pkgsrc/security/pam-ldap/patches/patch-ab

$NetBSD: patch-ab,v 1.9 2010/11/16 09:53:50 adam Exp $

--- pam_ldap.c.orig	2010-11-08 00:58:44.000000000 +0000
+++ pam_ldap.c
@@ -3411,7 +3411,7 @@ pam_sm_authenticate (pam_handle_t * pamh
   int rc;
   const char *username;
   char *p;
-  int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0;
+  int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0, migrate = 0;
   int i;
   pam_ldap_session_t *session = NULL;
   const char *configFile = NULL;
@@ -3432,6 +3432,8 @@ pam_sm_authenticate (pam_handle_t * pamh
 	;
       else if (!strcmp (argv[i], "debug"))
 	;
+      else if (!strcmp (argv[i], "migrate"))
+        migrate = 1;
       else
 	syslog (LOG_ERR, "illegal option %s", argv[i]);
     }
@@ -3445,6 +3447,22 @@ pam_sm_authenticate (pam_handle_t * pamh
     return rc;
 
   rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p);
+  /* start of migrate facility in "pam_ldap authentication" */
+  if (migrate==1 && rc==PAM_SUCCESS)
+    {
+      /* check if specified username exists in LDAP */
+      if (_get_user_info(session,username)==PAM_SUCCESS)
+        {
+          /*
+             overwrite old LDAP userPassword with a new password
+             obtained during pam authentication process
+             - rootbinddn and ldap.secret must be set
+          */
+          rc=_update_authtok(pamh,session,username,NULL,p);
+          return PAM_IGNORE;
+        }
+    }
+  /* end of migrate facility in "pam_ldap authentication" */
   if (rc == PAM_SUCCESS && (use_first_pass || try_first_pass))
     {
       rc = _do_authentication (pamh, session, username, p);
@@ -3721,7 +3739,7 @@ pam_sm_chauthtok (pam_handle_t * pamh, i
 	  if (curpass == NULL)
 	    return PAM_MAXTRIES;	/* maximum tries exceeded */
 	  else
-	    pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) curpass);
+	    pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) strdup(curpass));
 	}
       else
 	{
Changes 186: * fix for BUG-424: build fails on Darwin 2010-11-16 10:53:50 +01:00			$NetBSD: patch-ab,v 1.9 2010/11/16 09:53:50 adam Exp $
Make this build on NetBSD -current which uses OpenPAM (should fix the build with FreeBSD too). Patch stolen from FreeBSD/ports. 2005-01-12 03:30:09 +01:00
Changes 186: * fix for BUG-424: build fails on Darwin 2010-11-16 10:53:50 +01:00			`--- pam_ldap.c.orig 2010-11-08 00:58:44.000000000 +0000`
Changes 184: * fix for BUG 312: pam_ldap does not try to reconnect when LDAP server closed the connection 2007-11-27 09:27:06 +01:00			`+++ pam_ldap.c`
Changes 186: * fix for BUG-424: build fails on Darwin 2010-11-16 10:53:50 +01:00			`@@ -3411,7 +3411,7 @@ pam_sm_authenticate (pam_handle_t * pamh`
Make this build on NetBSD -current which uses OpenPAM (should fix the build with FreeBSD too). Patch stolen from FreeBSD/ports. 2005-01-12 03:30:09 +01:00			`int rc;`
			`const char *username;`
			`char *p;`
			`- int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0;`
			`+ int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0, migrate = 0;`
			`int i;`
			`pam_ldap_session_t *session = NULL;`
			`const char *configFile = NULL;`
Changes 186: * fix for BUG-424: build fails on Darwin 2010-11-16 10:53:50 +01:00			`@@ -3432,6 +3432,8 @@ pam_sm_authenticate (pam_handle_t * pamh`
Make this build on NetBSD -current which uses OpenPAM (should fix the build with FreeBSD too). Patch stolen from FreeBSD/ports. 2005-01-12 03:30:09 +01:00			`;`
			`else if (!strcmp (argv[i], "debug"))`
			`;`
			`+ else if (!strcmp (argv[i], "migrate"))`
			`+ migrate = 1;`
			`else`
			`syslog (LOG_ERR, "illegal option %s", argv[i]);`
			`}`
Changes 186: * fix for BUG-424: build fails on Darwin 2010-11-16 10:53:50 +01:00			`@@ -3445,6 +3447,22 @@ pam_sm_authenticate (pam_handle_t * pamh`
Make this build on NetBSD -current which uses OpenPAM (should fix the build with FreeBSD too). Patch stolen from FreeBSD/ports. 2005-01-12 03:30:09 +01:00			`return rc;`

			`rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p);`
			`+ /* start of migrate facility in "pam_ldap authentication" */`
			`+ if (migrate==1 && rc==PAM_SUCCESS)`
			`+ {`
			`+ /* check if specified username exists in LDAP */`
			`+ if (_get_user_info(session,username)==PAM_SUCCESS)`
			`+ {`
			`+ /*`
			`+ overwrite old LDAP userPassword with a new password`
			`+ obtained during pam authentication process`
			`+ - rootbinddn and ldap.secret must be set`
			`+ */`
			`+ rc=_update_authtok(pamh,session,username,NULL,p);`
			`+ return PAM_IGNORE;`
			`+ }`
			`+ }`
			`+ /* end of migrate facility in "pam_ldap authentication" */`
			`if (rc == PAM_SUCCESS && (use_first_pass \|\| try_first_pass))`
			`{`
			`rc = _do_authentication (pamh, session, username, p);`
Changes 186: * fix for BUG-424: build fails on Darwin 2010-11-16 10:53:50 +01:00			`@@ -3721,7 +3739,7 @@ pam_sm_chauthtok (pam_handle_t * pamh, i`
Make this build on NetBSD -current which uses OpenPAM (should fix the build with FreeBSD too). Patch stolen from FreeBSD/ports. 2005-01-12 03:30:09 +01:00			`if (curpass == NULL)`
			`return PAM_MAXTRIES; /* maximum tries exceeded */`
			`else`
			`- pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) curpass);`
			`+ pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) strdup(curpass));`
			`}`
			`else`
			`{`