[net-nds/389-ds-base] rm, in tree

This commit is contained in:
Robert Förster 2021-08-12 13:13:11 +02:00
parent 42c33c7927
commit dc0837bc67
8 changed files with 0 additions and 679 deletions

View File

@ -1,299 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
CRATES="
ahash-0.7.2
ansi_term-0.11.0
atty-0.2.14
autocfg-1.0.1
base64-0.13.0
bitflags-1.2.1
byteorder-1.4.3
cbindgen-0.9.1
cc-1.0.67
cfg-if-1.0.0
clap-2.33.3
concread-0.2.9
crossbeam-0.8.0
crossbeam-channel-0.5.1
crossbeam-deque-0.8.0
crossbeam-epoch-0.9.3
crossbeam-queue-0.3.1
crossbeam-utils-0.8.3
fernet-0.1.4
foreign-types-0.3.2
foreign-types-shared-0.1.1
getrandom-0.2.2
hermit-abi-0.1.18
instant-0.1.9
itoa-0.4.7
jobserver-0.1.21
lazy_static-1.4.0
libc-0.2.93
lock_api-0.4.3
log-0.4.14
memoffset-0.6.3
once_cell-1.7.2
openssl-0.10.33
openssl-sys-0.9.61
parking_lot-0.11.1
parking_lot_core-0.8.3
paste-0.1.18
paste-impl-0.1.18
pkg-config-0.3.19
ppv-lite86-0.2.10
proc-macro-hack-0.5.19
proc-macro2-1.0.26
quote-1.0.9
rand-0.8.3
rand_chacha-0.3.0
rand_core-0.6.2
rand_hc-0.3.0
redox_syscall-0.2.6
remove_dir_all-0.5.3
ryu-1.0.5
scopeguard-1.1.0
serde-1.0.125
serde_derive-1.0.125
serde_json-1.0.64
smallvec-1.6.1
strsim-0.8.0
syn-1.0.69
synstructure-0.12.4
tempfile-3.2.0
textwrap-0.11.0
toml-0.5.8
unicode-width-0.1.8
unicode-xid-0.2.1
uuid-0.8.2
vcpkg-0.2.11
vec_map-0.8.2
version_check-0.9.3
wasi-0.10.2+wasi-snapshot-preview1
winapi-0.3.9
winapi-i686-pc-windows-gnu-0.4.0
winapi-x86_64-pc-windows-gnu-0.4.0
zeroize-1.2.0
zeroize_derive-1.0.1
"
PYTHON_COMPAT=( python3_{8,9} )
DISTUTILS_SINGLE_IMPL=1
DISTUTILS_USE_SETUPTOOLS=rdepend
inherit multilib flag-o-matic autotools distutils-r1 systemd tmpfiles db-use cargo
DESCRIPTION="389 Directory Server (core libraries and daemons)"
HOMEPAGE="https://directory.fedoraproject.org/"
SRC_URI="https://github.com/389ds/${PN}/archive/refs/tags/${P}.tar.gz
$(cargo_crate_uris ${CRATES})"
LICENSE="GPL-3+ Apache-2.0 BSD MIT MPL-2.0"
SLOT="$(ver_cut 1-2)/0"
KEYWORDS="~amd64"
IUSE_PLUGINS="+accountpolicy +bitwise +dna +pam-passthru"
IUSE="${IUSE_PLUGINS} +autobind auto-dn-suffix debug doc +ldapi selinux systemd"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
# lib389 tests (which is most of the suite) can't find their own modules.
RESTRICT="test"
# always list newer first
# Do not add any AGPL-3 BDB here!
# See bug 525110, comment 15.
BERKDB_SLOTS=( 5.3 4.8 )
DEPEND="
>=app-crypt/mit-krb5-1.7-r100[openldap]
>=dev-libs/cyrus-sasl-2.1.19[kerberos]
>=dev-libs/icu-60.2:=
dev-libs/nspr
>=dev-libs/nss-3.22[utils]
dev-libs/libevent:=
dev-libs/libpcre:3
dev-libs/openssl:0=
>=net-analyzer/net-snmp-5.1.2:=
net-nds/openldap[sasl]
|| (
$(for slot in ${BERKDB_SLOTS[@]} ; do printf '%s\n' "sys-libs/db:${slot}" ; done)
)
sys-libs/cracklib
sys-libs/zlib
pam-passthru? ( sys-libs/pam )
selinux? (
$(python_gen_cond_dep '
sys-libs/libselinux[python,${PYTHON_USEDEP}]
')
)
systemd? ( >=sys-apps/systemd-244 )
virtual/libcrypt:=
"
BDEPEND=">=sys-devel/autoconf-2.69-r5
virtual/pkgconfig
${PYTHON_DEPS}
$(python_gen_cond_dep '
dev-python/argparse-manpage[${PYTHON_USEDEP}]
')
doc? ( app-doc/doxygen )
test? ( dev-util/cmocka )
"
# perl dependencies are for logconv.pl
RDEPEND="${DEPEND}
!dev-libs/svrcore
!net-nds/389-ds-base:0
acct-user/dirsrv
acct-group/dirsrv
${PYTHON_DEPS}
$(python_gen_cond_dep '
dev-python/pyasn1[${PYTHON_USEDEP}]
dev-python/pyasn1-modules[${PYTHON_USEDEP}]
dev-python/argcomplete[${PYTHON_USEDEP}]
dev-python/python-dateutil[${PYTHON_USEDEP}]
dev-python/python-ldap[sasl,${PYTHON_USEDEP}]
dev-python/distro[${PYTHON_USEDEP}]
')
virtual/perl-Archive-Tar
virtual/perl-DB_File
virtual/perl-IO
virtual/perl-Getopt-Long
virtual/perl-IO-Compress
virtual/perl-MIME-Base64
virtual/perl-Scalar-List-Utils
virtual/perl-Time-Local
virtual/logger
selinux? ( sec-policy/selinux-dirsrv )
"
S="${WORKDIR}/${PN}-${P}"
PATCHES=(
"${FILESDIR}/${P}-crypt-import.patch"
"${FILESDIR}/${PN}-db-gentoo.patch"
)
distutils_enable_tests pytest
src_prepare() {
# this is for upstream GitHub issue 4292
if use !systemd; then
sed -i \
-e 's|WITH_SYSTEMD = 1|WITH_SYSTEMD = 0|' \
Makefile.am || die
fi
# GH issue 4092
sed -i \
-e 's|@localstatedir@/run|/run|' \
ldap/admin/src/defaults.inf.in || die
default
eautoreconf
}
src_configure() {
local myeconfargs=(
$(use_enable accountpolicy acctpolicy)
$(use_enable bitwise)
$(use_enable dna)
$(use_enable pam-passthru)
$(use_enable autobind)
$(use_enable auto-dn-suffix)
$(use_enable debug)
$(use_enable ldapi)
$(use_with selinux)
$(use_with systemd)
$(use_with systemd systemdgroupname "dirsrv.target")
$(use_with systemd tmpfiles-d "/usr/lib/tmpfiles.d")
--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
$(use_with !systemd initddir "/etc/init.d")
$(use_enable test cmocka)
--enable-rust
--enable-rust-offline
--with-pythonexec="${PYTHON}"
--with-fhs
--with-openldap
--with-db-inc="$(db_includedir)"
--disable-cockpit
)
econf "${myeconfargs[@]}"
rm "${S}"/.cargo/config || die
}
src_compile() {
export CARGO_HOME="${ECARGO_HOME}"
default
if use doc; then
doxygen "${S}"/docs/slapi.doxy || die
fi
cd "${S}"/src/lib389 || die
distutils-r1_src_compile
# argparse-manpage dynamic man pages have hardcoded man v1 in header
sed -i \
"1s/\"1\"/\"8\"/" \
"${S}"/src/lib389/man/{openldap_to_ds,ds{conf,ctl,idm,create}}.8 || die
}
src_test () {
emake check
cd "${S}"/src/lib389 || die
distutils-r1_src_test
}
src_install() {
# -j1 is a temporary workaround for bug #605432
emake -j1 DESTDIR="${D}" install
# Install gentoo style init script
# Get these merged upstream
newinitd "${FILESDIR}"/389-ds.initd-r1 389-ds
newinitd "${FILESDIR}"/389-ds-snmp.initd 389-ds-snmp
dotmpfiles "${FILESDIR}"/389-ds-base.conf
# cope with libraries being in /usr/lib/dirsrv
dodir /etc/env.d
echo "LDPATH=/usr/$(get_libdir)/dirsrv" > "${ED}"/etc/env.d/08dirsrv || die
if use doc; then
cd "${S}" || die
docinto html/
dodoc -r html/.
fi
cd "${S}"/src/lib389 || die
distutils-r1_src_install
python_fix_shebang "${ED}"
find "${ED}" -type f \( -name "*.a" -o -name "*.la" \) -delete || die
}
pkg_postinst() {
tmpfiles_process 389-ds-base.conf
echo
elog "If you are planning to use 389-ds-snmp (ldap-agent),"
elog "make sure to properly configure: /etc/dirsrv/config/ldap-agent.conf"
elog "adding proper 'server' entries, and adding the lines below to"
elog " => /etc/snmp/snmpd.conf"
elog
elog "master agentx"
elog "agentXSocket /var/agentx/master"
elog
elog "To start 389 Directory Server (LDAP service) at boot:"
elog
elog " rc-update add 389-ds default"
elog
echo
}

