SOURCES: nss_ldap-parse.patch (NEW) - ignore malformed entries, up...
baggins
baggins at pld-linux.org
Wed Nov 7 15:12:57 CET 2007
Author: baggins Date: Wed Nov 7 14:12:57 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- ignore malformed entries, upstream bug #248
---- Files affected:
SOURCES:
nss_ldap-parse.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/nss_ldap-parse.patch
diff -u /dev/null SOURCES/nss_ldap-parse.patch:1.1
--- /dev/null Wed Nov 7 15:12:57 2007
+++ SOURCES/nss_ldap-parse.patch Wed Nov 7 15:12:52 2007
@@ -0,0 +1,393 @@
+GNU libc ignores malformed entries (those which don't parse correctly), so we
+should do that for entries we find using LDAP, upstream bug #248.
+
+--- nss_ldap-246/aix_authmeth.c 2006-01-20 10:19:01.000000000 -0500
++++ nss_ldap-246/aix_authmeth.c 2006-01-24 13:28:20.000000000 -0500
+@@ -374,6 +374,7 @@
+ const char *attrs[2];
+ NSS_STATUS stat;
+ ldap_args_t a;
++ int error_flag = 0;
+
+ vals = _nss_ldap_get_values (e, ATM (LM_PASSWD, gidNumber));
+ if (vals == NULL)
+@@ -381,7 +382,12 @@
+
+ LA_INIT (a);
+ LA_TYPE (a) = LA_TYPE_NUMBER;
+- LA_NUMBER (a) = atol(vals[0]);
++ LA_NUMBER (a) = _nss_ldap_parse_long(vals[0], 0, &error_flag);
++ if (error_flag != 0)
++ {
++ ldap_value_free (vals);
++ return NSS_NOTFOUND;
++ }
+
+ attrs[0] = ATM (LM_GROUP, cn);
+ attrs[1] = NULL;
+@@ -527,6 +533,7 @@
+ {
+ const char *attribute;
+ char **vals;
++ int error_flag = 0;
+ attrval_t *av = &lua->lua_results[i];
+
+ attribute = uess2ldapattr (lua->lua_map, lua->lua_attributes[i]);
+@@ -543,9 +550,12 @@
+ return NSS_NOTFOUND;
+ }
+
+- av->attr_un.au_int = atoi (vals[0]);
++ av->attr_un.au_int = _nss_ldap_parse_int(vals[0], 0, &error_flag);
+ ldap_value_free (vals);
+- return NSS_SUCCESS;
++ if (error_flag == 0)
++ return NSS_SUCCESS;
++ else
++ return NSS_NOTFOUND;
+ }
+
+ /*
+@@ -835,6 +845,7 @@
+ const char *attrs[2];
+ NSS_STATUS stat;
+ ldap_args_t a;
++ int error_flag = 0;
+
+ LA_INIT (a);
+ LA_TYPE (a) = LA_TYPE_STRING;
+@@ -869,12 +880,15 @@
+ return NSS_NOTFOUND;
+ }
+
+- *uid = atoi(vals[0]);
++ *uid = _nss_ldap_parse_long(vals[0], 0, &error_flag);
+
+ ldap_value_free (vals);
+ ldap_msgfree (res);
+
+- return NSS_SUCCESS;
++ if (error_flag == 0)
++ return NSS_SUCCESS;
++ else
++ return NSS_NOTFOUND;
+ }
+
+ /*
+--- nss_ldap-246/ldap-nss.c 2006-01-20 10:19:01.000000000 -0500
++++ nss_ldap-246/ldap-nss.c 2006-01-24 13:28:20.000000000 -0500
+@@ -3609,18 +3609,33 @@
+
+ #ifdef HAVE_SHADOW_H
+ int
+-_nss_ldap_shadow_date (const char *val)
