/[packages]/updates/5/bind/current/SOURCES/bind-9.3.2b1-fix_sdb_ldap.patch
ViewVC logotype

Contents of /updates/5/bind/current/SOURCES/bind-9.3.2b1-fix_sdb_ldap.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1104818 - (show annotations) (download)
Fri May 26 13:25:52 2017 UTC (6 years, 10 months ago) by guillomovitch
File size: 15877 byte(s)
- sync with cauldron packages, to fix multiple security issues
 (CVE-2016-931, CVE-2016-9147, CVE-2016-9444, CVE-2017-3135) (#mga20107)
- also ensure /dev/urandom is available in chroot (#mga12425)

1 diff -Naurp bind-9.9.5/bin/sdb_tools/Makefile.in bind-9.9.5.oden/bin/sdb_tools/Makefile.in
2 --- bind-9.9.5/bin/sdb_tools/Makefile.in 2014-02-02 13:47:31.000000000 +0100
3 +++ bind-9.9.5.oden/bin/sdb_tools/Makefile.in 2014-02-02 14:41:50.862389375 +0100
4 @@ -32,11 +32,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS}
5 LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
6 ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@
7
8 -TARGETS = zone2ldap@EXEEXT@ zonetodb@EXEEXT@
9 +TARGETS = zone2ldap@EXEEXT@ ldap2zone@EXEEXT@ zonetodb@EXEEXT@
10
11 -OBJS = zone2ldap.@O@ zonetodb.@O@
12 +OBJS = zone2ldap.@O@ ldap2zone.@O@ zonetodb.@O@
13
14 -SRCS = zone2ldap.c zonetodb.c
15 +SRCS = zone2ldap.c ldap2zone.c zonetodb.c
16
17 MANPAGES = zone2ldap.1
18
19 @@ -50,6 +50,9 @@ zone2ldap@EXEEXT@: zone2ldap.@O@ ${DEPLI
20 zonetodb@EXEEXT@: zonetodb.@O@ ${DEPLIBS}
21 ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zonetodb.@O@ -lpq ${LIBS}
22
23 +ldap2zone@EXEEXT@: ldap2zone.@O@ ${DEPLIBS}
24 + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ldap2zone.@O@ -lldap -llber ${LIBS}
25 +
26 clean distclean manclean maintainer-clean::
27 rm -f ${TARGETS} ${OBJS}
28
29 @@ -59,5 +62,6 @@ installdirs:
30
31 install:: ${TARGETS} installdirs
32 ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap@EXEEXT@ ${DESTDIR}${sbindir}
33 + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ldap2zone@EXEEXT@ ${DESTDIR}${sbindir}
34 ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zonetodb@EXEEXT@ ${DESTDIR}${sbindir}
35 ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
36 diff -Naurp bind-9.9.5/bin/sdb_tools/zone2ldap.c bind-9.9.5.oden/bin/sdb_tools/zone2ldap.c
37 --- bind-9.9.5/bin/sdb_tools/zone2ldap.c 2014-02-02 14:43:19.400394326 +0100
38 +++ bind-9.9.5.oden/bin/sdb_tools/zone2ldap.c 2014-02-02 14:41:50.863389375 +0100
39 @@ -26,6 +26,7 @@
40 #include <isc/hash.h>
41 #include <isc/mem.h>
42 #include <isc/print.h>
43 +#include <isc/hash.h>
44 #include <isc/result.h>
45 #include <isc/string.h>
46
47 @@ -65,6 +66,9 @@ ldap_info;
48 /* usage Info */
49 void usage (void);
50
51 +/* Check for existence of (and possibly add) containing dNSZone objects */
52 +int lookup_dns_zones( ldap_info *ldinfo);
53 +
54 /* Add to the ldap dit */
55 void add_ldap_values (ldap_info * ldinfo);
56
57 @@ -81,7 +85,7 @@ char **hostname_to_dn_list (char *hostna
58 int get_attr_list_size (char **tmp);
59
60 /* Get a DN */
61 -char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag);
62 +char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone);
63
64 /* Add to RR list */
65 void add_to_rr_list (char *dn, char *name, char *type, char *data,
66 @@ -103,11 +107,27 @@ void
67 init_ldap_conn ();
68 void usage();
69
70 -char *argzone, *ldapbase, *binddn, *bindpw = NULL;
71 -const char *ldapsystem = "localhost";
