parent
3363e7a6da
commit
2c331b7581
1
.gitignore
vendored
1
.gitignore
vendored
@ -11,3 +11,4 @@
|
|||||||
/openldap-2.4.37.tgz
|
/openldap-2.4.37.tgz
|
||||||
/openldap-2.4.38.tgz
|
/openldap-2.4.38.tgz
|
||||||
/openldap-2.4.39.tgz
|
/openldap-2.4.39.tgz
|
||||||
|
/openldap-2.4.40.tgz
|
||||||
|
@ -1,192 +0,0 @@
|
|||||||
Implement priority/weight for DNS SRV records
|
|
||||||
|
|
||||||
From RFC 2782:
|
|
||||||
|
|
||||||
A client MUST attempt to contact the target host with the
|
|
||||||
lowest-numbered priority it can reach.
|
|
||||||
|
|
||||||
This patch sorts the DNS SRV records by their priority, and
|
|
||||||
additionally gives records with a larger weight a higher probability
|
|
||||||
of appearing earlier. This way, the DNS SRV records are tried in the
|
|
||||||
order of their priority.
|
|
||||||
|
|
||||||
Author: James M Leddy <james.leddy@redhat.com>
|
|
||||||
Upstream ITS: #7027
|
|
||||||
Resolves: #733078
|
|
||||||
|
|
||||||
---
|
|
||||||
libraries/libldap/dnssrv.c | 106 ++++++++++++++++++++++++++++++++++----------
|
|
||||||
1 files changed, 83 insertions(+), 23 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libraries/libldap/dnssrv.c b/libraries/libldap/dnssrv.c
|
|
||||||
index 16b1544..40f93b4 100644
|
|
||||||
--- a/libraries/libldap/dnssrv.c
|
|
||||||
+++ b/libraries/libldap/dnssrv.c
|
|
||||||
@@ -174,6 +174,46 @@ int ldap_domain2dn(
|
|
||||||
return LDAP_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef HAVE_RES_QUERY
|
|
||||||
+#define DNSBUFSIZ (64*1024)
|
|
||||||
+typedef struct srv_record {
|
|
||||||
+ u_short priority;
|
|
||||||
+ u_short weight;
|
|
||||||
+ u_short port;
|
|
||||||
+ char hostname[DNSBUFSIZ];
|
|
||||||
+} srv_record;
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static int srv_cmp(const void *aa, const void *bb){
|
|
||||||
+ srv_record *a=(srv_record *)aa;
|
|
||||||
+ srv_record *b=(srv_record *)bb;
|
|
||||||
+ u_long total;
|
|
||||||
+
|
|
||||||
+ if(a->priority < b->priority) {
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ if(a->priority > b->priority) {
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+ if(a->priority == b->priority){
|
|
||||||
+ /* targets with same priority are in psudeo random order */
|
|
||||||
+ if (a->weight == 0 && b->weight == 0) {
|
|
||||||
+ if (rand() % 2) {
|
|
||||||
+ return -1;
|
|
||||||
+ } else {
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ total = a->weight + b->weight;
|
|
||||||
+ if (rand() % total < a->weight) {
|
|
||||||
+ return -1;
|
|
||||||
+ } else {
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+#endif /* HAVE_RES_QUERY */
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Lookup and return LDAP servers for domain (using the DNS
|
|
||||||
* SRV record _ldap._tcp.domain).