++_nss_ldap_shadow_date (const char *val, int *error_flag)
+ {
+ int date;
++ char *p;
++ long long ll;
+
++ if ((val == NULL) || (strlen(val) == 0))
++ {
++ if (error_flag != NULL)
++ (*error_flag)++;
++ return -1;
++ }
++ ll = strtoll(val, &p, 10);
++ if ((p == NULL) || (p == val) || (*p != '\0'))
++ {
++ if (error_flag != NULL)
++ (*error_flag)++;
++ return -1;
++ }
+ if (__config->ldc_shadow_type == LS_AD_SHADOW)
+ {
+- date = atoll (val) / 864000000000LL - 134774LL;
++ date = ll / 864000000000LL - 134774LL;
+ date = (date > 99999) ? 99999 : date;
+ }
+ else
+ {
+- date = atol (val);
++ date = ll;
+ }
+
+ return date;
+@@ -3633,7 +3648,7 @@
+ {
+ if (sp->sp_flag & UF_DONT_EXPIRE_PASSWD)
+ sp->sp_max = 99999;
+- sp->sp_flag = 0;
++ sp->sp_flag = -1;
+ }
+ }
+ #endif /* HAVE_SHADOW_H */
+--- nss_ldap-246/ldap-nss.h 2006-01-20 10:19:01.000000000 -0500
++++ nss_ldap-246/ldap-nss.h 2006-01-24 13:28:39.000000000 -0500
+@@ -853,11 +853,10 @@
+
+ NSS_STATUS _nss_ldap_oc_check (LDAPMessage * e, const char *oc);
+
++int _nss_ldap_shadow_date(const char *val, int *error_flag);
+ #if defined(HAVE_SHADOW_H)
+-int _nss_ldap_shadow_date(const char *val);
+ void _nss_ldap_shadow_handle_flag(struct spwd *sp);
+ #else
+-#define _nss_ldap_shadow_date(_v) atol((_v))
+ #define _nss_ldap_shadow_handle_flag(_sp) do { /* nothing */ } while (0)
+ #endif /* HAVE_SHADOW_H */
+
+--- nss_ldap-246/ldap-pwd.c 2006-01-20 10:19:01.000000000 -0500
++++ nss_ldap-246/ldap-pwd.c 2006-01-24 13:28:20.000000000 -0500
+@@ -89,6 +89,7 @@
+ char tmpbuf[sizeof "-4294967295"];
+ size_t tmplen;
+ char *tmp;
++ int error_flag = 0;
+
+ if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS)
+ {
+@@ -122,7 +123,7 @@
+ _nss_ldap_assign_attrval (e, AT (uidNumber), &uid, &tmp, &tmplen);
+ if (stat != NSS_SUCCESS)
+ return stat;
+- pw->pw_uid = (*uid == '\0') ? UID_NOBODY : (uid_t) atol (uid);
++ pw->pw_uid = (uid_t) _nss_ldap_parse_long(uid, UID_NOBODY, &error_flag);
+
+ tmp = tmpbuf;
+ tmplen = sizeof (tmpbuf);
+@@ -131,7 +132,7 @@
+ &tmplen);
+ if (stat != NSS_SUCCESS)
+ return stat;
+- pw->pw_gid = (*gid == '\0') ? GID_NOBODY : (gid_t) atol (gid);
++ pw->pw_gid = (gid_t) _nss_ldap_parse_long(gid, GID_NOBODY, &error_flag);
+
+ stat =
+ _nss_ldap_assign_attrval (e, AT (gecos), &pw->pw_gecos, &buffer,
+@@ -176,7 +177,9 @@
+ tmp = NULL;
+ stat =
+ _nss_ldap_assign_attrval (e, AT (shadowMax), &tmp, &buffer, &buflen);
+- pw->pw_change = (stat == NSS_SUCCESS) ? atol(tmp) * (24*60*60) : 0;
++ pw->pw_change = (stat == NSS_SUCCESS) ?
