Bug#940908: slapd: validate_initial_config slapd/domain can fail if LC_COLLATE is set to non-ASCII

Fredrik Roubert fredrik at roubert.name
Sat Sep 21 17:57:36 BST 2019 

Package: slapd
Version: 2.4.47+dfsg-3+deb10u1
Severity: normal
Tags: patch

Dear Maintainer,

The config script for slapd (in my installed 2.4.47+dfsg-3+deb10u1 as
well as in current slapd_2.4.48+dfsg-1 from sid) attempts to make sure
the domain name is valid in validate_initial_config() using this test:

  db_get slapd/domain
  if [ -z "$RET" ] || ! echo "$RET" | grep -q '^[a-zA-Z0-9.-]*$'; then
    db_fset slapd/domain seen false
    invalid=true
  fi

The problem with this is that the character class [a-zA-Z0-9.-] in grep
is influenced by the LC_COLLATE environment variable and the script just
inherits this environment variable, regardless of whether it specifies a
locale that uses ASCII collation or not.

I encountered this using LC_COLLATE=sv_SE.UTF-8 which collates w as v,
therefore failing on any domain name that contains the ASCII letter w.

Before using a character class like this to test ASCII properties,
LC_COLLATE must be explicitly set to a locale that guarantees ASCII
collation, for example "C", the root locale.

Either at the beginning of the config script:

export LC_COLLATE=C

Or before invoking grep with a character class:

LC_COLLATE=C grep -q '^[a-zA-Z0-9.-]*$'

A simple patch for a failure most puzzling for anyone who encounters it.

-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages slapd depends on:
ii  adduser                     3.118
ii  coreutils                   8.30-3
ii  debconf [debconf-2.0]       1.5.71
ii  libc6                       2.28-10
ii  libdb5.3                    5.3.28+dfsg1-0.5
ii  libgnutls30                 3.6.7-4
ii  libldap-2.4-2               2.4.47+dfsg-3+deb10u1
ii  libltdl7                    2.4.6-9
ii  libodbc1                    2.3.6-0.1
ii  libperl5.28                 5.28.1-6
ii  libsasl2-2                  2.1.27+dfsg-1
ii  libwrap0                    7.6.q-28
ii  lsb-base                    10.2019051400
ii  perl [libmime-base64-perl]  5.28.1-6
ii  psmisc                      23.2-1

Versions of packages slapd recommends:
ii  libsasl2-modules  2.1.27+dfsg-1

Versions of packages slapd suggests:
ii  ldap-utils                                            2.4.47+dfsg-3+deb10u1
pn  libsasl2-modules-gssapi-mit | libsasl2-modules-gssap  <none>

-- debconf information excluded

More information about the Pkg-openldap-devel mailing list