i], &text ) ) {
ch_free( ap.attrs );
+ ap.attrs = NULL;
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s <%s>: %s\n", c->argv[0], ap.lud->lud_attrs[i], text );
rc = ARG_BAD_CONF;
--
2.33.0

34
backport-ITS-10211-slapd-Fix-peercred-uid-and-gid-format.patch Normal file
View File

@ -0,0 +1,34 @@
From bf01750381726db3052d94514eec4048c90a616a Mon Sep 17 00:00:00 2001
From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 2 May 2024 08:48:14 +0100
Subject: [PATCH 1/1] ITS#10211 slapd: Fix peercred uid and gid format
uid and gid are unsigned int and so should be formatted as such when
creating the authid string.
Reference:https://git.openldap.org/openldap/openldap/-/commit/bf01750381726db3052d94514eec4048c90a616a
Conflict:NA
---
servers/slapd/daemon.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index 26e7e67619..8c2dd83efd 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -2270,9 +2270,9 @@ slap_listener(
STRLENOF( "gidNumber=4294967295+uidNumber=4294967295,"
"cn=peercred,cn=external,cn=auth" ) + 1 );
authid.bv_len = sprintf( authid.bv_val,
- "gidNumber=%d+uidNumber=%d,"
+ "gidNumber=%u+uidNumber=%u,"
"cn=peercred,cn=external,cn=auth",
- (int) gid, (int) uid );
+ gid, uid );
assert( authid.bv_len <=
STRLENOF( "gidNumber=4294967295+uidNumber=4294967295,"
"cn=peercred,cn=external,cn=auth" ) );
--
2.33.0

32
backport-ITS-10264-free-NoD-data-we-stored-locally.patch Normal file
View File

@ -0,0 +1,32 @@
From 3f6cec3b467c78104e915642b41f7625f35518d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
Date: Wed, 2 Oct 2024 13:23:44 +0100
Subject: [PATCH] ITS#10264 Free NoD data we stored locally
Reference:https://git.openldap.org/openldap/openldap/-/commit/3f6cec3b467c78104e915642b41f7625f35518d8
Conflict:no
---
libraries/libldap/result.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c
index acbf51f55f..e9ac9f32b3 100644
--- a/libraries/libldap/result.c
+++ b/libraries/libldap/result.c
@@ -904,6 +904,13 @@ nextresp2:
if ( lr != &dummy_lr ) {
ldap_return_request( ld, lr, 1 );
+ } else {
+ if ( lr->lr_res_matched ) {
+ LDAP_FREE( lr->lr_res_matched );
+ }
+ if ( lr->lr_res_error ) {
+ LDAP_FREE( lr->lr_res_error );
+ }
}
lr = NULL;
}
--
GitLab

103
backport-ITS-8047-fix-tls-connection-timeout-handling.patch Normal file
View File

@ -0,0 +1,103 @@
From d143f7a2dc82fb66e7741b93a1ae9e874ce2ac46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
Date: Mon, 21 Oct 2024 11:50:11 +0100
Subject: [PATCH] ITS#8047 Fix TLS connection timeout handling
The test for async in ldap_int_tls_start was inverted, we already
support calling ldap_int_tls_connect repeatedly. And so long as
LBER_SB_OPT_NEEDS_* are managed correctly, the application should be
able to do the right thing.
Might require a new result code rather than reporposing
LDAP_X_CONNECTING for this.
Reference:https://git.openldap.org/openldap/openldap/-/commit/d143f7a2dc82fb66e7741b93a1ae9e874ce2ac46
Conflict:context conflict by https://git.openldap.org/openldap/openldap/-/commit/139944ac1e5fcf74e903e1e3d887fb8498c2fd1e
---
libraries/libldap/ldap-int.h | 1 +
libraries/libldap/tls2.c | 18 +++++++++++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index 2dae6ef..6827ec4 100644
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -368,6 +368,7 @@ typedef struct ldap_conn {
#define LDAP_CONNST_NEEDSOCKET 1
#define LDAP_CONNST_CONNECTING 2
#define LDAP_CONNST_CONNECTED 3
+#define LDAP_CONNST_TLS_INPROGRESS 4
LDAPURLDesc *lconn_server;
BerElement *lconn_ber; /* ber receiving on this conn. */
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index 1fb6cff..3d3b5fd 100644
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -383,6 +383,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
if ( lo && lo->ldo_tls_connect_cb && lo->ldo_tls_connect_cb !=
ld->ld_options.ldo_tls_connect_cb )
lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
+ conn->lconn_status = LDAP_CONNST_TLS_INPROGRESS;
}
/* pass hostname for SNI, but only if it's an actual name
@@ -441,9 +442,11 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_TRANSPORT );
#endif
+ conn->lconn_status = LDAP_CONNST_CONNECTED;
return -1;
}
+ conn->lconn_status = LDAP_CONNST_CONNECTED;
return 0;
}
@@ -516,8 +519,9 @@ int
ldap_tls_inplace( LDAP *ld )
{
Sockbuf *sb = NULL;
+ LDAPConn *lc = ld->ld_defconn;
- if ( ld->ld_defconn && ld->ld_defconn->lconn_sb ) {
+ if ( lc && lc->lconn_sb ) {
sb = ld->ld_defconn->lconn_sb;
} else if ( ld->ld_sb ) {
@@ -527,6 +531,10 @@ ldap_tls_inplace( LDAP *ld )
return 0;
}
+ if ( lc && lc->lconn_status == LDAP_CONNST_TLS_INPROGRESS ) {
+ return 0;
+ }
+
return ldap_pvt_tls_inplace( sb );
}
@@ -1159,6 +1167,9 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
*/
while ( ret > 0 ) {
if ( async ) {
+ ld->ld_errno = LDAP_X_CONNECTING;
+ return (ld->ld_errno);
+ } else {
struct timeval curr_time_tv, delta_tv;
int wr=0;
@@ -1217,6 +1228,11 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
ret = ldap_int_tls_connect( ld, conn, host );
}
+ if ( !async && ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
+ /* Restore original sb status */
+ ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)0 );
+ }
+
if ( ret < 0 ) {
if ( ld->ld_errno == LDAP_SUCCESS )
ld->ld_errno = LDAP_CONNECT_ERROR;
--
2.33.0

