From df715610043499b06138602fe85dc9f5701b79ee Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 31 2020 09:41:24 +0000 Subject: import bind-dyndb-ldap-11.1-7.el7 --- diff --git a/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch b/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch new file mode 100644 index 0000000..6be7139 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch @@ -0,0 +1,154 @@ +From 88096745d1ef1798854e0c8319b5ae015f045fe3 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Wed, 1 May 2019 09:24:24 +0300 +Subject: [PATCH] Move recognition of a templated attribute to + ldap_attribute_to_rdatatype + +When substitution of a templated entry attribute fails, we need to fall +back to a static definition of the attribute from the same entry. This +means, however, that ldap_attribute_to_rdatatype() will attempt to parse +an attribute value anyway and will be confused by the templating prefix, +thus reporting in named's logs: + +unsupported operation: object class in resource record template DN +'idnsname=$NAME,idnsname=$ZONE.,cn=dns,$BASEDN' changed: +rndc reload might be necessary + +Move recognition of a template attribute name to +ldap_attribute_to_rdatatype() so that a proper attribute class is +correctly derived and ignore templated attribute in the fallback code +if case that template expansion is failed. + +Resolves: rhbz#1705072 +--- + src/ldap_convert.c | 33 +++++++++++++++++++++++++-------- + src/ldap_convert.h | 2 ++ + src/ldap_helper.c | 21 ++++++++++++++------- + 3 files changed, 41 insertions(+), 15 deletions(-) + +diff --git a/src/ldap_convert.c b/src/ldap_convert.c +index 002a679..6e24c81 100644 +--- a/src/ldap_convert.c ++++ b/src/ldap_convert.c +@@ -372,23 +372,40 @@ ldap_attribute_to_rdatatype(const char *ldap_attribute, dns_rdatatype_t *rdtype) + { + isc_result_t result; + unsigned len; ++ const char *attribute = NULL; + isc_consttextregion_t region; + + len = strlen(ldap_attribute); + if (len <= LDAP_RDATATYPE_SUFFIX_LEN) + return ISC_R_UNEXPECTEDEND; + ++ ++ /* Before looking up rdtype, we need to see if rdtype is ++ * an LDAP subtype (type;subtype) and if so, strip one of ++ * the known prefixes. We also need to remove 'record' suffix ++ * if it exists. The resulting rdtype text name should have no ++ * 'extra' details: A, AAAA, CNAME, etc. */ ++ attribute = ldap_attribute; ++ ++ /* Does attribute name start with with TEMPLATE_PREFIX? */ ++ if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX, ++ ldap_attribute, ++ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0) { ++ attribute = ldap_attribute + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN; ++ len -= LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN; ++ /* Does attribute name start with with UNKNOWN_PREFIX? */ ++ } else if (strncasecmp(LDAP_RDATATYPE_UNKNOWN_PREFIX, ++ ldap_attribute, ++ LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) { ++ attribute = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; ++ len -= LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; ++ } ++ + /* Does attribute name end with RECORD_SUFFIX? */ +- if (strcasecmp(ldap_attribute + len - LDAP_RDATATYPE_SUFFIX_LEN, ++ if (strcasecmp(attribute + len - LDAP_RDATATYPE_SUFFIX_LEN, + LDAP_RDATATYPE_SUFFIX) == 0) { +- region.base = ldap_attribute; ++ region.base = attribute; + region.length = len - LDAP_RDATATYPE_SUFFIX_LEN; +- /* Does attribute name start with with UNKNOWN_PREFIX? */ +- } else if (strncasecmp(ldap_attribute, +- LDAP_RDATATYPE_UNKNOWN_PREFIX, +- LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) { +- region.base = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; +- region.length = len - LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; + } else + return ISC_R_UNEXPECTED; + +diff --git a/src/ldap_convert.h b/src/ldap_convert.h +index 47ac947..fcd575b 100644 +--- a/src/ldap_convert.h ++++ b/src/ldap_convert.h +@@ -17,6 +17,8 @@ + #define LDAP_RDATATYPE_SUFFIX_LEN (sizeof(LDAP_RDATATYPE_SUFFIX) - 1) + #define LDAP_RDATATYPE_UNKNOWN_PREFIX "UnknownRecord;" + #define LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN (sizeof(LDAP_RDATATYPE_UNKNOWN_PREFIX) - 1) ++#define LDAP_RDATATYPE_TEMPLATE_PREFIX "idnsTemplateAttribute;" ++#define LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN (sizeof(LDAP_RDATATYPE_TEMPLATE_PREFIX) - 1) + + /* + * Convert LDAP DN 'dn', to dns_name_t 'target'. 