diff options
author | xtraeme <xtraeme@pkgsrc.org> | 2005-01-12 02:30:09 +0000 |
---|---|---|
committer | xtraeme <xtraeme@pkgsrc.org> | 2005-01-12 02:30:09 +0000 |
commit | 335167a6539abb1939bb198797e8988faca783bf (patch) | |
tree | 016461519a9031dd6a35965c49ba76593d1ce413 /security | |
parent | 8be448e95e18db9d0bea990c1e42f9423bf514e1 (diff) | |
download | pkgsrc-335167a6539abb1939bb198797e8988faca783bf.tar.gz |
Make this build on NetBSD -current which uses OpenPAM (should fix the
build with FreeBSD too). Patch stolen from FreeBSD/ports.
Diffstat (limited to 'security')
-rw-r--r-- | security/pam-ldap/distinfo | 3 | ||||
-rw-r--r-- | security/pam-ldap/patches/patch-ab | 148 |
2 files changed, 150 insertions, 1 deletions
diff --git a/security/pam-ldap/distinfo b/security/pam-ldap/distinfo index ec6cc80d06e..52b81e17db2 100644 --- a/security/pam-ldap/distinfo +++ b/security/pam-ldap/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.5 2004/11/19 19:08:43 jlam Exp $ +$NetBSD: distinfo,v 1.6 2005/01/12 02:30:09 xtraeme Exp $ SHA1 (pam_ldap-176.tar.gz) = 44dcbe0b8f0e458d1d86023e5722c2cb7359ef5a Size (pam_ldap-176.tar.gz) = 121531 bytes SHA1 (patch-aa) = 16c78741ddc11de08457fc19faec92a674550050 +SHA1 (patch-ab) = 42162879090b8b722d2494566bd03f2918c42930 diff --git a/security/pam-ldap/patches/patch-ab b/security/pam-ldap/patches/patch-ab new file mode 100644 index 00000000000..f1d590bcbe0 --- /dev/null +++ b/security/pam-ldap/patches/patch-ab @@ -0,0 +1,148 @@ +$NetBSD: patch-ab,v 1.5 2005/01/12 02:30:09 xtraeme Exp $ + +--- pam_ldap.c.orig Sun Oct 31 02:42:54 2004 ++++ pam_ldap.c Sun Oct 31 02:48:03 2004 +@@ -131,12 +131,7 @@ + #include "pam_ldap.h" + #include "md5.h" + +-#if defined(HAVE_SECURITY_PAM_MISC_H) || defined(HAVE_PAM_PAM_MISC_H) +- /* FIXME: is there something better to check? */ + #define CONST_ARG const +-#else +-#define CONST_ARG +-#endif + + #ifndef HAVE_LDAP_MEMFREE + #define ldap_memfree(x) free(x) +@@ -3137,7 +3132,7 @@ + int rc; + const char *username; + char *p; +- int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0; ++ int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0, migrate = 0; + int i; + pam_ldap_session_t *session = NULL; + const char *configFile = NULL; +@@ -3158,6 +3153,8 @@ + ; + else if (!strcmp (argv[i], "debug")) + ; ++ else if (!strcmp (argv[i], "migrate")) ++ migrate = 1; + else + syslog (LOG_ERR, "illegal option %s", argv[i]); + } +@@ -3171,6 +3168,22 @@ + return rc; + + rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p); ++ /* start of migrate facility in "pam_ldap authentication" */ ++ if (migrate==1 && rc==PAM_SUCCESS) ++ { ++ /* check if specified username exists in LDAP */ ++ if (_get_user_info(session,username)==PAM_SUCCESS) ++ { ++ /* ++ overwrite old LDAP userPassword with a new password ++ obtained during pam authentication process ++ - rootbinddn and ldap.secret must be set ++ */ ++ rc=_update_authtok(pamh,session,username,NULL,p); ++ return PAM_IGNORE; ++ } ++ } ++ /* end of migrate facility in "pam_ldap authentication" */ + if (rc == PAM_SUCCESS && (use_first_pass || try_first_pass)) + { + rc = _do_authentication (pamh, session, username, p); +@@ -3419,11 +3432,11 @@ + { + _conv_sendmsg (appconv, "Password change aborted", + PAM_ERROR_MSG, no_warn); +-#ifdef PAM_AUTHTOK_RECOVERY_ERR +- return PAM_AUTHTOK_RECOVERY_ERR; +-#else ++#ifdef PAM_AUTHTOK_RECOVER_ERR + return PAM_AUTHTOK_RECOVER_ERR; +-#endif /* PAM_AUTHTOK_RECOVERY_ERR */ ++#else ++ return PAM_AUTHTOK_RECOVERY_ERR; ++#endif + } + else + { +@@ -3437,7 +3450,7 @@ + if (curpass == NULL) + return PAM_MAXTRIES; /* maximum tries exceeded */ + else +- pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) curpass); ++ pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) strdup(curpass)); + } + else + { +@@ -3465,11 +3478,11 @@ + syslog (LOG_ERR, + "pam_ldap: error getting old authentication token (%s)", + pam_strerror (pamh, rc)); +-#ifdef PAM_AUTHTOK_RECOVERY_ERR +- return PAM_AUTHTOK_RECOVERY_ERR; +-#else ++#ifdef PAM_AUTHTOK_RECOVER_ERR + return PAM_AUTHTOK_RECOVER_ERR; +-#endif /* PAM_AUTHTOK_RECOVERY_ERR */ ++#else ++ return PAM_AUTHTOK_RECOVERY_ERR; ++#endif /* PAM_AUTHTOK_RECOVER_ERR */ + } + + if (try_first_pass || use_first_pass) +@@ -3479,11 +3492,11 @@ + newpass = NULL; + + if (use_first_pass && newpass == NULL) +-#ifdef PAM_AUTHTOK_RECOVERY_ERR +- return PAM_AUTHTOK_RECOVERY_ERR; +-#else ++#ifdef PAM_AUTHTOK_RECOVER_ERR + return PAM_AUTHTOK_RECOVER_ERR; +-#endif /* PAM_AUTHTOK_RECOVERY_ERR */ ++#else ++ return PAM_AUTHTOK_RECOVERY_ERR; ++#endif /* PAM_AUTHTOK_RECOVER_ERR */ + } + + tries = 0; +@@ -3533,11 +3546,11 @@ + } + else + { +-#ifdef PAM_AUTHTOK_RECOVERY_ERR +- return PAM_AUTHTOK_RECOVERY_ERR; +-#else ++#ifdef PAM_AUTHTOK_RECOVER_ERR + return PAM_AUTHTOK_RECOVER_ERR; +-#endif /* PAM_AUTHTOK_RECOVERY_ERR */ ++#else ++ return PAM_AUTHTOK_RECOVERY_ERR; ++#endif /* PAM_AUTHTOK_RECOVER_ERR */ + } + + if (cmiscptr == NULL) +@@ -3569,11 +3582,11 @@ + { + _conv_sendmsg (appconv, "Password change aborted", + PAM_ERROR_MSG, no_warn); +-#ifdef PAM_AUTHTOK_RECOVERY_ERR +- return PAM_AUTHTOK_RECOVERY_ERR; +-#else ++#ifdef PAM_AUTHTOK_RECOVER_ERR + return PAM_AUTHTOK_RECOVER_ERR; +-#endif /* PAM_AUTHTOK_RECOVERY_ERR */ ++#else ++ return PAM_AUTHTOK_RECOVERY_ERR; ++#endif /* PAM_AUTHTOK_RECOVER_ERR */ + } + } + else if (!strcmp (newpass, miscptr)) + |