72 -static const char *objectClasses[] =
73 - { "top", "dNSZone", NULL };
74 -static const char *topObjectClasses[] = { "top", NULL };
75 +static char *argzone, *ldapbase, *binddn, *bindpw = NULL;
76 +
77 +/* these are needed to placate gcc4's const-ness const-ernations : */
78 +static char localhost[] = "localhost";
79 +static char *ldapsystem=&(localhost[0]);
80 +/* dnszone schema class names: */
81 +static char topClass [] ="top";
82 +static char dNSZoneClass[] ="dNSZone";
83 +static char objectClass [] ="objectClass";
84 +static char dcObjectClass[]="dcObject";
85 +/* dnszone schema attribute names: */
86 +static char relativeDomainName[]="relativeDomainName";
87 +static char dNSTTL []="dNSTTL";
88 +static char zoneName []="zoneName";
89 +static char dc []="dc";
90 +static char sameZone []="@";
91 +/* LDAPMod mod_values: */
92 +static char *objectClasses []= { &(topClass[0]), &(dNSZoneClass[0]), NULL };
93 +static char *topObjectClasses []= { &(topClass[0]), &(dcObjectClass[0]), &(dNSZoneClass[0]), NULL };
94 +static char *dn_buffer [64]={NULL};
95 +
96 LDAP *conn;
97 unsigned int debug = 0;
98
99 @@ -131,12 +151,12 @@ main (int argc, char **argv)
100 isc_result_t result;
101 char *basedn;
102 ldap_info *tmp;
103 - LDAPMod *base_attrs[2];
104 - LDAPMod base;
105 + LDAPMod *base_attrs[5];
106 + LDAPMod base, dcBase, znBase, rdnBase;
107 isc_buffer_t buff;
108 char *zonefile=0L;
109 char fullbasedn[1024];
110 - char *ctmp;
111 + char *ctmp, *zn, *dcp[2], *znp[2], *rdn[2];
112 dns_fixedname_t fixedzone, fixedname;
113 dns_rdataset_t rdataset;
114 char **dc_list;
115 @@ -149,7 +169,7 @@ main (int argc, char **argv)
116 extern char *optarg;
117 extern int optind, opterr, optopt;
118 int create_base = 0;
119 - int topt;
120 + int topt, dcn, zdn, znlen;
121
122 if (argc < 2)
123 {
124 @@ -157,7 +177,7 @@ main (int argc, char **argv)
125 exit (-1);
126 }
127
128 - while ((topt = getopt (argc, argv, "D:w:b:z:f:h:?dcv")) != -1)
129 + while ((topt = getopt (argc, argv, "D:Ww:b:z:f:h:?dcv")) != -1)
130 {
131 switch (topt)
132 {
133 @@ -180,6 +200,9 @@ main (int argc, char **argv)
134 if (bindpw == NULL)
135 fatal("strdup");
136 break;
137 + case 'W':
138 + bindpw = getpass("Enter LDAP Password: ");
139 + break;
140 case 'b':
141 ldapbase = strdup (optarg);
142 if (ldapbase == NULL)
143 @@ -301,27 +324,62 @@ main (int argc, char **argv)
144 {
145 if (debug)
146 printf ("Creating base zone DN %s\n", argzone);
147 -
148 +
149 dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP);
150 - basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC);
151
152 - for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--)
153 + basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC, argzone);
154 + if (debug)
155 + printf ("base DN %s\n", basedn);
156 +
157 + for (ctmp = &basedn[strlen (basedn)], dcn=0; ctmp >= &basedn[0]; ctmp--)
158 {
159 - if ((*ctmp == ',') || (ctmp == &basedn[0]))
160 + if ((*ctmp == ',') || (ctmp == &basedn[0]))
161 {
162 +
163 base.mod_op = LDAP_MOD_ADD;
164 - base.mod_type = (char*)"objectClass";
165 - base.mod_values = (char**)topObjectClasses;
166 + base.mod_type = objectClass;
167 + base.mod_values = topObjectClasses;
168 base_attrs[0] = (void*)&base;
169 - base_attrs[1] = NULL;
170 -
171 +
172 + dcBase.mod_op = LDAP_MOD_ADD;
173 + dcBase.mod_type = dc;
174 + dcp[0]=dc_list[dcn];
175 + dcp[1]=0L;
176 + dcBase.mod_values=dcp;
177 + base_attrs[1] = (void*)&dcBase;