++ _nss_ldap_parse_long(tmp, 0, &error_flag) * (24 * 60 * 60) :
++ 0;
+
+ if (pw->pw_change > 0)
+ {
+@@ -185,7 +188,7 @@
+ _nss_ldap_assign_attrval (e, AT (shadowLastChange), &tmp, &buffer,
+ &buflen);
+ if (stat == NSS_SUCCESS)
+- pw->pw_change += atol(tmp) * (24*60*60);
++ pw->pw_change += _nss_ldap_parse_long(tmp, 0, &error_flag) * (24*60*60);
+ else
+ pw->pw_change = 0;
+ }
+@@ -195,10 +198,14 @@
+ tmp = NULL;
+ stat =
+ _nss_ldap_assign_attrval (e, AT (shadowExpire), &tmp, &buffer, &buflen);
+- pw->pw_expire = (stat == NSS_SUCCESS) ? atol(tmp) * (24*60*60) : 0;
++ _nss_ldap_parse_long(tmp, 0, &error_flag) * (24 * 60 * 60) :
++ 0;
+ #endif /* HAVE_PASSWD_PW_EXPIRE */
+
+- return NSS_SUCCESS;
++ if (error_flag == 0)
++ return NSS_SUCCESS;
++ else
++ return NSS_NOTFOUND;
+ }
+
+ #ifdef HAVE_NSS_H
+--- nss_ldap-246/ldap-rpc.c 2006-01-20 10:19:01.000000000 -0500
++++ nss_ldap-246/ldap-rpc.c 2006-01-24 13:28:20.000000000 -0500
+@@ -81,6 +81,7 @@
+
+ struct rpcent *rpc = (struct rpcent *) result;
+ char *number;
++ int error_flag = 0;
+ NSS_STATUS stat;
+
+ stat =
+@@ -95,7 +96,7 @@
+ if (stat != NSS_SUCCESS)
+ return stat;
+
+- rpc->r_number = atol (number);
++ rpc->r_number = _nss_ldap_parse_long(number, 0, &error_flag);
+
+ stat =
+ _nss_ldap_assign_attrvals (e, ATM (LM_RPC, cn), rpc->r_name,
+@@ -103,7 +104,10 @@
+ if (stat != NSS_SUCCESS)
+ return stat;
+
+- return NSS_SUCCESS;
++ if (error_flag == 0)
++ return NSS_SUCCESS;
++ else
++ return NSS_NOTFOUND;
+ }
+
+ #ifdef HAVE_NSSWITCH_H
+--- nss_ldap-246/ldap-service.c 2006-01-20 10:19:01.000000000 -0500
++++ nss_ldap-246/ldap-service.c 2006-01-24 13:28:20.000000000 -0500
+@@ -79,6 +79,7 @@
+ struct servent *service = (struct servent *) result;
+ char *port;
+ NSS_STATUS stat = NSS_SUCCESS;
++ int error_flag = 0;
+
+ /* this is complicated and ugly, because some git (me) specified that service
+ * entries should expand to two entities (or more) if they have multi-valued
+@@ -182,9 +183,12 @@
+ return stat;
+ }
+
+- service->s_port = htons (atoi (port));
++ service->s_port = htons (_nss_ldap_parse_int(port, 0, &error_flag));
+
+- return NSS_SUCCESS;
++ if (error_flag == 0)
++ return NSS_SUCCESS;
++ else
++ return NSS_NOTFOUND;
+ }
+
+ #ifdef HAVE_NSSWITCH_H
+--- nss_ldap-246/ldap-spwd.c 2006-01-20 10:19:01.000000000 -0500
++++ nss_ldap-246/ldap-spwd.c 2006-01-24 13:28:20.000000000 -0500
+@@ -51,6 +51,7 @@
+
+ #include "ldap-nss.h"
+ #include "ldap-spwd.h"
++#include "util.h"
+
+ #ifdef HAVE_PORT_AFTER_H
+ #include <port_after.h>
+@@ -70,6 +71,7 @@
+ struct spwd *sp = (struct spwd *) result;
+ NSS_STATUS stat;
+ char *tmp = NULL;
++ int error_flag = 0;
+
+ stat =
+ _nss_ldap_assign_userpassword (e, ATM (LM_SHADOW, userPassword),
+@@ -86,38 +88,55 @@
+ stat =
+ _nss_ldap_assign_attrval (e, AT (shadowLastChange), &tmp, &buffer,
+ &buflen);
+- sp->sp_lstchg = (stat == NSS_SUCCESS) ? _nss_ldap_shadow_date (tmp) : -1;
++ sp->sp_lstchg = (stat == NSS_SUCCESS) ?
++ _nss_ldap_shadow_date(tmp, &error_flag) :
++ -1;
+
+ stat =
+ _nss_ldap_assign_attrval (e, AT (shadowMax), &tmp, &buffer, &buflen);
+- sp->sp_max = (stat == NSS_SUCCESS) ? atol (tmp) : -1;
++ sp->sp_max = (stat == NSS_SUCCESS) ?
