From 2d6d9ac5e7473776b410cd48f555ee51c1cbcab7 Mon Sep 17 00:00:00 2001 From: Thierry bordaz (tbordaz) Date: Aug 20 2013 17:19:02 +0000 Subject: Ticket 47433 - With SeLinux, setup-ds.pl and setup-ds-admin.pl fail to detect already ranged labelled ports Bug Description: With SeLinux ports may be labelled per range. In the output of 'semanage port -l' a range is displayed with - rather than with an individual . When parsing the output, DSCreate.pm(updateSelinuxPolicy) expects a list of individual ports so it fails to detect that a given port is in the range of ports. Fix Description: When parsing the output of 'semanage port -l', if a range exists it checks that the provided port is in the range or not. https://fedorahosted.org/389/ticket/47433 Reviewed by: Rich Megginson (thanks Rich) Platforms tested: Fedora 17 Flag Day: no Doc impact: no --- diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in index be2097a..cc00bb3 100644 --- a/ldap/admin/src/scripts/DSCreate.pm.in +++ b/ldap/admin/src/scripts/DSCreate.pm.in @@ -1007,9 +1007,19 @@ sub updateSelinuxPolicy { $portline =~ s/ldap_port_t\s+tcp\s+//g; my @labeledports = split(/,\s+/, $portline); foreach my $labeledport (@labeledports) { - if ($inf->{slapd}->{ServerPort} == $labeledport) { - $need_label = 0; - last; + if (index($labeledport, "-") == -1) { + # this is not a range of ports + if ($inf->{slapd}->{ServerPort} == $labeledport) { + $need_label = 0; + last; + } + } else { + # this is a range of ports like '-' + my @range = split(/-/, $labeledport); + if ((@range[0] <= $inf->{slapd}->{ServerPort}) && ($inf->{slapd}->{ServerPort} <= @range[1])) { + $need_label = 0; + last; + } } }