summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorxtraeme <xtraeme@pkgsrc.org>2005-01-12 02:30:09 +0000
committerxtraeme <xtraeme@pkgsrc.org>2005-01-12 02:30:09 +0000
commit335167a6539abb1939bb198797e8988faca783bf (patch)
tree016461519a9031dd6a35965c49ba76593d1ce413 /security
parent8be448e95e18db9d0bea990c1e42f9423bf514e1 (diff)
downloadpkgsrc-335167a6539abb1939bb198797e8988faca783bf.tar.gz
Make this build on NetBSD -current which uses OpenPAM (should fix the
build with FreeBSD too). Patch stolen from FreeBSD/ports.
Diffstat (limited to 'security')
-rw-r--r--security/pam-ldap/distinfo3
-rw-r--r--security/pam-ldap/patches/patch-ab148
2 files changed, 150 insertions, 1 deletions
diff --git a/security/pam-ldap/distinfo b/security/pam-ldap/distinfo
index ec6cc80d06e..52b81e17db2 100644
--- a/security/pam-ldap/distinfo
+++ b/security/pam-ldap/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.5 2004/11/19 19:08:43 jlam Exp $
+$NetBSD: distinfo,v 1.6 2005/01/12 02:30:09 xtraeme Exp $
SHA1 (pam_ldap-176.tar.gz) = 44dcbe0b8f0e458d1d86023e5722c2cb7359ef5a
Size (pam_ldap-176.tar.gz) = 121531 bytes
SHA1 (patch-aa) = 16c78741ddc11de08457fc19faec92a674550050
+SHA1 (patch-ab) = 42162879090b8b722d2494566bd03f2918c42930
diff --git a/security/pam-ldap/patches/patch-ab b/security/pam-ldap/patches/patch-ab
new file mode 100644
index 00000000000..f1d590bcbe0
--- /dev/null
+++ b/security/pam-ldap/patches/patch-ab
@@ -0,0 +1,148 @@
+$NetBSD: patch-ab,v 1.5 2005/01/12 02:30:09 xtraeme Exp $
+
+--- pam_ldap.c.orig Sun Oct 31 02:42:54 2004
++++ pam_ldap.c Sun Oct 31 02:48:03 2004
+@@ -131,12 +131,7 @@
+ #include "pam_ldap.h"
+ #include "md5.h"
+
+-#if defined(HAVE_SECURITY_PAM_MISC_H) || defined(HAVE_PAM_PAM_MISC_H)
+- /* FIXME: is there something better to check? */
+ #define CONST_ARG const
+-#else
+-#define CONST_ARG
+-#endif
+
+ #ifndef HAVE_LDAP_MEMFREE
+ #define ldap_memfree(x) free(x)
+@@ -3137,7 +3132,7 @@
+ int rc;
+ const char *username;
+ char *p;
+- int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0;
++ int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0, migrate = 0;
+ int i;
+ pam_ldap_session_t *session = NULL;
+ const char *configFile = NULL;
+@@ -3158,6 +3153,8 @@
+ ;
+ else if (!strcmp (argv[i], "debug"))
+ ;
++ else if (!strcmp (argv[i], "migrate"))
++ migrate = 1;
+ else
+ syslog (LOG_ERR, "illegal option %s", argv[i]);
+ }
+@@ -3171,6 +3168,22 @@
+ return rc;
+
+ rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p);
++ /* start of migrate facility in "pam_ldap authentication" */
++ if (migrate==1 && rc==PAM_SUCCESS)
++ {
++ /* check if specified username exists in LDAP */
++ if (_get_user_info(session,username)==PAM_SUCCESS)
++ {
++ /*
++ overwrite old LDAP userPassword with a new password
++ obtained during pam authentication process
++ - rootbinddn and ldap.secret must be set
++ */
++ rc=_update_authtok(pamh,session,username,NULL,p);
++ return PAM_IGNORE;
++ }
++ }
++ /* end of migrate facility in "pam_ldap authentication" */
+ if (rc == PAM_SUCCESS && (use_first_pass || try_first_pass))
+ {
+ rc = _do_authentication (pamh, session, username, p);
+@@ -3419,11 +3432,11 @@
+ {
+ _conv_sendmsg (appconv, "Password change aborted",
+ PAM_ERROR_MSG, no_warn);
+-#ifdef PAM_AUTHTOK_RECOVERY_ERR
+- return PAM_AUTHTOK_RECOVERY_ERR;
+-#else
++#ifdef PAM_AUTHTOK_RECOVER_ERR
+ return PAM_AUTHTOK_RECOVER_ERR;
+-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
++#else
++ return PAM_AUTHTOK_RECOVERY_ERR;
++#endif
+ }
+ else
+ {
+@@ -3437,7 +3450,7 @@
+ if (curpass == NULL)
+ return PAM_MAXTRIES; /* maximum tries exceeded */
+ else
+- pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) curpass);
++ pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) strdup(curpass));
+ }
+ else
+ {
+@@ -3465,11 +3478,11 @@
+ syslog (LOG_ERR,
+ "pam_ldap: error getting old authentication token (%s)",
+ pam_strerror (pamh, rc));
+-#ifdef PAM_AUTHTOK_RECOVERY_ERR
+- return PAM_AUTHTOK_RECOVERY_ERR;
+-#else
++#ifdef PAM_AUTHTOK_RECOVER_ERR
+ return PAM_AUTHTOK_RECOVER_ERR;
+-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
++#else
++ return PAM_AUTHTOK_RECOVERY_ERR;
++#endif /* PAM_AUTHTOK_RECOVER_ERR */
+ }
+
+ if (try_first_pass || use_first_pass)
+@@ -3479,11 +3492,11 @@
+ newpass = NULL;
+
+ if (use_first_pass && newpass == NULL)
+-#ifdef PAM_AUTHTOK_RECOVERY_ERR
+- return PAM_AUTHTOK_RECOVERY_ERR;
+-#else
++#ifdef PAM_AUTHTOK_RECOVER_ERR
+ return PAM_AUTHTOK_RECOVER_ERR;
+-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
++#else
++ return PAM_AUTHTOK_RECOVERY_ERR;
++#endif /* PAM_AUTHTOK_RECOVER_ERR */
+ }
+
+ tries = 0;
+@@ -3533,11 +3546,11 @@
+ }
+ else
+ {
+-#ifdef PAM_AUTHTOK_RECOVERY_ERR
+- return PAM_AUTHTOK_RECOVERY_ERR;
+-#else
++#ifdef PAM_AUTHTOK_RECOVER_ERR
+ return PAM_AUTHTOK_RECOVER_ERR;
+-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
++#else
++ return PAM_AUTHTOK_RECOVERY_ERR;
++#endif /* PAM_AUTHTOK_RECOVER_ERR */
+ }
+
+ if (cmiscptr == NULL)
+@@ -3569,11 +3582,11 @@
+ {
+ _conv_sendmsg (appconv, "Password change aborted",
+ PAM_ERROR_MSG, no_warn);
+-#ifdef PAM_AUTHTOK_RECOVERY_ERR
+- return PAM_AUTHTOK_RECOVERY_ERR;
+-#else
++#ifdef PAM_AUTHTOK_RECOVER_ERR
+ return PAM_AUTHTOK_RECOVER_ERR;
+-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
++#else
++ return PAM_AUTHTOK_RECOVERY_ERR;
++#endif /* PAM_AUTHTOK_RECOVER_ERR */
+ }
+ }
+ else if (!strcmp (newpass, miscptr))
+