View File

@ -1,74 +0,0 @@
DIST 389-ds-base-1.4.4.16.tar.gz 5456272 BLAKE2B bb157de3ebfdf214a56a56cd991255080890b28ca5fbd4ce5437e1ab4ca03181b7c2a58630ee26112771aaf9037cff8102926f48da136d6af43024c70ca1eeb8 SHA512 2c8d446dd26f67345351a6ea5f6095d89ed5eb26df09e09b19d625fb01418c5354b93ac0272e68b2d444a70b63180ce53042e0e43b6ea826948f6c93f4c22fc0
DIST ahash-0.7.2.crate 37192 BLAKE2B a2ea98d408f6ac72b96a7e14b22999d52a6839d724f3e8fc82f67ea985a110d8dc17847087e6aaeca477ef93afadda3488ee77cc5425cab5f77c00cd67ff4463 SHA512 77886a994102c1edf93b133e27658e3c84152c83597191d58c571dc7dfc765d41c2879ea55d64e04e3af804a4f10aeb1c10e33a924fd967b288e6d0b12728b34
DIST ansi_term-0.11.0.crate 17087 BLAKE2B 9bd35c045a01ce4c6c4a5db1b4f15e9412bb97426eec19d4421dffbec633de8d13452c13c1dc1b30998690b78d7ed38311aca700087f13a81f66bd1d5d7300c4 SHA512 a637466a380748f939b3af090b8c0333f35581925bc03f4dda9b3f95d338836403cf5487ae3af9ff68f8245a837f8ab061aabe57a126a6a2c20f2e972c77d1fa
DIST atty-0.2.14.crate 5470 BLAKE2B 2db856a9e898a430258f059aeaf7c844a153293e8856d90ac81f7d91a888c89198768ad5cb09303c23241fe85c560a55148fa56a303651a82b0edb895616bfab SHA512 d7b6c4b9a0f898d91ddbc41a5ee45bbf45d1d269508c8cc87ee3e3990500e41e0ec387afb1f3bc7db55bedac396dd86c6509f4bf9e5148d809c3802edcc5e1d9
DIST autocfg-1.0.1.crate 12908 BLAKE2B 40c53cab298e4f26634c3acff3ece6a3371188d91dbf377ed664eabedcde20536edaa93daf406618f37edde019f049a6e7b9a47f627344587dbd126bee2b5e3a SHA512 630b348acb98b012e97804e6325d03c89abc22f2157762c59144c04e6c733daf550bdc7f0fe0b9f3b50e15dae8c1c3c4bdfce3d805b02f0fc987311f5332419b
DIST base64-0.13.0.crate 62070 BLAKE2B b957f65cdb1e28baeca0cefc92fa98be797409b7dabd15e0e88db6cdfb89779b662cba9f2270fbf3b7b66948fdc46c118b8040a78ab72049c48a928fa802bee0 SHA512 991a72999839daa232f508c5b24e7d3225e8a26db8d1d0e747881b115af9e408b92374e163b31e0b0d324c1c2e57e8e38d66861b61eb0a1dba87bb5871940151
DIST bitflags-1.2.1.crate 16745 BLAKE2B 0fa6d3ce44aad7616d5cd02aad8c1d0b0fed4022650eb43067c4a72e6fc88da05442674fa51826e4858a47c9de233e1ba2229820af094197cd11bb416ceffb2b SHA512 ad89b3798845e23737a620bba581c2ff1ff3e15bac12555c765e201d2c0b90ecea0cdbc5b5b1a3fa9858c385e8e041f8226f5acfae5bbbe9925643fff2bf3f0b
DIST byteorder-1.4.3.crate 22512 BLAKE2B d39c546ba7346df315297fc53da4bfc77ecb1f38567ddb788549ee31cae2719a8bc0b7d1f1705abb3cff033aa57af004987d90748f5a31765273b3223a011c0d SHA512 8c8000eb8ecf40351c9ce36a3a8acd7a02f81786d1b11aab85adfeffa0f2267ed74df29b2ca5d1d38128484d1d3cad2b673aa0d0441dcd0620dfd3934bb888fa
DIST cbindgen-0.9.1.crate 129676 BLAKE2B 12315522938e941c4a53033f276f6065d6e19ba7cab3ce8aabb17b2ae5fe0c7231e51be33828434d6ca039d79c9414fe8d310a12b07ef1c544ed9b5d8cee74c6 SHA512 0e32563db42363dc82e8aca2f36bdafcdf0ec9156e7238937295c9369d306c2bfa590ea7a9afd61d8b915fc383bb7af8bbb78cde71f6ab30b0c576262c74232b
DIST cc-1.0.67.crate 53486 BLAKE2B 42fd02a5886df50857075c909819c8afcf091cee6b7bc517848786f287f4559e70a07f0a0f42a742baa2665465dfdb2139ecac7e93f1a41b16eab30556eb0259 SHA512 f1ad4abdaad2667b190d1f8df8515f603107be1f69bdbdc02b5159764a6ed18b3f672d6b06af50c7f2fd3e6e3dad5df0fcd0dda762d909ba0922c769f1efbe05
DIST cfg-if-1.0.0.crate 7934 BLAKE2B e99a5589c11d79d77a4537b34ce0a45d37b981c123b79b807cea836c89fc3926d693458893baca2882448d3d44e3f64e06141f6d916b748daa10b8cc1ae16d1b SHA512 0fb16a8882fd30e86b62c5143b1cb18ab564e84e75bd1f28fd12f24ffdc4a42e0d2e012a99abb606c12efe3c11061ff5bf8e24ab053e550ae083f7d90f6576ff
DIST clap-2.33.3.crate 201925 BLAKE2B bec9c866481c5b3fddeb314f68af9bce38fc421e42816182de3209e8ea3447b72cf033e6251eea27fe974eff8085b7d98cdd2911b5cc0ec6b4bf4c750deb8a25 SHA512 3eb0fd648e2e3f9e5ff69a5e6cf0d867304fe18523accd036f28a86de368e4774088a6936c108ccc045092c539fe7f7494ea96420ebf6b4bec16880cea84bedf
DIST concread-0.2.9.crate 851779 BLAKE2B 6a475903046650a03214b6b5af9d7583d16aaf43a617121a6f0f3c04f893b7acf9937eac44728e560788dd26ebbd7104373d1cf46a8b062dcc8c8ad2ee6dc0a8 SHA512 6420b5b4ed2c1f42bcc5b75aea5aff26cec2d7be41000923be747466dff060bf6fc86b926518d7d3556b282654035cc7d805b1ba95973862fbae5a01feb2cdc8
DIST crossbeam-0.8.0.crate 10993 BLAKE2B 9758a7ed1373f10da09c07875842a1fbb549dd20add43c50918276574fa57b5c5b51d15593e6611b34ff2472e51770fd965fc0810d0bf18f7740467d866c5669 SHA512 8846d29074f5e2a601e1bb741db9396b16270689f108e0b1621d29d15e774898e5f8d159e9af990fbba2cb414a13948a6236254353d4c594c38bf9cbfd2032d7
DIST crossbeam-channel-0.5.1.crate 86919 BLAKE2B b223d0dcacbb09850d457825cb2a018494d798d0000a20eed3f54b1152e41ebca4698e7d50e81f467b86543779155ad08566da9496eee36aa06644b69cf5d7eb SHA512 f15aff67e9105584f5fe41e1ee650ae4fdd0d0ca0fa9202ee83c6f6025398a300decaa50d1b4682e8afb9bd6e11e95b69bcf23f68ae117419aa84df14ee7747b