++ _nss_ldap_parse_long(tmp, -1, &error_flag) :
++ -1;
+
+ stat =
+ _nss_ldap_assign_attrval (e, AT (shadowMin), &tmp, &buffer, &buflen);
+- sp->sp_min = (stat == NSS_SUCCESS) ? atol (tmp) : -1;
++ sp->sp_min = (stat == NSS_SUCCESS) ?
++ _nss_ldap_parse_long(tmp, -1, &error_flag) :
++ -1;
+
+ stat =
+ _nss_ldap_assign_attrval (e, AT (shadowWarning), &tmp, &buffer,
+ &buflen);
+- sp->sp_warn = (stat == NSS_SUCCESS) ? atol (tmp) : -1;
++ sp->sp_warn = (stat == NSS_SUCCESS) ?
++ _nss_ldap_parse_long(tmp, -1, &error_flag) :
++ -1;
+
+ stat =
+ _nss_ldap_assign_attrval (e, AT (shadowInactive), &tmp, &buffer,
+ &buflen);
+- sp->sp_inact = (stat == NSS_SUCCESS) ? atol (tmp) : -1;
++ sp->sp_inact = (stat == NSS_SUCCESS) ?
++ _nss_ldap_parse_long(tmp, -1, &error_flag) :
++ -1;
+
+ stat =
+ _nss_ldap_assign_attrval (e, AT (shadowExpire), &tmp, &buffer,
+ &buflen);
+- sp->sp_expire = (stat == NSS_SUCCESS) ? _nss_ldap_shadow_date (tmp) : -1;
++ sp->sp_expire = (stat == NSS_SUCCESS) ?
++ _nss_ldap_parse_long(tmp, -1, &error_flag) :
++ -1;
+
+ stat =
+ _nss_ldap_assign_attrval (e, AT (shadowFlag), &tmp, &buffer, &buflen);
+- sp->sp_flag = (stat == NSS_SUCCESS) ? atol (tmp) : 0;
++ sp->sp_flag = (stat == NSS_SUCCESS) ?
++ _nss_ldap_parse_long(tmp, -1, &error_flag) :
++ -1;
+
+ _nss_ldap_shadow_handle_flag(sp);
+
+- return NSS_SUCCESS;
++ if (error_flag == 0)
++ return NSS_SUCCESS;
++ else
++ return NSS_STATUS_NOTFOUND;
+ }
+
+ #ifdef HAVE_NSS_H
+--- nss_ldap-246/util.c 2006-01-20 10:19:01.000000000 -0500
++++ nss_ldap-246/util.c 2006-01-24 13:28:20.000000000 -0500
+@@ -1582,3 +1582,36 @@
+ return NSS_SUCCESS;
+ }
+
++/* Parse a text string into a long integer. If we fail for any reason, return
++ * the passed-in default value. */
++long
++_nss_ldap_parse_long (const char *text, long default_value, int *error_flag)
++{
++ char *p;
++ long l;
++ if ((text == NULL) || (strlen(text) == 0)) {
++ if (error_flag != NULL) {
++ (*error_flag)++;
++ }
++ return default_value;
++ }
++ l = strtol(text, &p, 10);
++ if ((p == NULL) || (p == text) || (*p != '\0')) {
++ if (error_flag != NULL) {
++ (*error_flag)++;
++ }
++ return default_value;
++ }
++ return l;
++}
++
++int
++_nss_ldap_parse_int (const char *text, int default_value, int *error_flag)
++{
++ long l;
++ l = _nss_ldap_parse_long(text, default_value, error_flag);
++ if ((l != default_value) && ((l < INT_MIN) || (l > INT_MAX))) {
++ (*error_flag)++;
++ }
++ return l;
++}
+--- nss_ldap-246/util.h 2006-01-20 10:19:01.000000000 -0500
++++ nss_ldap-246/util.h 2006-01-24 13:28:20.000000000 -0500
+@@ -213,4 +213,9 @@
+ ldap_map_selector_t
+ _nss_ldap_str2selector (const char *key);
+
++long _nss_ldap_parse_long (const char *text, long default_value,
++ int *error_flag);
++int _nss_ldap_parse_int (const char *text, int default_value,
++ int *error_flag);
++
+ #endif /* _LDAP_NSS_LDAP_UTIL_H */
================================================================
More information about the pld-cvs-commit
mailing list