31
backport-ITS-9037-mdb_page_search-fix-error-code-when-DBI-rec.patch Normal file
View File

@ -0,0 +1,31 @@
From 83dc42c5cab8999a5d9c20bf696b03d657170c51 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Tue, 26 Mar 2024 14:50:17 +0000
Subject: [PATCH 1/1] ITS#9037 mdb_page_search: fix error code when DBI record
is missing
Use the more relevant MDB_BAD_DBI instead of MDB_NOTFOUND error code
Reference:https://git.openldap.org/openldap/openldap/-/commit/83dc42c5cab8999a5d9c20bf696b03d657170c51
Conflict:NA
---
libraries/liblmdb/mdb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
index 0570deab23..53e1b4c257 100644
--- a/libraries/liblmdb/mdb.c
+++ b/libraries/liblmdb/mdb.c
@@ -5701,7 +5701,7 @@ mdb_page_search(MDB_cursor *mc, MDB_val *key, int flags)
MDB_node *leaf = mdb_node_search(&mc2,
&mc->mc_dbx->md_name, &exact);
if (!exact)
- return MDB_NOTFOUND;
+ return MDB_BAD_DBI;
if ((leaf->mn_flags & (F_DUPDATA|F_SUBDATA)) != F_SUBDATA)
return MDB_INCOMPATIBLE; /* not a named DB */
rc = mdb_node_read(&mc2, leaf, &data);
--
2.33.0

22
openldap.spec
View File

@ -2,7 +2,7 @@
Name: openldap
Version: 2.6.5
Release: 5
Release: 6
Summary: LDAP support libraries
License: OLDAP-2.8
URL: https://www.openldap.org/
@ -26,6 +26,13 @@ Patch7: backport-check-password-makefile.patch
Patch8: backport-check-password.patch
Patch9: add-ber_sockbuf_io_udp-to-liber.map.patch
Patch10: backport-ITS-10193-Asyncmeta-starts-more-than-one-timeout-loo.patch
Patch11: backport-ITS-10204-slapo-constraint-fix-double-free-on-invali.patch
Patch12: backport-ITS-10211-slapd-Fix-peercred-uid-and-gid-format.patch
Patch13: backport-ITS-9037-mdb_page_search-fix-error-code-when-DBI-rec.patch
Patch14: backport-ITS-10264-free-NoD-data-we-stored-locally.patch
Patch15: backport-ITS-8047-fix-tls-connection-timeout-handling.patch
BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel
BuildRequires: glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed
@ -99,6 +106,13 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
ln -s ../../../contrib/slapd-modules/allop/allop.c servers/slapd/overlays
@ -391,6 +405,12 @@ popd
%doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
%changelog
* Thu Feb 13 2025 yanglu <yanglu72@h-partners.com> - 2.6.5-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sync some patches from upstream
* Fri Jun 14 2024 xinghe <xinghe2@h-partners.com> - 2.6.5-5
- Type:bugfix
- ID:NA