DIST crossbeam-deque-0.8.0.crate 20756 BLAKE2B 6bb602547cb0ca65552a9b981502221f1d3570422d22c867f654ba677e5c95aa5f81ed0022a498d3408c3f69291e1805b49fcfbfaff0d9a6075b75be3bf926ea SHA512 4efa73dcb9ef40b841039d24ffaf9bd7c63f8c0233bba1e0728fd5558702b4ef0af117543834c527335e99384d3c80d56293e891c9d94440f51f454b1b90c399
DIST crossbeam-epoch-0.9.3.crate 42766 BLAKE2B a9f458d912dc247bbc8d2172792e06992ae4b51f588a7cb5a4851c6d7021b428c8225ccf07f0e4597e3e9585cf7b860781c1829d6269826893da3cddc2a753a3 SHA512 f68e1957018f7b88440492403b6812403312b7252e0e873715a2a970a4c9d2647174a19853d1533451ff1f568ac7df2deaa614f342d695c613053b1a3d5d1ef1
DIST crossbeam-queue-0.3.1.crate 14787 BLAKE2B 136cf26e3a932a4c8035c50b8d6f905f59d3116a8bfaaeb5511e48e7225d05857722240e169d8efe3aab07c370923a57178f058f05c83cee9c1992d03f907f1e SHA512 f666d14ffe4be603ada67ac1fd28526bd2517c32856dc077e5bfe512fa012c08f197e206afb2547b9b5a52ecfb1231a9bffb5b9d24cc4e58aee37ebb87b54d6f
DIST crossbeam-utils-0.8.3.crate 37268 BLAKE2B e9a77f143afab79fc1984902ea756a15e43bbd6c8251b5a2f9fd574522539814098b17da03ac5222177332042303f129e0c2729db6bc80e8f76bf4b097d973d4 SHA512 2e89ceea586873e957a31b510f8e8cb0c6675def32ea6b9a9483166b47f69c1ad448a79d897796883b696bf77cb0fcb1d0ac28ee779146f6500ca9a54aa7b4fb
DIST fernet-0.1.4.crate 12480 BLAKE2B 45a9c2cae9a8f0a0455cd2cc786542ae22ae1a9f033312cfe29e235f342ca0753d6d090b5951485b09ef8dfa5c667c9b50ad91716dac17ef41d3920d93f1a906 SHA512 6a8efe3465cef6cbc528fab14f86efb12b1b5716d3ae0ab4e9e5532f58d6e177e08317d5f6a91c8ec6c541ff1bef4aaf24dada091e9306841960c193e79efb49
DIST foreign-types-0.3.2.crate 7504 BLAKE2B 520818b702d990d296ecd31a8646850202509ccfa18edd0e1b260289619a6c351e758f317ec0824bd76eccb209b6f087057c25f1bd01a47897715013dd834867 SHA512 bf27b8243ed482c202d120383374f19ff09422535e24b9c1aebccc66529bf300ca17b8bbc76d67f98ac092e614497afe3add9dc68aa69c93074df05762f91232
DIST foreign-types-shared-0.1.1.crate 5672 BLAKE2B d2e42e04b6657e7a69fe0bd20c672176629c743e49a55fd007bb30e289710b70045d445ae9cae0eeaa747ee708c90e8abd9b5fc39bad8ec0666befe1b696d4f1 SHA512 bafdb2143e136fb0818e2ffd90b5c862b7181647d6568947d4e4531012bbf7a57b597221ec7056c1b562dfc0c3b5dead26d1a4111ebc15e7863737a873518a4a
DIST getrandom-0.2.2.crate 26010 BLAKE2B f2df79db0fff4a4e57bb5c748932dd7a8d24f7072f9a81fa92159ea79de29a70e7b834af6ffc5178e898af456188f16476043e9be4dd25c6e7edde06d93cbb8a SHA512 f498fe00c9887748a0be88fbd698a6087ccb79874cfeb35a18f90994603be29cb2aacfbc65fb8ba967190ccbc41ff9ff56bfff1de40811e1bc99a08b0568f59b
DIST hermit-abi-0.1.18.crate 9936 BLAKE2B a5a1d1c9bdf83fdca8edc392f8fa7d9b9b248ac8d716e009300220befa5d8d80601643e768037be89bbbe6e21adbe6349c94c595cee3837c4b92b5f98ba838ad SHA512 54f060c6c1c80d41f40cec7102345147efb535aff9fa5cc0ed4ccd7f010bfdb6daaf40626fd5069af60ceb42058452803b59d4bbcfbed4c5546c79b57ae0f914
DIST instant-0.1.9.crate 5213 BLAKE2B fe208faa09852079c603930e88b7d0392a89a55d3b934ad45ffb0c9e44df5ef7e8189ba2fa12452f1c8a6416d6f7c0655365ba959bedf2b78228613944be8278 SHA512 3915f67c3629ec93296d56c4cda0cf97b29b1a70930a9d546abb9518139d4c2f35062563a5094e84841ddb1f00b0f3df9dc00801d96c01994765221edf03ef7c
DIST itoa-0.4.7.crate 12099 BLAKE2B 0e4ffbaad504565056f74c3ef560a87eff321a0da6d7a2c8fa35813c207713c22d77080c3b830fefbb21370dd29cfbc6a2807044485b38ac1e0c9c1de3ccebc5 SHA512 c61eb50aa00591af28698b45c528c36bd92088f7cd2f453cf686a1824f4656292638bebc468cf67f903473a5045f22777af623cc0515ef3bf25146b89a7c454f
DIST jobserver-0.1.21.crate 21228 BLAKE2B ab1a6496d609e19235f022e920495e708571116e90f8c036edb5f7ba270c2ac938f7571e89f3fb714043c87623d4cbf1d404067ccac6a8b41e4a6768039cf02b SHA512 944249819e1e3dd09495ead941330e9abe439647c1e66ab7e2140c0c9e100b63f4f792fe06aa3c86f509f057df297ee2d35df0ccdfd4bd6a115b6a44076237ad
DIST lazy_static-1.4.0.crate 10443 BLAKE2B 25b2e61bbac48f0dcbc79c81d7bf01f2403d8269ecb6be3ea6147bd00f7a588df15a91f44dfc18ada19b21faa71de4637c7d493a8628cbecd0e547d74e616a23 SHA512 e124c0521ec7c950f3c4a066821918da7a9c6e711115d98009ae7c351928fdddead852e7596fea5937a9c30e4e4ce8eee7099b20248b5d6e3b2494b6a6d88cb8
DIST libc-0.2.93.crate 510944 BLAKE2B 93ca2d32f5c1a1cb00ac75601dc3550de058e6d66c14309eed4c98a56be97aab6512d6b8b7574fdbf5a453f1400c9120eeb12e4f90970819f5c19ee544a975f5 SHA512 e82bd56c282b7473de50ec730646ae64384661e533f78b19bdd737d7a637cc93ca6f4e0b576d901576413a48d274635b917ec4b0c5144b5196155b04015ca94e
DIST lock_api-0.4.3.crate 20351 BLAKE2B ffec5616daf545ed4d2ed7cd21fa6340b1892b76702a089474b58320b6379767efd249088f8638e087100a09e4610de7652b718b60c992c64a287c2ebc73b3b4 SHA512 4dda8d993138efe0ffc94206c576e52a879a6cc4e90ffc98caabdfe720649a34c0fda206c4a7b6cc3a99140e619de1da05864218cff6f702e5540165d30573c5
