Thu Oct 10 05:34:29 UTC 2013

This is an automated email from the git hooks/post-receive script.

tjaalton-guest pushed a commit to annotated tag 2.2.23-0.pre3
in repository openldap.

commit 6d06c257ea8d4c2b5ba2fa4a8ef7a76d7c3e1e6f
Author: Torsten Landschoff <torsten at debian.org>
Date:   Fri Feb 25 23:13:46 2005 +0000

     r427 at pulsar:  torsten | 2005-02-26 00:10:14 +0100
      * debian/slapd.postinst: Fixed chmod --reference calls to keep the
        permissions of slapd.conf. Putting data into the file using shell
        redirection recreates the file with default umask and owner, killing
        the permissions we applied using chod --reference after creating the
        file. Instead we change the permissions directly before renaming the
        file now. Wrapped it into a function and update the owner as well.
        How do we do this correctly for ACLs etc.!?
---
 debian/changelog      |    7 +++++++
 debian/slapd.postinst |   16 ++++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 5343c83..84b734b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,13 @@ openldap2.2 (2.2.23-0.pre3) experimental; urgency=low
     dh_strip handle stripping binaries (closes: #264448). 
   * debian/slapd.postinst: Code cleanup and reading, unused and duplicate
     code removed. Main body still needs fixing.
+  * debian/slapd.postinst: Fixed chmod --reference calls to keep the
+    permissions of slapd.conf. Putting data into the file using shell
+    redirection recreates the file with default umask and owner, killing
+    the permissions we applied using chod --reference after creating the
+    file. Instead we change the permissions directly before renaming the
+    file now. Wrapped it into a function and update the owner as well. 
+    How do we do this correctly for ACLs etc.!?
 
  --
 
diff --git a/debian/slapd.postinst b/debian/slapd.postinst
index 58cf5e1..df02e0f 100644
--- a/debian/slapd.postinst
+++ b/debian/slapd.postinst
@@ -122,6 +122,10 @@ create_new_slapd_conf() {						# {{{
 		-e "s/@ADMIN@/cn=admin,$basedn/g" \
 		-e "s/@CHECKPOINT@/$checkpoint/g" \
 		-e "s/@BACKEND@/$backend/g" 
+	# Make sure we keep the permissions of an old slapd.conf
+	if [ -e "$SLAPD_CONF" ]; then
+		assign_permissions "$SLAPD_CONF" "$conf_new"
+	fi
 	mv $conf_new $SLAPD_CONF
 	echo "done" >&2
 } 
@@ -186,7 +190,6 @@ autoconfigure_modules() {						# {{{
 	
 	echo -n "  Updating config for dynamic backends... " >&2
 	new_conf=`mktemp -q ${SLAPD_CONF}.XXXXXX`
-	chmod --reference=$SLAPD_CONF $new_conf
 	cat <<-EOF >$new_conf
 		# Loading of backend modules - automatically generated
 		
@@ -196,6 +199,7 @@ autoconfigure_modules() {						# {{{
 	  's/^database[[:space:]]\+\([a-z]\+\)/moduleload      back_\1/p'
 	echo >>$new_conf
 	cat $SLAPD_CONF >>$new_conf
+	assign_permissions "$SLAPD_CONF" "$new_conf"
 	mv $new_conf $SLAPD_CONF
 	echo done >&2
 }
@@ -220,7 +224,6 @@ configure_v2_protocol_support() {					# {{{
 
 	# Create a temporary file for the new config
 	new_conf=`mktemp -q ${SLAPD_CONF}.XXXXXX`
-	chmod --reference=$SLAPD_CONF $new_conf
 
 	# If there is an existing global allow command, add our option
 	if extend_existing_allow_directive < $SLAPD_CONF > $new_conf; then
@@ -236,6 +239,7 @@ configure_v2_protocol_support() {					# {{{
 	fi
 
 	# Activate the new configuration file
+	assign_permissions "$SLAPD_CONF" "$new_conf"
 	mv $new_conf $SLAPD_CONF
 	echo . >&2
 }
@@ -318,6 +322,14 @@ fix_ldif() {								# {{{
 		< "$location" > "$fixed_location"
 }
 # }}}
+assign_permissions() {							# {{{
+# Apply the same permissions as on a reference file to another file. 
+# Usage: apply_permissions <original> <new>
+
+	chmod --reference="$1" "$2"
+	chown --reference="$1" "$2"
+}
+# }}}
 import_database() {							# {{{
 # Import a database from an ldif dump
 # Usage: import_database <basedn> <ldif-file>

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git

