From ff5c1adb2a846e3d88c08875c998a99b8956492e Mon Sep 17 00:00:00 2001 From: Jan Synacek Date: Thu, 9 May 2013 09:32:49 +0200 Subject: [PATCH] fix: LDAPI with GSSAPI does not work if SASL_NOCANON=on Resolves: #960222 --- openldap-ldapi-sasl.patch | 55 +++++++++++++++++++++++++++++++++++++++ openldap.spec | 4 +++ 2 files changed, 59 insertions(+) create mode 100644 openldap-ldapi-sasl.patch diff --git a/openldap-ldapi-sasl.patch b/openldap-ldapi-sasl.patch new file mode 100644 index 0000000..058cc1c --- /dev/null +++ b/openldap-ldapi-sasl.patch @@ -0,0 +1,55 @@ +From 69709289b083c53ba41d2cef7d65120220f8c59b Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Tue, 7 May 2013 17:02:57 +0200 +Subject: [PATCH] LDAPI SASL fix + +Resolves: #960222 +--- + libraries/libldap/cyrus.c | 19 ++++++++++++++++--- + 1 Datei geändert, 16 Zeilen hinzugefügt(+), 3 Zeilen entfernt(-) + +diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c +index 28c241b..a9acf36 100644 +--- a/libraries/libldap/cyrus.c ++++ b/libraries/libldap/cyrus.c +@@ -394,6 +394,8 @@ ldap_int_sasl_bind( + struct berval ccred = BER_BVNULL; + int saslrc, rc; + unsigned credlen; ++ char my_hostname[HOST_NAME_MAX + 1]; ++ int free_saslhost = 0; + + Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: %s\n", + mechs ? mechs : "", 0, 0 ); +@@ -454,14 +456,25 @@ ldap_int_sasl_bind( + + /* If we don't need to canonicalize just use the host + * from the LDAP URI. ++ * Always use the result of gethostname() for LDAPI. + */ +- if ( nocanon ) ++ if (ld->ld_defconn->lconn_server->lud_scheme != NULL && ++ strcmp("ldapi", ld->ld_defconn->lconn_server->lud_scheme) == 0) { ++ rc = gethostname(my_hostname, HOST_NAME_MAX + 1); ++ if (rc == 0) { ++ saslhost = my_hostname; ++ } else { ++ saslhost = "localhost"; ++ } ++ } else if ( nocanon ) + saslhost = ld->ld_defconn->lconn_server->lud_host; +- else ++ else { + saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb, + "localhost" ); ++ free_saslhost = 1; ++ } + rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost ); +- if ( !nocanon ) ++ if ( free_saslhost ) + LDAP_FREE( saslhost ); + } + +-- +1.7.11.7 + diff --git a/openldap.spec b/openldap.spec index 616c535..bbc45f1 100644 --- a/openldap.spec +++ b/openldap.spec @@ -50,6 +50,8 @@ Patch18: openldap-doc2.patch # the proper fix is to link all perl modules against libperl # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327585 Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch +# ldapi sasl fix pending upstream inclusion +Patch20: openldap-ldapi-sasl.patch # Fedora specific patches Patch100: openldap-autoconf-pkgconfig-nss.patch @@ -168,6 +170,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch17 -p1 %patch18 -p1 %patch19 -p1 +%patch20 -p1 %patch102 -p1 @@ -599,6 +602,7 @@ exit 0 %changelog * Thu May 09 2013 Jan Synáček 2.4.35-4 - do not needlessly run ldconfig after installing openldap-devel +- fix: LDAPI with GSSAPI does not work if SASL_NOCANON=on (#960222) - fix: lt_dlopen() with back_perl (#960048) * Tue Apr 09 2013 Jan Synáček 2.4.35-3