DIST log-0.4.14.crate 34582 BLAKE2B ddfba35947ae1f5905cd9ecb9eb862a78af6f00ee8b8fe6258b369b140928fe677a02b1b3ca5bdec36ff2b16abd85a9f49688fd5f3d1ba2b2905e7f96b8a84c1 SHA512 796100167663d85a7bc4244cd305e9b3f0a1b1520764b63464698eb136318d0928c40c16f5d19d9f602a5bf769851275bbd48d66b088b0c37be7a6fb62def7cc
DIST memoffset-0.6.3.crate 7697 BLAKE2B aae9b5dedf06680bc597825653c08bcfaef6429a8367c8dbb58df7f09e91b166d04a231f28856af592590eda0e255a947294e0b8064d7651f490e44e4d1e748a SHA512 5afd2f9a282e9bbc60da1abbf911a3b4480ab975c04c565149dca8a36e9975b3262023b73c67d9dcf80b2eba3e8540aa2b91466d37a2504facb3f1eae98f52bd
DIST once_cell-1.7.2.crate 28250 BLAKE2B a30a55f6d6e820c691928173a9ce70a60486b28e3e79e8a01a08d87ca0bfb1725b967cc9e070cf53e71b924f73fc2eec2cf67190fc743361b60d82290762725d SHA512 30cf51249bb73e9881cfbc6a54ead7a3db709d560da8d420fd85cf248e66c727b92e8351b7c0c682913cff12b3f984684a272a69c965c56f8343948eb5a194d6
DIST openssl-0.10.33.crate 202638 BLAKE2B 717e9724117c8b16391b02d30f24a242f67087a53c61b3fdf623c88b3b6f22576cd726f24fcc04f4105bd985c16bdbd0b6a6f7ae1dc1d7dac5f7a44c68160039 SHA512 69f0aa67cf9beb2e66116e7d6a652fc64b0470fea6eae3ac6bbcddc8fcba8ce13d8a170dd990dae0524bd4a583e05588266806396f75a909851f9e124bc8f536
DIST openssl-sys-0.9.61.crate 52010 BLAKE2B 4746fdfffb1f0cf626ff0fe93e3057bafd8277c6469f577e37370010d5267b0f9bde8a91279e9f8d0ca0b93cad2231153ca07d667fb3b7c8feb637a04dbc352c SHA512 0ef36b2483163af083465ba9e84586ac0c2068285a8b3f1ad1e6a2831361722132d1d008791d969be669ab1131500416852813bb431307a484c1a277b5ab9abd
DIST parking_lot-0.11.1.crate 39854 BLAKE2B 5a097d7016811de4ca7d21e8a811a96b2e857b5224b176cf7a3bc160c0a0678c9100423e3c096c5056e2df3a4dcba17a590cc64eb1d648355c153c5cdf9db228 SHA512 17e394ac8b62656177a12fcfd246d9bb59be468a5ac174e4d6d8b4ffd0411497d3ce943ca5deab184cebf5c1bbca97b4273f79bf210c78d7f4b6f5e9d68026a2
DIST parking_lot_core-0.8.3.crate 32147 BLAKE2B 5218cfbff706c4388fef31c885c7a5d53566005775a3c440c6a2890efb189a4edfe8e99f6499cac36038846628a915ac988c15e1ebab1b3a3ffb53a64631dc19 SHA512 1dba5a7e68ee007918fb210ff308f7382ed1c54d2fe6db36a8246453434246b71e6795db107c83ca39c2bddf5e4a27da7978a464b53d41e150e744d81e75b341
DIST paste-0.1.18.crate 12259 BLAKE2B ed72b93a27166b0989743c2528d4a41f4b87ffdd0c588557d11a5f37f85d5b8f03ced86150af6209f9fa8d0f6efee705769b26a2f4dc3363f35cc3ac12c0e6ad SHA512 a4d9c75f6f358d6c86eb0a66cdf22eedec180db37358ca2870a992e215d5b389b7991837d8f2769742ac1b093674cb4352ef9d6754a249253472fbcb3a81c001
DIST paste-impl-0.1.18.crate 9451 BLAKE2B e465c4c7eef44d02eb1b61b5290090513607b452f4adc11487947b7047ddc44905d7a02df827feb2142f0e74583afdd9648c1c66086f10e1bd861b663200bf8c SHA512 c635efee46cb251b76ee9427432f81a0d944cdf1d0a95693d824c6085e7dea7e1e3f48c692ae27946f69e4e78d8080220058acf98e5c8a78482007349f8a7a4b
DIST pkg-config-0.3.19.crate 15451 BLAKE2B dc23b5ef12719b4b3d2fc5c93c087399ba954a5e127be91b26619466d5d7422e71684d02905304dca65273d69b66338d94c0642e3810a14df845ef507ddc0bfb SHA512 42bc13c4e39c8f71690db527d815884acdfd2ccf5fbfea700c6ed60257e852cdcb1c443e7774409e51da53612b0ff0aa165554b99fd0cba973f94a8df52982d9
DIST ppv-lite86-0.2.10.crate 20915 BLAKE2B 83a075381c24b2b89f5266929f5672ce051c3781c1a199252738dadbf471618c8b87452ce84e1cd87a9eac11b44107002894f544091210cc7e77bf52c045288e SHA512 c9941052e504b9b310024064026e4b1d540dd877705ef450a833d9ff6dee70ba874cdad68c46381a71d5b54482cd80b3dbb8e0c225758fd339069031a55195f1
DIST proc-macro-hack-0.5.19.crate 15556 BLAKE2B 98c22fc3e5f5fa8b6f44d15de42b6ffcc82ba3f98a07ffa48bcbc5d3abcfca6af136c5d0d8c7f1ca34261ed8f8c9c17a394231f97a4c342c81aa7f8b9e74b203 SHA512 9e4cbec41056438287f5b23086264c86e2f0cdc193064006556736377b2954229de13a585149b9995002c9aee3334ee2a80ae4afdcc96cabe7ed2bf718476952
DIST proc-macro2-1.0.26.crate 38233 BLAKE2B e44a5d98fbf75130c0eeb8fad6d025ce66fe41cc5ef882f418bd8c9e5d228d712020e309dad68e2f862e5f9216a1103fd6e69953e17c213166467b335f604802 SHA512 e6d39cc0d5ec644e3fb424347bde0a82a8ce8549745a1a827bf4dc21f6248471935b5499c3b6d1b7a129f0ddc560754254c528ac39fb1fce2ec3bd9520afc3e2
DIST quote-1.0.9.crate 25042 BLAKE2B 26ef31e89fd2f0cc21ff65f8072f30c7977ac634d2536cf9845a0894d6659f62a96cd0a6ee48f7706036c2c1b898ef8c9167bd62714ad0c9cba4fb02f30922af SHA512 dd6cdaea183b85400531ef01e56657edbec0d8f7c27898c1e591b72dff755fa5875b33ca320bd65be0e9aecfc6a61ec119a4bd1291e9f2057fca642ab5b198c8