|
|
||||||
@@ -183,15 +223,16 @@ int ldap_domain2hostlist(
|
|
||||||
char **list )
|
|
||||||
{
|
|
||||||
#ifdef HAVE_RES_QUERY
|
|
||||||
-#define DNSBUFSIZ (64*1024)
|
|
||||||
- char *request;
|
|
||||||
- char *hostlist = NULL;
|
|
||||||
+ char *request;
|
|
||||||
+ char *hostlist = NULL;
|
|
||||||
+ srv_record *hostent_head=NULL;
|
|
||||||
+ int i;
|
|
||||||
int rc, len, cur = 0;
|
|
||||||
unsigned char reply[DNSBUFSIZ];
|
|
||||||
+ int hostent_count=0;
|
|
||||||
|
|
||||||
assert( domain != NULL );
|
|
||||||
assert( list != NULL );
|
|
||||||
-
|
|
||||||
if( *domain == '\0' ) {
|
|
||||||
return LDAP_PARAM_ERROR;
|
|
||||||
}
|
|
||||||
@@ -223,8 +264,7 @@ int ldap_domain2hostlist(
|
|
||||||
unsigned char *p;
|
|
||||||
char host[DNSBUFSIZ];
|
|
||||||
int status;
|
|
||||||
- u_short port;
|
|
||||||
- /* int priority, weight; */
|
|
||||||
+ u_short port, priority, weight;
|
|
||||||
|
|
||||||
/* Parse out query */
|
|
||||||
p = reply;
|
|
||||||
@@ -263,40 +303,56 @@ int ldap_domain2hostlist(
|
|
||||||
size = (p[0] << 8) | p[1];
|
|
||||||
p += 2;
|
|
||||||
if (type == T_SRV) {
|
|
||||||
- int buflen;
|
|
||||||
status = dn_expand(reply, reply + len, p + 6, host, sizeof(host));
|
|
||||||
if (status < 0) {
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
- /* ignore priority and weight for now */
|
|
||||||
- /* priority = (p[0] << 8) | p[1]; */
|
|
||||||
- /* weight = (p[2] << 8) | p[3]; */
|
|
||||||
+
|
|
||||||
+ /* Get priority weight and port */
|
|
||||||
+ priority = (p[0] << 8) | p[1];
|
|
||||||
+ weight = (p[2] << 8) | p[3];
|
|
||||||
port = (p[4] << 8) | p[5];
|
|
||||||
|
|
||||||
if ( port == 0 || host[ 0 ] == '\0' ) {
|
|
||||||
goto add_size;
|
|
||||||
}
|
|
||||||
|
|
||||||
- buflen = strlen(host) + STRLENOF(":65355 ");
|
|
||||||
- hostlist = (char *) LDAP_REALLOC(hostlist, cur + buflen + 1);
|
|
||||||
- if (hostlist == NULL) {
|
|
||||||
- rc = LDAP_NO_MEMORY;
|
|
||||||
- goto out;
|
|
||||||
+ hostent_head = (srv_record *) LDAP_REALLOC(hostent_head, (hostent_count+1)*(sizeof(srv_record)));
|
|
||||||
+ if(hostent_head==NULL){
|
|
||||||
+ rc=LDAP_NO_MEMORY;
|
|
||||||
+ goto out;
|
|
||||||
+
|
|
||||||
}
|
|
||||||
- if (cur > 0) {
|
|
||||||
- /* not first time around */
|
|
||||||
- hostlist[cur++] = ' ';
|
|
||||||
- }
|
|
||||||
- cur += sprintf(&hostlist[cur], "%s:%hu", host, port);
|
|
||||||
+ hostent_head[hostent_count].priority=priority;
|
|
||||||
+ hostent_head[hostent_count].weight=weight;
|
|
||||||
+ hostent_head[hostent_count].port=port;
|
|
||||||
+ strncpy(hostent_head[hostent_count].hostname, host,255);
|
|
||||||
+ hostent_count=hostent_count+1;
|
|
||||||
}
|
|
||||||
add_size:;
|
|
||||||
p += size;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ qsort(hostent_head, hostent_count, sizeof(srv_record), srv_cmp);
|
|
||||||
+
|
|
||||||
+ for(i=0; i<hostent_count; i++){
|
|
||||||
+ int buflen;
|
|
||||||
+ buflen = strlen(hostent_head[i].hostname) + STRLENOF(":65355" );
|
|
||||||
+ hostlist = (char *) LDAP_REALLOC(hostlist, cur+buflen+1);
|
|
||||||
+ if (hostlist == NULL) {
|
|
||||||
+ rc = LDAP_NO_MEMORY;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ if(cur>0){
|
|
||||||
+ hostlist[cur++]=' ';
|
|
||||||
+ }
|
|
||||||
+ cur += sprintf(&hostlist[cur], "%s:%hd", hostent_head[i].hostname, hostent_head[i].port);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (hostlist == NULL) {
|
|
||||||
- /* No LDAP servers found in DNS. */
|
|
||||||
- rc = LDAP_UNAVAILABLE;
|
|
||||||
- goto out;
|
|
||||||
+ /* No LDAP servers found in DNS. */
|
|
||||||
+ rc = LDAP_UNAVAILABLE;
|
|
||||||
+ goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = LDAP_SUCCESS;
|
|
||||||
@@ -308,8 +364,12 @@ add_size:;
|
|
||||||
if (request != NULL) {
|
|
||||||
LDAP_FREE(request);
|
|
||||||
}
|
|
||||||
+ if (hostent_head != NULL) {
|
|
||||||
+ LDAP_FREE(hostent_head);
|
|
||||||
+ }
|
|
||||||
if (rc != LDAP_SUCCESS && hostlist != NULL) {
|
|
||||||
LDAP_FREE(hostlist);
|
|
||||||
+
|
|
||||||
}
|
|
||||||
return rc;
|
|
||||||
#else
|
|
||||||
--
|
|
||||||
1.7.6
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
Author: Jan Synáček <jsynacek@redhat.com>
|
|
||||||
Resolves: #1060851
|
|
||||||
Upstream ITS: #7723
|
|
||||||
|
|
||||||
Correctly count references in rwm overlay.
