kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/security/pam-ldap/patches/patch-ab
xtraeme 335167a653 Make this build on NetBSD -current which uses OpenPAM (should fix the 
build with FreeBSD too). Patch stolen from FreeBSD/ports.
2005-01-12 02:30:09 +00:00

148 lines
4 KiB
Text
Raw Blame History

$NetBSD: patch-ab,v 1.5 2005/01/12 02:30:09 xtraeme Exp $
--- pam_ldap.c.orig Sun Oct 31 02:42:54 2004
+++ pam_ldap.c Sun Oct 31 02:48:03 2004
@@ -131,12 +131,7 @@
#include "pam_ldap.h"
#include "md5.h"
-#if defined(HAVE_SECURITY_PAM_MISC_H) || defined(HAVE_PAM_PAM_MISC_H)
- /* FIXME: is there something better to check? */
#define CONST_ARG const
-#else
-#define CONST_ARG
-#endif
#ifndef HAVE_LDAP_MEMFREE
#define ldap_memfree(x) free(x)
@@ -3137,7 +3132,7 @@
int rc;
const char *username;
char *p;
- int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0;
+ int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0, migrate = 0;
int i;
pam_ldap_session_t *session = NULL;
const char *configFile = NULL;
@@ -3158,6 +3153,8 @@
;
else if (!strcmp (argv[i], "debug"))
;
+ else if (!strcmp (argv[i], "migrate"))
+ migrate = 1;
else
syslog (LOG_ERR, "illegal option %s", argv[i]);
}
@@ -3171,6 +3168,22 @@
return rc;
rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p);
+ /* start of migrate facility in "pam_ldap authentication" */
+ if (migrate==1 && rc==PAM_SUCCESS)
+ {
+ /* check if specified username exists in LDAP */
+ if (_get_user_info(session,username)==PAM_SUCCESS)
+ {
+ /*
+ overwrite old LDAP userPassword with a new password
+ obtained during pam authentication process
+ - rootbinddn and ldap.secret must be set
+ */
+ rc=_update_authtok(pamh,session,username,NULL,p);
+ return PAM_IGNORE;
+ }
+ }
+ /* end of migrate facility in "pam_ldap authentication" */
if (rc == PAM_SUCCESS && (use_first_pass || try_first_pass))
{
rc = _do_authentication (pamh, session, username, p);
@@ -3419,11 +3432,11 @@
{
_conv_sendmsg (appconv, "Password change aborted",
PAM_ERROR_MSG, no_warn);
-#ifdef PAM_AUTHTOK_RECOVERY_ERR
- return PAM_AUTHTOK_RECOVERY_ERR;
-#else
+#ifdef PAM_AUTHTOK_RECOVER_ERR
return PAM_AUTHTOK_RECOVER_ERR;
-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
+#else
+ return PAM_AUTHTOK_RECOVERY_ERR;
+#endif
}
else
{
@@ -3437,7 +3450,7 @@
if (curpass == NULL)
return PAM_MAXTRIES; /* maximum tries exceeded */
else
- pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) curpass);
+ pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) strdup(curpass));
}
else
{
@@ -3465,11 +3478,11 @@
syslog (LOG_ERR,
"pam_ldap: error getting old authentication token (%s)",
pam_strerror (pamh, rc));
-#ifdef PAM_AUTHTOK_RECOVERY_ERR
- return PAM_AUTHTOK_RECOVERY_ERR;
-#else
+#ifdef PAM_AUTHTOK_RECOVER_ERR
return PAM_AUTHTOK_RECOVER_ERR;
-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
+#else
+ return PAM_AUTHTOK_RECOVERY_ERR;
+#endif /* PAM_AUTHTOK_RECOVER_ERR */
}
if (try_first_pass || use_first_pass)
@@ -3479,11 +3492,11 @@
newpass = NULL;
if (use_first_pass && newpass == NULL)
-#ifdef PAM_AUTHTOK_RECOVERY_ERR
- return PAM_AUTHTOK_RECOVERY_ERR;
-#else
+#ifdef PAM_AUTHTOK_RECOVER_ERR
return PAM_AUTHTOK_RECOVER_ERR;
-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
+#else
+ return PAM_AUTHTOK_RECOVERY_ERR;
+#endif /* PAM_AUTHTOK_RECOVER_ERR */
}
tries = 0;
@@ -3533,11 +3546,11 @@
}
else
{
-#ifdef PAM_AUTHTOK_RECOVERY_ERR
- return PAM_AUTHTOK_RECOVERY_ERR;
-#else
+#ifdef PAM_AUTHTOK_RECOVER_ERR
return PAM_AUTHTOK_RECOVER_ERR;
-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
+#else
+ return PAM_AUTHTOK_RECOVERY_ERR;
+#endif /* PAM_AUTHTOK_RECOVER_ERR */
}
if (cmiscptr == NULL)
@@ -3569,11 +3582,11 @@
{
_conv_sendmsg (appconv, "Password change aborted",
PAM_ERROR_MSG, no_warn);
-#ifdef PAM_AUTHTOK_RECOVERY_ERR
- return PAM_AUTHTOK_RECOVERY_ERR;
-#else
+#ifdef PAM_AUTHTOK_RECOVER_ERR
return PAM_AUTHTOK_RECOVER_ERR;
-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
+#else
+ return PAM_AUTHTOK_RECOVERY_ERR;
+#endif /* PAM_AUTHTOK_RECOVER_ERR */
}
}
else if (!strcmp (newpass, miscptr))
Reference in a new issue View git blame Copy permalink