DIST rand-0.8.3.crate 84493 BLAKE2B 5db817304b94424cdc77b60c9a3aa451abfbe315d97e311776ff9cf968585ca98f24994df3fa708e3896d36ba66d5f8dc795a652d2c568edc6be355baa7b4d69 SHA512 fd61348a8c3187881473c8764238d2388da3419e82174f2877cda51a7cd136106b2c7f0dea6b914f120b929c1db323529fa161465156661ffd19eef9b2737e4d
DIST rand_chacha-0.3.0.crate 13920 BLAKE2B 9e329831b46c4d6cf2bc6755024588df907f87145adf35e156bc1c2b7068b583b652f90ba35094a1bba26e0449d32d2877fa52cea012ab50429ee526264caf7c SHA512 631f32a5b0bb42ca87ee8381795402f8c5a80202700b786655537f981c0e210e41eaa42ad4247a25bce1260c29caa8ba3b03f92e520ac331403fd8e76fbbfe93
DIST rand_core-0.6.2.crate 21708 BLAKE2B 745aab7160c4d9b52e7d0ab0fab257bcead4dfca1242d820d760bade713822b7b8e283852a2e337a6d33b40ddbd95f86c36bfc4c418ef0ded86f59ae4a4df56a SHA512 f1f21dd6306d6f4b5666d1ef4994d0d68f10a7a94fe628a5aa8ba28ae0376cb34b7c091f82e2db8f2555eec4f35088f6c4df42ed84de7467d5780e284b397115
DIST rand_hc-0.3.0.crate 11780 BLAKE2B 7600829591c3631aed73598d4837b0e3be55aa0594e0562ab7914013b19c4f88648e0103765ddf32643e771e0961ff2f726b9c8b323798d36ef9b994c1d03ffc SHA512 c78372332aa0bed3352d58e07be3e97f01e69410051be2d3cba569b05037df7379e896a84638b4e9f4e477b9851e4bdef0accba2c53d118bf4667a3e1bbe95bf
DIST redox_syscall-0.2.6.crate 23631 BLAKE2B f594cc615c2c05a053598e6a1bec6488b7972dae2680afcc1012ccbae6cc79169775c0ec8a0ff526846b05222d5be18785d495b964ffbf97fe2e2812a29ea75c SHA512 91137f511d6fd9a7acc755c63703cfba021a2fbb8fec3ac25a4a4b2e67147f4d5dca6cb53c2d49ca0824af3b536c63f617855b08ab345b201070885e082251bf
DIST remove_dir_all-0.5.3.crate 9184 BLAKE2B ab7ef94e0230ddc9b363f038254a180881bbc20eb04a254f97e6f71ed491c99ba1c88f5e85632d450243882a4a0df63f3b8b183bc1fbca9caf30ec23d577b1d7 SHA512 50417d6d8a33912193a1ed37eb72b47431b12ae65d2780cdb7080c3d141e63819da13751c3fb737685cea322f70b36d413389c3dc01aa12b4dce615aefed0e2c
DIST ryu-1.0.5.crate 49570 BLAKE2B 3bfba4a5f290a429de7ac3b86823b2a973f40eb6f48c15329173d95964d31ada36f2618be4b36774a03f97f2ce61364900c6a3ad5465a294e2df311a1f4104ed SHA512 d1708ffa3112a684edf2956b6730ead040401d38f1457cde074eaaa59c249007dc8b925629e7f6df89f7ea757e9d0826649d685cc8ede0a04d50296048bf476c
DIST scopeguard-1.1.0.crate 11470 BLAKE2B f774eb90b7d3ffb2efba47518e9d1dead4017ab4b38a4bd74914daa84a5af4bf9eb63da0496e3924499d79cd0439c37447aeda4a21226f95645bddcd6becfabe SHA512 368fa5726df8f42b599993681579a9ffd0196480ee3cd0f9f671e8493f3bedd1e1779bdf2beb329e77e0005fa09b816e3385f309490c0f2781568db275d4d17d
DIST serde-1.0.125.crate 75144 BLAKE2B 0823f4cec3704ce5232c266fcb69323dbcd93d2d15712abcc8cc61a2d123d662ae8153a32b3723324ea55a40f2b9101ed654cced45c500fcf399b9d7ccc113b8 SHA512 ed2819d678e7405e2d8a0cc1b43540abf2ad8871eeda4985af5e37016a42b938d7429c4e865cec2ae5364cc7fbe1052a5a46ea51b42c3ed5b9c7c1acb596ac3b
DIST serde_derive-1.0.125.crate 54155 BLAKE2B c99e9e806831dccb3ccca20675e11f603a7348c433a641a46cf9a448a7a8b7ee242d0d6110780089b08e88b8f33aef5b75e8b1d25e2e6d242a44e9093b2badfa SHA512 dd4e247c9581b437157f37e355bc3335a3927417920acce72e73d6fe05a80e19fb3160c72abede7842e7d54749c33a94335fe9f3468c2f561267b863df368a6f
DIST serde_json-1.0.64.crate 115138 BLAKE2B c61a404db9800cfb4e2ac29d4e287a7c8f388b62407d5e25e07514e2840fdf9c127476db35cb556b56143755c64c26be1c6b1facc7529067b06946ac8f54a573 SHA512 55a45dd4c60fd93d2d9331f6a8eac39fdfece9ddc1aae45ea27e3dfa81352f08c71bf03906ba99d0feb5df8d847b68547ecaa8eb5a2c76011ebbe8d4cd5bfc2d
DIST smallvec-1.6.1.crate 26444 BLAKE2B ca6c50a63acdd93a2131654d99e50545a6e2d08eb3e2bd57d4a8ee073d90c08195ee442745a8d62a68179ce7bb8e229b7ff8c6fcf46372a9844bc9280b7c85cb SHA512 9e6061c8211a4485ab54eb541adf40748e1fc3fdfab0849e38e5fd34fc6cc69ae78bd065b788692385a6b8157b031c2fe373900e13d3e56e94fc08d574edaaad
DIST strsim-0.8.0.crate 9309 BLAKE2B 40a8be506c43ee1ffe006ddc7dee98c3d418bdd205d57b78f5d1e4c9312feb57e1eaf952e02d92d4e0932db240c6fba45beb06ea8c4fc6de1cf1faa8b6a3a939 SHA512 1d55a8d946cd55f5f37d06aea536549ded95739fa58c0f2da285a0041154c181f663682bdcac643aa198b3e762d694a04f058db985c62ebe22b5c16327ba6d34
DIST syn-1.0.69.crate 231954 BLAKE2B 1dde7e78cdbf5c5b93d0196e008dd4e92e4367f8e88395d6157b92a58cd9317dbb6e47caf2d570a5a9fb6b4fdd4fdea5e414eb9b04e054ec4e4dde8bb9f36a96 SHA512 6934423e48f8d6b1e403fe5e4bb2e180f472f125f4337b7d9889788c16cf11d79d1673ed06178604279e0b8a04bd80f7efba187cc8fa44c535457eb1b4f51c20
DIST synstructure-0.12.4.crate 18105 BLAKE2B 8e7efdfa8681da8473903aa22e8cc55abcede012b29a91d65076042c89a21048b44b774ca5c3f788222dd32fa634ac20f58ce241eff610498cac19f659280d29 SHA512 ab3024644719c4afc9c06a4d3c499fd4934c104409d38197a46d62c9ce30414f88b3e7bcdd7f245cfd207489fb54ba41e5cfc1db94b0dd12fb01e9c00c861c47
