[Pkg-openldap-devel] r677 - openldap/trunk-2.3/debian

Thu Jun 15 21:03:21 UTC 2006

Author: active2-guest
Date: 2006-06-15 21:03:20 +0000 (Thu, 15 Jun 2006)
New Revision: 677

Modified:
   openldap/trunk-2.3/debian/changelog
   openldap/trunk-2.3/debian/slapd.postinst
   openldap/trunk-2.3/debian/slapd.scripts-common
Log:
 * Added functions write_slapd_conf, install_new_configuration,
   update_path_argsfile and update_databases_permissions
 * Call functions on upgrade so that all ldap directories are updated
   (permissions) and /var/spool/slurpd, /var/run/slapd and that the argsfile is
   in /var/run/slapd.


Modified: openldap/trunk-2.3/debian/changelog
===================================================================

--- openldap/trunk-2.3/debian/changelog	2006-06-11 12:23:11 UTC (rev 676)
+++ openldap/trunk-2.3/debian/changelog	2006-06-15 21:03:20 UTC (rev 677)
@@ -1,6 +1,6 @@
 openldap2.3 (2.3.24-2) unstable; urgency=low
 
-  * Switch slapd from running as root to running as user.
+  * Switch slapd from running as root to running as user. (Closes: #292845)
   * Patches by Quanah Gibson-Mount <quanah at stanford.edu>
     - fix a lock bug with a virtual root entry in the BDB backend.
     - fix boolean logic in the overlays.
@@ -14,9 +14,9 @@
   * Added patch to read config before dropping privileges.
   * epoll(4) system call is missing on kernels <2.6, this causes slapd to
     not work on 2.4 kernels. Added patch that remove the #define in
-    portable.in (Closes: #369352, #372194)
+    portable.in (Closes: #369352, #372194, #373233)
 
- -- Matthijs Mohlmann <matthijs at cacholong.nl>  Sun, 11 Jun 2006 14:21:30 +0200
+ -- Matthijs Mohlmann <matthijs at cacholong.nl>  Thu, 15 Jun 2006 18:53:37 +0200
 
 openldap2.3 (2.3.24-1) unstable; urgency=low
 

Modified: openldap/trunk-2.3/debian/slapd.postinst
===================================================================
--- openldap/trunk-2.3/debian/slapd.postinst	2006-06-11 12:23:11 UTC (rev 676)
+++ openldap/trunk-2.3/debian/slapd.postinst	2006-06-15 21:03:20 UTC (rev 677)
@@ -49,6 +49,16 @@
 		fi
 		load_databases
 	fi
+
+	if previous_version_older 2.3.24-2; then
+		update_path_argsfile
+	fi
+
+	# Update permissions of all database directories and /var/run/slapd,
+	# /var/spool/slurpd
+	update_databases_permissions
+	update_permissions /var/run/slapd
+	update_permissions /var/spool/slurpd
 }
 
 # }}}

Modified: openldap/trunk-2.3/debian/slapd.scripts-common
===================================================================
--- openldap/trunk-2.3/debian/slapd.scripts-common	2006-06-11 12:23:11 UTC (rev 676)
+++ openldap/trunk-2.3/debian/slapd.scripts-common	2006-06-15 21:03:20 UTC (rev 677)
@@ -167,7 +167,15 @@
 	fi
 }
 # }}}
+update_databases_permissions() {	# {{{
+	parse_configuration_file
+	for db in `get_database_list`; do
+		dbdir=`get_directory $db`
+		update_permissions "$dbdir"
+	done
+}
 # }}}
+# }}}
 # ----- Dumping and loading the data ------------------------------------ {{{
 
 automatic_ldif_fixing_wanted_for() {					# {{{ 
@@ -344,6 +352,45 @@
 }
 
 # }}}
+write_slapd_conf() {            # {{{
+# change a configuration setting in a configuration file, follow includes.
+# FIXME: circular loops will cause this to block forever
+# usage: write_slapd_conf configuration_file command new_data
+	local conf=$1
+	local modcommand=$2
+	local newarg=$3
+	local newconf=`mktemp`
+
+	cat $conf | merge_logical_lines | while read command data; do
+		if [ "$command" = "include" ]; then
+			file=`eval echo $data`
+			write_slapd_conf $file $modcommand $newarg
+		else
+			if [ "$command" = "$modcommand" ]; then
+				script='
+					$modcommand = shift;
+					$data = shift;
+					$newarg = shift;
+					$done = 0;
+					while (<>) {
+						$done = 1 if s|^($modcommand\s+)$data|$1$newarg|;
+						print;
+					}
+					exit ! $done;'
+				perl -e "$script" $modcommand $data $newarg < $conf > $newconf
+			fi
+		fi
+	done
+
+	# See if $newconf and $conf are the same.
+	if ! `diff $conf $newconf >/dev/null`; then
+		install_new_configuration $conf $newconf
+	fi
+
+	# Cleanup the files created in /tmp
+	rm -f $newconf
+}
+# }}}
 write_database_info() {							# {{{
 # Print out the information about one database
 # Usage: write_database_info <backend> <suffix> <directory>
@@ -708,6 +755,10 @@
 	echo done. >&2
 }
 # }}}
+update_path_argsfile() {	# {{{
+	write_slapd_conf "$SLAPD_CONF" "argsfile" "/var/run/slapd/slapd.args"
+}
+# }}}
 configure_v2_protocol_support() {					# {{{
 # Adds the "allow bind_v2" directive to the configuration if the user decided
 # he wants to have ldap v2 enabled.
@@ -866,13 +917,27 @@
 	# Make sure we keep the permissions of an old slapd.conf
 	if [ -e "$SLAPD_CONF" ]; then
 		assign_permissions "$SLAPD_CONF" "$conf_new"
-	else
-		[ -z "$SLAPD_USER" ] || chown "$SLAPD_USER" "$conf_new"
-		[ -z "$SLAPD_GROUP" ] || chgrp "$SLAPD_GROUP" "$conf_new"
 	fi
 	mv "$conf_new" "$SLAPD_CONF"
 }
 # }}}
+install_new_configuration() {       # {{{
+# Installs a given $2 (new) as new $1 (old) configuration file
+# Usage: install_new_configuration oldconf newconf
+	local conf_old="$1"
+	local conf_new="$2"
+
+	# Make sure we keep the permissions of an old configuration file, this is not
+	# really needed anymore because slapd reads it configuration before it drops
+	# the privileges.
+	if [ -e "$conf_old" ]; then
+		assign_permissions "$conf_old" "$conf_new"
+	fi
+
+	# Move configuration file in place.
+	mv "$conf_new" "$conf_old"
+}
+# }}}
 backup_config_once() {							# {{{
 # Create a backup of the current configuration files. 
 # Usage: backup_config_once