178 +
179 + znBase.mod_op = LDAP_MOD_ADD;
180 + znBase.mod_type = zoneName;
181 + for( zdn = dcn, znlen = 0; zdn >= 0; zdn-- )
182 + znlen += strlen(dc_list[zdn])+1;
183 + znp[0] = (char*)malloc(znlen+1);
184 + znp[1] = 0L;
185 + for( zdn = dcn, zn=znp[0]; zdn >= 0; zdn-- )
186 + zn+=sprintf(zn,"%s%s",dc_list[zdn],
187 + ((zdn > 0) && (*(dc_list[zdn-1])!='.')) ? "." : ""
188 + );
189 +
190 + znBase.mod_values = znp;
191 + base_attrs[2] = (void*)&znBase;
192 +
193 + rdnBase.mod_op = LDAP_MOD_ADD;
194 + rdnBase.mod_type = relativeDomainName;
195 + rdn[0] = strdup(sameZone);
196 + rdn[1] = 0L;
197 + rdnBase.mod_values = rdn;
198 + base_attrs[3] = (void*)&rdnBase;
199 +
200 + dcn++;
201 +
202 + base.mod_values = topObjectClasses;
203 + base_attrs[4] = NULL;
204 +
205 if (ldapbase)
206 {
207 if (ctmp != &basedn[0])
208 sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase);
209 else
210 - sprintf (fullbasedn, "%s,%s", ctmp, ldapbase);
211 -
212 + sprintf (fullbasedn, "%s,%s", ctmp, ldapbase);
213 }
214 else
215 {
216 @@ -330,8 +388,13 @@ main (int argc, char **argv)
217 else
218 sprintf (fullbasedn, "%s", ctmp);
219 }
220 +
221 + if( debug )
222 + printf("Full base dn: %s\n", fullbasedn);
223 +
224 result = ldap_add_s (conn, fullbasedn, base_attrs);
225 ldap_result_check ("intial ldap_add_s", fullbasedn, result);
226 +
227 }
228
229 }
230 @@ -409,14 +472,14 @@ generate_ldap (dns_name_t * dnsname, dns
231 isc_result_check (result, "dns_rdata_totext");
232 data[isc_buffer_usedlength (&buff)] = 0;
233
234 - dc_list = hostname_to_dn_list (name, argzone, DNS_OBJECT);
235 + dc_list = hostname_to_dn_list ((char*)name, argzone, DNS_OBJECT);
236 len = (get_attr_list_size (dc_list) - 2);
237 - dn = build_dn_from_dc_list (dc_list, ttl, WI_SPEC);
238 + dn = build_dn_from_dc_list (dc_list, ttl, WI_SPEC, argzone);
239
240 if (debug)
241 printf ("Adding %s (%s %s) to run queue list.\n", dn, type, data);
242
243 - add_to_rr_list (dn, dc_list[len], type, data, ttl, DNS_OBJECT);
244 + add_to_rr_list (dn, dc_list[len], (char*)type, (char*)data, ttl, DNS_OBJECT);
245 }
246
247
248 @@ -456,7 +519,8 @@ add_to_rr_list (char *dn, char *name, ch
249 int attrlist;
250 char ldap_type_buffer[128];
251 char charttl[64];
252 -
253 + char *zn;
254 + int znlen;
255
256 if ((tmp = locate_by_dn (dn)) == NULL)
257 {
258 @@ -483,13 +547,13 @@ add_to_rr_list (char *dn, char *name, ch
259 fatal("malloc");
260 }
261 tmp->attrs[0]->mod_op = LDAP_MOD_ADD;
262 - tmp->attrs[0]->mod_type = (char*)"objectClass";
263 + tmp->attrs[0]->mod_type = objectClass;
264
265 if (flags == DNS_OBJECT)
266 - tmp->attrs[0]->mod_values = (char**)objectClasses;
267 + tmp->attrs[0]->mod_values = objectClasses;
268 else
269 {
270 - tmp->attrs[0]->mod_values = (char**)topObjectClasses;
271 + tmp->attrs[0]->mod_values =topObjectClasses;
272 tmp->attrs[1] = NULL;
273 tmp->attrcnt = 2;
274 tmp->next = ldap_info_base;
275 @@ -498,7 +562,7 @@ add_to_rr_list (char *dn, char *name, ch
276 }
277
278 tmp->attrs[1]->mod_op = LDAP_MOD_ADD;
279 - tmp->attrs[1]->mod_type = (char*)"relativeDomainName";
280 + tmp->attrs[1]->mod_type = relativeDomainName;
281 tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2);
282
283 if (tmp->attrs[1]->mod_values == (char **)NULL)
284 @@ -527,7 +591,7 @@ add_to_rr_list (char *dn, char *name, ch
285 fatal("strdup");
286
287 tmp->attrs[3]->mod_op = LDAP_MOD_ADD;