DIST tempfile-3.2.0.crate 25892 BLAKE2B ea6870c642c5712c7c96072a5d3dc04d75c19cf1413081e3bf53c1ae6c75e05ab537446071cadb5460b34f7fb7715a03005a1335a64139458db938c3415f7c0d SHA512 56d1c5af7cb6863f9eac990354126979534aae7bf298bc8b1c918c7317ce2ba31f53089aaa1ecf8baa4a39d4111d74f4450be82b509b3c2aa0428880029e663a
DIST textwrap-0.11.0.crate 17322 BLAKE2B 257428908342774593bbd3528fcdae710712ff54e8a711393a24356d8ba0e16e466a4b20c05f942c48ca76b3b5b5aaa90ec202f782cad892caa8b71ccf124da6 SHA512 f5c0fe4f28ff1a3a0931e8e235b5157a45f67967985bcc752418c5ec3481fca44a8ae4800088889b37e8cd0533f53d3c456d5ffd19b767b3f83a87b49a2e209a
DIST toml-0.5.8.crate 54219 BLAKE2B b4f9f563e5ba4574d4f2dcbe244378a2e1e984bd9fbbbfa5a06bdd5f8b8d677394f0db9cb8696f6936c80a52caa86b1b3ebaf3885c53855af23f03d318785f19 SHA512 26b7901ee4b7cbb4cf8ea57d365a99ed05e0a76e73452e47d4bcb3b4eeb7bbd393c13eea9ea33dc13622942efcda39acdba9425b74b40c920c9f19673a1f2082
DIST unicode-width-0.1.8.crate 16732 BLAKE2B 5aa7b87eef1322e4151a3fcf981ade311b8fa030527d7561815950e58d3f15156163dfe34da6a708c37dccc3f7652bf7fc2cd899fe8bb0118b67c4113ff3a2d2 SHA512 0abba6da6981a2451e01d93bbd47652c46eb6fb07cc0214f33259fb29945bfd5ee2b302e883ddca8f68e921635f222701b7310e7da2a5e225f854980d1e474b0
DIST unicode-xid-0.2.1.crate 14392 BLAKE2B 7f8f91b9c4df55f2137b754208d4f2997a290acfc9393ee2dcda8195eda25cb342e56ad123f56bb298d93db5248a749c18a982423c9a0e85ce93f7a1eb55d289 SHA512 91e862137e837baea82829431cfed36634fdb05339f00c756eb5a4b429ef0bb871f5133d11adf9a023fa22168c8a0cf194ff3669779f04f219d48fc4fac339d2
DIST uuid-0.8.2.crate 37909 BLAKE2B e6ede5f8ae05572d4c55909eb3fe6946de6f10ad9bf71bd357739bc01201bf93f59ccbb3dabcbfd7b3e54b0c98c3b52d21f1bf1877b7283c6df623e9b2b3f33f SHA512 5a1f5ead9a920b9bbc120c02049c24b62ec215765e486d3a15c5015ef49fa506206efb737e6f6555cf6e2eddddfe55f0ca1d7dcfa9aa8bcf3e0ef570a54fa2d8
DIST vcpkg-0.2.11.crate 12600 BLAKE2B 1c44c8df531a75f686c0497e70a72aa0c1b554c02ed256e6b08407b17066ed949f03bda42645d56e1227b50dc4c0e3865f10856605c2eadab3b74f55f005789b SHA512 d67bc244c81827165bf976808f79fd02f9149a19006898e60ff8ef11df2d72657c56bc9fc14c8f91b091075ceb23c3f96a3df81be345bb01881679eb47a0e6e9
DIST vec_map-0.8.2.crate 14466 BLAKE2B 8f109fbff19604b82ea2aa61c952e2ce9b5597ccc8e1ef4e847648e2de08dece8c4debe92889edeccb8d393645fd0b62436b49d236ded7ad181c4a51239a9539 SHA512 4f1ef59bc2c437e79f1f84fe021bce5aa8ccd581f500f3d5776913d5f17d45b03ccee64f5bd03d47656318cfc9344a1f4311079d471fa409a8e4e94c143973f9
DIST version_check-0.9.3.crate 12547 BLAKE2B 85761c300a8d755e0b376191ef0604728ae641261fdb10682a3134a828eadc4a33216426d286bcdbd8d0c5fcfe6ca8ba20ed078c4f53066b959739a0e73daec0 SHA512 4b3b428214a0322af536a18e6f050438398766af6589389f20a804121a6721962ba411e2dcfded60aaa74313128fb0e831bea31378e2695c29b29bdc24d7cbfd
DIST wasi-0.10.2+wasi-snapshot-preview1.crate 27505 BLAKE2B 4eb8644b945633d6e856ad80dd74990be19eb6af99823b147163384f61d471e2d9ec054d78a7064072344be53783e57073e8fffc6d5555c149b4834a9bf31dba SHA512 06977a294d76369a3867c45abdd8a87ea5c84e5a3681075ba0d14af1aee3114ff24495c7e7f7fe1e6e42230e65fba0e062898e69bc89e0209af62c2d14094ec7
DIST winapi-0.3.9.crate 1200382 BLAKE2B cb5799749ccd935ea2d7068d953cecf19f543d9db7dc16ad4584bb7005373ada34937a3ced7225544d8bc765da599911c7a3190efefb3a25b7c1bb7123b4f673 SHA512 ff8b7b78065f3d8999ec03c725a0460ebc059771bf071c7a3df3f0ecd733edf3b0a2450024d4e24e1aedddaecd9038ce1376c0d8bbf45132068cf45cf4a53a97
DIST winapi-i686-pc-windows-gnu-0.4.0.crate 2918815 BLAKE2B 4d357e4d30f9552972170d65b9a5358b69c46a3e772fe05efc22f3d4ffc1caeeaad7aacdc7abd503a7ad0545f8bd7d22bf351dcb6df76f812fa4d45c34d65df0 SHA512 a672ccefd0730a8166fef1d4e39f9034d9ae426a3f5e28d1f4169fa5c5790767693f281d890e7804773b34acdb0ae1febac33cde8c50c0044a5a6152c7209ec2
DIST winapi-x86_64-pc-windows-gnu-0.4.0.crate 2947998 BLAKE2B 2ad1ea8b5fa07d544e910ccba043ae925269b76b26c9da356305b34b86741dd8b9aff0b9ffe3d562db4fcd7d7c46a11ce9e3168b782b1d89ae6881742b7ede82 SHA512 4a654af6a5d649dc87e00497245096b35a2894ae66f155cb62389902c3b93ddcc5cf7d0d8b9dd97b291d2d80bc686af2298e80abef6ac69883f4a54e79712513
DIST zeroize-1.2.0.crate 15450 BLAKE2B 1f3c2688cf84d8bc22f777cc06673c29c9306b2c246bec67404729dac01570dd550c4ebe1f9cbd04c3d6a2711bf7106c45a34d01bb0ab7b73d3a15a65bf66eb7 SHA512 9bc0242824908909669e473029990a582efb884ce8f37d153d3a92083f64afe7b3bb26821dff8f39af74ea7935024d9414d458cf61c2e6291ca3611e896ae390
DIST zeroize_derive-1.0.1.crate 8047 BLAKE2B c43d99d7f80d104ec43708742d2c13080a3b96d0b8ffac099f86c82bce33d263313a42ebec42ed5dbeaeac397d1717e6cf089980dd7934b1efc7228b737a5f21 SHA512 cbb7fe8d9ecb38c0f6fd11e491afa289cc9d8719f2460f4569816d7d55ec17fc88aa9a167aafb83809e2122481e016039b055e3bc4edfdeaf009fc0d65212dc7