'target' needs to be +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 8b486ae..7f70ee3 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -2396,7 +2396,7 @@ ldap_substitute_rr_template(isc_mem_t *mctx, const settings_set_t * set, + result = setting_find(setting_name, set, isc_boolean_true, + isc_boolean_true, &setting); + if (result != ISC_R_SUCCESS) { +- log_debug(3, "setting '%s' is not defined so it " ++ log_debug(5, "setting '%s' is not defined so it " + "cannot be substituted into template '%s'", + setting_name, str_buf(orig_val)); + CLEANUP_WITH(ISC_R_IGNORE); +@@ -2459,23 +2459,22 @@ ldap_parse_rrentry_template(isc_mem_t *mctx, ldap_entry_t *entry, + dns_rdatatype_t rdtype; + dns_rdatalist_t *rdlist = NULL; + isc_boolean_t did_something = ISC_FALSE; +- static const char prefix[] = "idnsTemplateAttribute;"; +- static const char prefix_len = sizeof(prefix) - 1; + + CHECK(str_new(mctx, &orig_val)); + rdclass = ldap_entry_getrdclass(entry); + ttl = ldap_entry_getttl(entry, settings); + + while ((attr = ldap_entry_nextattr(entry)) != NULL) { +- if (strncasecmp(prefix, attr->name, prefix_len) != 0) ++ if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX, ++ attr->name, ++ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) != 0) + continue; + +- result = ldap_attribute_to_rdatatype(attr->name + prefix_len, +- &rdtype); ++ result = ldap_attribute_to_rdatatype(attr->name, &rdtype); + if (result != ISC_R_SUCCESS) { + log_bug("%s: substitution into '%s' is not supported", + ldap_entry_logname(entry), +- attr->name + prefix_len); ++ attr->name + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN); + continue; + } + +@@ -2559,6 +2558,14 @@ ldap_parse_rrentry(isc_mem_t *mctx, ldap_entry_t *entry, dns_name_t *origin, + for (result = ldap_entry_firstrdtype(entry, &attr, &rdtype); + result == ISC_R_SUCCESS; + result = ldap_entry_nextrdtype(entry, &attr, &rdtype)) { ++ /* If we reached this point and found a template attribute, ++ * skip it because it was not translated above due to missing ++ * defaults or some other errors. */ ++ if (((entry->class & LDAP_ENTRYCLASS_TEMPLATE) != 0) && ++ strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX, ++ attr->name, ++ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0) ++ continue; + + CHECK(findrdatatype_or_create(mctx, rdatalist, rdclass, + rdtype, ttl, &rdlist)); +-- +2.21.0 + diff --git a/SPECS/bind-dyndb-ldap.spec b/SPECS/bind-dyndb-ldap.spec index 26c7e54..10ab556 100644 --- a/SPECS/bind-dyndb-ldap.spec +++ b/SPECS/bind-dyndb-ldap.spec @@ -4,7 +4,7 @@ Name: bind-dyndb-ldap Version: 11.1 -Release: 6%{?dist} +Release: 7%{?dist} Summary: LDAP back-end plug-in for BIND Group: System Environment/Libraries @@ -12,14 +12,15 @@ License: GPLv2+ URL: https://releases.pagure.org/bind-dyndb-ldap Source0: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2 Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc -Patch4: bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch -Patch5: bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch -Patch6: bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch -Patch7: bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch -Patch8: bind-dyndb-ldap-pemensik-0007-Add-empty-callback-for-getsize.patch -Patch9: bind-dyndb-ldap-pemensik-0008-Support-for-BIND-9.11.3.patch -Patch10: bind-dyndb-ldap-pemensik-0009-Support-for-BIND-9.11.5.patch -Patch11: bind-dyndb-ldap-pemensik-0010-Use-correct-dn-value.patch +Patch1: bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch +Patch2: bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch +Patch3: bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch +Patch4: bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch +Patch5: bind-dyndb-ldap-pemensik-0007-Add-empty-callback-for-getsize.patch +Patch6: bind-dyndb-ldap-pemensik-0008-Support-for-BIND-9.11.3.patch +Patch7: bind-dyndb-ldap-pemensik-0009-Support-for-BIND-9.11.5.patch +Patch8: bind-dyndb-ldap-pemensik-0010-Use-correct-dn-value.patch +Patch9: bind-dyndb-ldap-template-attribute-defaults.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -110,6 +111,10 @@ rm -rf %{buildroot} %changelog +* Wed Sep 04 2019 Alexander Bokovoy - 11.1-7 +- Fix attribute templating in case of a missing default value +- Resolves: rhbz#1748904 + * Tue Feb 12 2019 Petr Menšík - 11.1-6 - Bump BIND version and fix library dependecies - Rebuild for bind 9.11.3. Minor tweaks to compile.