288 - tmp->attrs[3]->mod_type = (char*)"dNSTTL";
289 + tmp->attrs[3]->mod_type = dNSTTL;
290 tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2);
291
292 if (tmp->attrs[3]->mod_values == (char **)NULL)
293 @@ -540,14 +604,25 @@ add_to_rr_list (char *dn, char *name, ch
294 if (tmp->attrs[3]->mod_values[0] == NULL)
295 fatal("strdup");
296
297 + znlen=strlen(gbl_zone);
298 + if ( *(gbl_zone + (znlen-1)) == '.' )
299 + { /* ldapdb MUST search by relative zone name */
300 + zn = (char*)malloc(znlen);
301 + strncpy(zn,gbl_zone,znlen-1);
302 + *(zn + (znlen-1))='\0';
303 + }else
304 + {
305 + zn = gbl_zone;
306 + }
307 +
308 tmp->attrs[4]->mod_op = LDAP_MOD_ADD;
309 - tmp->attrs[4]->mod_type = (char*)"zoneName";
310 + tmp->attrs[4]->mod_type = zoneName;
311 tmp->attrs[4]->mod_values = (char **)calloc(sizeof(char *), 2);
312
313 if (tmp->attrs[4]->mod_values == (char **)NULL)
314 fatal("calloc");
315
316 - tmp->attrs[4]->mod_values[0] = gbl_zone;
317 + tmp->attrs[4]->mod_values[0] = zn;
318 tmp->attrs[4]->mod_values[1] = NULL;
319
320 tmp->attrs[5] = NULL;
321 @@ -558,7 +633,7 @@ add_to_rr_list (char *dn, char *name, ch
322 else
323 {
324
325 - for (i = 0; tmp->attrs[i] != NULL; i++)
326 + for (i = 0; tmp->attrs[i] != NULL; i++)
327 {
328 sprintf (ldap_type_buffer, "%sRecord", type);
329 if (!strncmp
330 @@ -632,73 +707,105 @@ char **
331 hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
332 {
333 char *tmp;
334 - static char *dn_buffer[64];
335 int i = 0;
336 - char *zname;
337 - char *hnamebuff;
338 -
339 - zname = strdup (hostname);
340 - if (zname == NULL)
341 - fatal("strdup");
342 -
343 - if (flags == DNS_OBJECT)
344 - {
345 + char *hname=0L, *last=0L;
346 + int hlen=strlen(hostname), zlen=(strlen(zone));
347
348 - if (strlen (zname) != strlen (zone))
349 - {
350 - tmp = &zname[strlen (zname) - strlen (zone)];
351 - *--tmp = '\0';
352 - hnamebuff = strdup (zname);
353 - if (hnamebuff == NULL)
354 - fatal("strdup");
355 - zname = ++tmp;
356 - }
357 - else
358 - hnamebuff = (char*)"@";
359 - }
360 - else
361 - {
362 - zname = zone;
363 - hnamebuff = NULL;
364 - }
365 -
366 - for (tmp = strrchr (zname, '.'); tmp != (char *) 0;
367 - tmp = strrchr (zname, '.'))
368 - {
369 - *tmp++ = '\0';
370 - dn_buffer[i++] = tmp;
371 - }
372 - dn_buffer[i++] = zname;
373 - dn_buffer[i++] = hnamebuff;
374 +/* printf("hostname: %s zone: %s\n",hostname, zone); */
375 + hname=0L;
376 + if(flags == DNS_OBJECT)
377 + {
378 + if( (zone[ zlen - 1 ] == '.') && (hostname[hlen - 1] != '.') )
379 + {
380 + hname=(char*)malloc(hlen + 1);
381 + hlen += 1;
382 + sprintf(hname, "%s.", hostname);
383 + hostname = hname;
384 + }
385 + if(strcmp(hostname, zone) == 0)
386 + {
387 + if( hname == 0 )
388 + hname=strdup(hostname);
389 + last = strdup(sameZone);
390 + }else
391 + {
392 + if( (hlen < zlen)
393 + ||( strcmp( hostname + (hlen - zlen), zone ) != 0)
394 + )
395 + {
396 + if( hname != 0 )
397 + free(hname);
398 + hname=(char*)malloc( hlen + zlen + 1);
399 + if( *zone == '.' )
400 + sprintf(hname, "%s%s", hostname, zone);
401 + else
402 + sprintf(hname,"%s",zone);
403 + }else
404 + {
405 + if( hname == 0 )
406 + hname = strdup(hostname);
407 + }
408 + last = hname;
409 + }
410 + }else
411 + { /* flags == DNS_TOP */
412 + hname = strdup(zone);
413 + last = hname;
414 + }
415 +
416 + for (tmp = strrchr (hname, '.'); tmp != (char *) 0;
417 + tmp = strrchr (hname, '.'))