View File

@ -1,118 +0,0 @@
From c1926dfc6591b55c4d33f9944de4d7ebe077e964 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Fri, 9 Jul 2021 11:53:35 +1000
Subject: [PATCH] Issue 4817 - BUG - locked crypt accounts on import may allow
all passwords (#4819)
Bug Description: Due to mishanding of short dbpwd hashes, the
crypt_r algorithm was misused and was only comparing salts
in some cases, rather than checking the actual content
of the password.
Fix Description: Stricter checks on dbpwd lengths to ensure
that content passed to crypt_r has at least 2 salt bytes and
1 hash byte, as well as stricter checks on ct_memcmp to ensure
that compared values are the same length, rather than potentially
allowing overruns/short comparisons.
fixes: https://github.com/389ds/389-ds-base/issues/4817
Author: William Brown <william@blackhats.net.au>
Review by: @mreynolds389
---
.../password/pwd_crypt_asterisk_test.py | 50 +++++++++++++++++++
ldap/servers/plugins/pwdstorage/crypt_pwd.c | 20 +++++---
2 files changed, 64 insertions(+), 6 deletions(-)
create mode 100644 dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
diff --git a/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
new file mode 100644
index 000000000..d76614db1
--- /dev/null
+++ b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
@@ -0,0 +1,50 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2021 William Brown <william@blackhats.net.au>
+# All rights reserved.
+#
+# License: GPL (version 3 or any later version).
+# See LICENSE for details.
+# --- END COPYRIGHT BLOCK ---
+#
+import ldap
+import pytest
+from lib389.topologies import topology_st
+from lib389.idm.user import UserAccounts
+from lib389._constants import (DEFAULT_SUFFIX, PASSWORD)
+
+pytestmark = pytest.mark.tier1
+
+def test_password_crypt_asterisk_is_rejected(topology_st):
+ """It was reported that {CRYPT}* was allowing all passwords to be
+ valid in the bind process. This checks that we should be rejecting
+ these as they should represent locked accounts. Similar, {CRYPT}!
+
+ :id: 0b8f1a6a-f3eb-4443-985e-da14d0939dc3
+ :setup: Single instance
+ :steps: 1. Set a password hash in with CRYPT and the content *
+ 2. Test a bind
+ 3. Set a password hash in with CRYPT and the content !
+ 4. Test a bind
+ :expectedresults:
+ 1. Successfully set the values
+ 2. The bind fails
+ 3. Successfully set the values
+ 4. The bind fails
+ """
+ topology_st.standalone.config.set('nsslapd-allow-hashed-passwords', 'on')
+ topology_st.standalone.config.set('nsslapd-enable-upgrade-hash', 'off')
+
+ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
+ user = users.create_test_user()
+
+ user.set('userPassword', "{CRYPT}*")
+
+ # Attempt to bind with incorrect password.
+ with pytest.raises(ldap.INVALID_CREDENTIALS):
+ badconn = user.bind('badpassword')
+
+ user.set('userPassword', "{CRYPT}!")
+ # Attempt to bind with incorrect password.
+ with pytest.raises(ldap.INVALID_CREDENTIALS):
+ badconn = user.bind('badpassword')
+
diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
index 9031b2199..1b37d41ed 100644
--- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
+++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
@@ -48,15 +48,23 @@ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
int
crypt_pw_cmp(const char *userpwd, const char *dbpwd)
{
- int rc;
- char *cp;
+ int rc = -1;
+ char *cp = NULL;
+ size_t dbpwd_len = strlen(dbpwd);
struct crypt_data data;
data.initialized = 0;
- /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
- cp = crypt_r(userpwd, dbpwd, &data);
- if (cp) {
- rc = slapi_ct_memcmp(dbpwd, cp, strlen(dbpwd));
+ /*
+ * there MUST be at least 2 chars of salt and some pw bytes, else this is INVALID and will
+ * allow any password to bind as we then only compare SALTS.
+ */
+ if (dbpwd_len >= 3) {
+ /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
+ cp = crypt_r(userpwd, dbpwd, &data);
+ }
+ /* If these are not the same length, we can not proceed safely with memcmp. */
+ if (cp && dbpwd_len == strlen(cp)) {
+ rc = slapi_ct_memcmp(dbpwd, cp, dbpwd_len);
} else {
rc = -1;
}