|
|
||||||
|
|
||||||
--- a/libraries/librewrite/session.c 2010-04-13 22:23:09.000000000 +0200
|
|
||||||
+++ b/libraries/librewrite/session.c 2013-11-08 08:47:26.000000000 +0100
|
|
||||||
@@ -161,6 +161,7 @@
|
|
||||||
#ifdef USE_REWRITE_LDAP_PVT_THREADS
|
|
||||||
if ( session ) {
|
|
||||||
ldap_pvt_thread_mutex_lock( &session->ls_mutex );
|
|
||||||
+ session->ls_count++;
|
|
||||||
}
|
|
||||||
ldap_pvt_thread_rdwr_runlock( &info->li_cookies_mutex );
|
|
||||||
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
|
|
||||||
@@ -178,6 +179,7 @@
|
|
||||||
)
|
|
||||||
{
|
|
||||||
assert( session != NULL );
|
|
||||||
+ session->ls_count--;
|
|
||||||
ldap_pvt_thread_mutex_unlock( &session->ls_mutex );
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -4,8 +4,8 @@
|
|||||||
%global check_password_version 1.1
|
%global check_password_version 1.1
|
||||||
|
|
||||||
Name: openldap
|
Name: openldap
|
||||||
Version: 2.4.39
|
Version: 2.4.40
|
||||||
Release: 12%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: LDAP support libraries
|
Summary: LDAP support libraries
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
License: OpenLDAP
|
License: OpenLDAP
|
||||||
@ -30,7 +30,6 @@ Patch3: openldap-reentrant-gethostby.patch
|
|||||||
Patch4: openldap-smbk5pwd-overlay.patch
|
Patch4: openldap-smbk5pwd-overlay.patch
|
||||||
Patch5: openldap-ldaprc-currentdir.patch
|
Patch5: openldap-ldaprc-currentdir.patch
|
||||||
Patch6: openldap-userconfig-setgid.patch
|
Patch6: openldap-userconfig-setgid.patch
|
||||||
Patch7: openldap-dns-priority.patch
|
|
||||||
Patch8: openldap-syncrepl-unset-tls-options.patch
|
Patch8: openldap-syncrepl-unset-tls-options.patch
|
||||||
Patch9: openldap-man-sasl-nocanon.patch
|
Patch9: openldap-man-sasl-nocanon.patch
|
||||||
Patch10: openldap-ai-addrconfig.patch
|
Patch10: openldap-ai-addrconfig.patch
|
||||||
@ -47,8 +46,6 @@ Patch16: openldap-nss-pk11-freeslot.patch
|
|||||||
Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
|
Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
|
||||||
# ldapi sasl fix pending upstream inclusion
|
# ldapi sasl fix pending upstream inclusion
|
||||||
Patch20: openldap-ldapi-sasl.patch
|
Patch20: openldap-ldapi-sasl.patch
|
||||||
# rwm reference counting fix, pending upstream inclusion
|
|
||||||
Patch21: openldap-rwm-reference-counting.patch
|
|
||||||
|
|
||||||
# Fedora specific patches
|
# Fedora specific patches
|
||||||
Patch100: openldap-autoconf-pkgconfig-nss.patch
|
Patch100: openldap-autoconf-pkgconfig-nss.patch
|
||||||
@ -153,7 +150,6 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
|
|||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
@ -165,7 +161,6 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
|
|||||||
%patch16 -p1
|
%patch16 -p1
|
||||||
%patch19 -p1
|
%patch19 -p1
|
||||||
%patch20 -p1
|
%patch20 -p1
|
||||||
%patch21 -p1
|
|
||||||
|
|
||||||
%patch102 -p1
|
%patch102 -p1
|
||||||
|
|
||||||
@ -578,6 +573,9 @@ exit 0
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Sep 30 2014 Jan Synáček <jsynacek@redhat.com> - 2.4.40-1
|
||||||
|
- new upstream release (#1147877)
|
||||||
|
|
||||||
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.39-12
|
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.39-12
|
||||||
- Perl 5.20 rebuild
|
- Perl 5.20 rebuild
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
|||||||
b0d5ee4b252c841dec6b332d679cf943 openldap-2.4.39.tgz
|
423c1f23d2a0cb96b3e9baf7e9d7dda7 openldap-2.4.40.tgz
|
||||||
3535b7cd46dcf41c9a9480efa9e64618 ltb-project-openldap-ppolicy-check-password-1.1.tar.gz
|
3535b7cd46dcf41c9a9480efa9e64618 ltb-project-openldap-ppolicy-check-password-1.1.tar.gz
|
||||||
|
Loading…
Reference in New Issue
Block a user