418 + {
419 + if( *( tmp + 1 ) != '\0' )
420 + {
421 + *tmp = '\0';
422 + dn_buffer[i++] = ++tmp;
423 + }else
424 + { /* trailing '.' ! */
425 + dn_buffer[i++] = strdup(".");
426 + *tmp = '\0';
427 + if( tmp == hname )
428 + break;
429 + }
430 + }
431 + if( ( last != hname ) && (tmp != hname) )
432 + dn_buffer[i++] = hname;
433 + dn_buffer[i++] = last;
434 dn_buffer[i] = NULL;
435 -
436 return dn_buffer;
437 }
438
439 -
440 /* build an sdb compatible LDAP DN from a "dc_list" (char **).
441 * will append dNSTTL information to each RR Record, with the
442 * exception of "@"/SOA. */
443
444 char *
445 -build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag)
446 +build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone)
447 {
448 int size;
449 - int x;
450 + int x, znlen;
451 static char dn[1024];
452 char tmp[128];
453 + char zn[DNS_NAME_MAXTEXT+1];
454
455 bzero (tmp, sizeof (tmp));
456 bzero (dn, sizeof (dn));
457 size = get_attr_list_size (dc_list);
458 + znlen = strlen(zone);
459 + if ( *(zone + (znlen-1)) == '.' )
460 + { /* ldapdb MUST search by relative zone name */
461 + memcpy(&(zn[0]),zone,znlen-1);
462 + *(zn + (znlen-1))='\0';
463 + zone = zn;
464 + }
465 for (x = size - 2; x > 0; x--)
466 {
467 if (flag == WI_SPEC)
468 {
469 if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl))
470 - sprintf (tmp, "relativeDomainName=%s + dNSTTL=%d,", dc_list[x], ttl);
471 + sprintf (tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]);
472 else if (x == (size - 2))
473 - sprintf(tmp, "relativeDomainName=%s,",dc_list[x]);
474 + sprintf(tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]);
475 else
476 sprintf(tmp,"dc=%s,", dc_list[x]);
477 }
478 @@ -724,6 +835,7 @@ void
479 init_ldap_conn ()
480 {
481 int result;
482 + char ldb_tag[]="LDAP Bind";
483 conn = ldap_open (ldapsystem, LDAP_PORT);
484 if (conn == NULL)
485 {
486 @@ -733,7 +845,7 @@ init_ldap_conn ()
487 }
488
489 result = ldap_simple_bind_s (conn, binddn, bindpw);
490 - ldap_result_check ("ldap_simple_bind_s", (char*)"LDAP Bind", result);
491 + ldap_result_check ("ldap_simple_bind_s", ldb_tag , result);
492 }
493
494 /* Like isc_result_check, only for LDAP */
495 @@ -750,8 +861,6 @@ ldap_result_check (const char *msg, char
496 }
497 }
498
499 -
500 -
501 /* For running the ldap_info run queue. */
502 void
503 add_ldap_values (ldap_info * ldinfo)
504 @@ -759,14 +869,14 @@ add_ldap_values (ldap_info * ldinfo)
505 int result;
506 char dnbuffer[1024];
507
508 -
509 if (ldapbase != NULL)
510 sprintf (dnbuffer, "%s,%s", ldinfo->dn, ldapbase);
511 else
512 sprintf (dnbuffer, "%s", ldinfo->dn);
513
514 result = ldap_add_s (conn, dnbuffer, ldinfo->attrs);
515 - ldap_result_check ("ldap_add_s", dnbuffer, result);
516 + ldap_result_check ("ldap_add_s", dnbuffer, result);
517 +
518 }
519
520
521 @@ -777,5 +887,5 @@ void
522 usage ()
523 {
524 fprintf (stderr,
525 - "zone2ldap -D [BIND DN] -w [BIND PASSWORD] -b [BASE DN] -z [ZONE] -f [ZONE FILE] -h [LDAP HOST] "
526 + "zone2ldap -D [BIND DN] [-w BIND PASSWORD | -W:prompt] -b [BASE DN] -z [ZONE] -f [ZONE FILE] -h [LDAP HOST] "
527 "[-c Create LDAP Base structure][-d Debug Output (lots !)] \n ");}

  ViewVC Help
Powered by ViewVC 1.1.30