View File

@ -1,17 +0,0 @@
diff --git a/m4/db.m4 b/m4/db.m4
index c916c2b83..a9dd5ef2b 100644
--- a/m4/db.m4
+++ b/m4/db.m4
@@ -96,9 +96,9 @@ if test -z "$db_inc"; then
fi
dnl figure out which version of db we're using from the header file
-db_ver_maj=`grep DB_VERSION_MAJOR $db_incdir/db.h | awk '{print $3}'`
-db_ver_min=`grep DB_VERSION_MINOR $db_incdir/db.h | awk '{print $3}'`
-db_ver_pat=`grep DB_VERSION_PATCH $db_incdir/db.h | awk '{print $3}'`
+db_ver_maj=`gcc -E -fdirectives-only $db_incdir/db.h | grep DB_VERSION_MAJOR | awk '{print $3}'`
+db_ver_min=`gcc -E -fdirectives-only $db_incdir/db.h | grep DB_VERSION_MINOR | awk '{print $3}'`
+db_ver_pat=`gcc -E -fdirectives-only $db_incdir/db.h | grep DB_VERSION_PATCH | awk '{print $3}'`
dnl Ensure that we have libdb at least 4.7, older versions aren't supported
if test ${db_ver_maj} -lt 4; then

View File

@ -1,3 +0,0 @@
d /var/log/dirsrv 0700 dirsrv dirsrv -
d /var/lib/dirsrv 0700 dirsrv dirsrv -
d /run/lock/dirsrv 0770 dirsrv dirsrv -

View File

@ -1,44 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
PIDFILE="/var/run/ldap-agent.pid"
CONFIGFILE="/etc/dirsrv/config/ldap-agent.conf"
# instance support in progress
depend() {
need net
use logger snmpd
}
start() {
ebegin "Starting 389 Directory Server ldap-snmp agent"
start-stop-daemon --start --quiet -b \
--pidfile ${PIDFILE} --exec /usr/sbin/ldap-agent -- ${CONFIGFILE}
eend ${?}
if [ "${?}" != "0" ]; then
local entries=/etc/dirsrv/slapd-*
if [ -n "${entries}" ]; then
ewarn "Please make sure that ${CONFIGFILE} contains at least"
ewarn "one of the following entries:"
for entry in ${entries}; do
entry=$(basename ${entry})
ewarn "server ${entry}"
done
fi
fi
}
stop() {
ebegin "Stopping 389 Directory Server ldap-snmp agent"
start-stop-daemon --stop --quiet --pidfile ${PIDFILE}
eend ${?}
}
restart() {
svc_stop
sleep 2
svc_start
}

View File

@ -1,89 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
DIRSRV_EXEC="/usr/sbin/ns-slapd"
PID_DIRECTORY="/run/dirsrv"
LOCK_DIRECTORY="/var/lock/dirsrv"
DIRSRV_CONF_DIR="/etc/dirsrv"
DS_INSTANCES=${DIRSRV_CONF_DIR}/slapd-*
depend() {
need net logger
use dns
provide dirsrv ldap
}
checkconfig() {
if [ -z "${DS_INSTANCES}" ]; then
eerror "389 Directory Server has not been configured."
eend 1
return 1
fi
}
start() {
checkconfig || return 1
for instance in ${DS_INSTANCES}; do
instance=$(basename ${instance})
# skip .removed instances, bug #338133
if [ "${instance%%.removed}" != "${instance}" ]; then
continue
fi
# Create the required directories in case they got nuked
mkdir -p ${PID_DIRECTORY}
mkdir -p ${LOCK_DIRECTORY}/${instance}
# This will probably break one day, we should be pulling out the suitespotuser from dse.ldif
chown dirsrv: ${PID_DIRECTORY}
chown dirsrv: ${LOCK_DIRECTORY}/${instance}
ebegin "Starting 389 Directory Server: instance ${instance}"
start-stop-daemon --start --quiet -m \
--pidfile ${PID_DIRECTORY}/${instance}.startpid \
--exec ${DIRSRV_EXEC} -- -D ${DIRSRV_CONF_DIR}/${instance} \
-i ${PID_DIRECTORY}/${instance}.pid \
-w ${PID_DIRECTORY}/${instance}.startpid
sts=${?}
eend ${sts}
if [ "${sts}" != "0" ]; then
return 1
fi
done
}
stop() {
checkconfig || return 1
for instance in ${DS_INSTANCES}; do
instance=$(basename ${instance})
if [ "${instance%%.removed}" != "${instance}" ]; then
continue
fi
ebegin "Stopping 389 Directory Server: instance ${instance}"
start-stop-daemon --stop --quiet \
--pidfile ${PID_DIRECTORY}/${instance}.pid \
--exec ${DIRSRV_EXEC}
eend ${?}
done
}
status() {
for instance in ${DS_INSTANCES}; do
instance=$(basename ${instance})
if [ "${instance%%.removed}" != "${instance}" ]; then
continue
fi
if [ -e ${PID_DIRECTORY}/${instance}.pid ]; then
pid=$(cat ${PID_DIRECTORY}/${instance}.pid)
if [ $(echo "$pid" | grep -c $pid) -ge 1 ]; then
einfo "389 Directory Server: instance ${instance} (pid $pid) running."
else
ewarn "389 Directory Server: instance ${instance} (pid $pid) NOT running."
fi
else
eerror "389 Directory Server: instance ${instance} is NOT running."
fi
done
}

View File

@ -1,35 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>Dessa@gmake.de</email>
<name>Robert Förster</name>
</maintainer>
<maintainer type="person">
<email>chris@christopherpritchard.co.uk</email>
<name>Chris Pritchard</name>
</maintainer>
<maintainer type="project">
<email>proxy-maint@gentoo.org</email>
<name>Proxy Maintainers</name>
</maintainer>
<use>
<flag name="accountpolicy">Enable account policy plugin - automatically lock
an account after a certain amount of time has elapsed</flag>
<flag name="bitwise">Enable bitwise plugin - supported data in raw/bitwise
format</flag>
<flag name="dna">Enable dna (distributed numeric assignment ) plugin - to
automatically assign unique uid numbers to new user entries as they
are created.</flag>
<flag name="pam-passthru">Enable pam-passthru plugin - for simple and
fast system services used in ldap</flag>
<flag name="autobind">Enable auto bind over unix domain socket (LDAPI)
support</flag>
<flag name="auto-dn-suffix">Enable auto bind with auto dn suffix over unix
domain socket (LDAPI) support</flag>
<flag name="ldapi">Enable LDAP over unix domain socket (LDAPI) support</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:fedoraproject:389_directory_server</remote-id>
</upstream>
</pkgmetadata>