OpenSDE
/
package-nopast
3
0
Fork 0
Code Issues 9 Projects 1 Releases Activity
OpenSDE Packages Database (without history before r20070)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8236 Commits
49 Branches
0 Tags
34 MiB
Tree: fd9fba9642
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fd9fba9642'
${ noResults }
package-nopast/network/pam_ldap/pam_ldap-178-nonDNmember.patch

66 lines
2.4 KiB
Raw Normal View History

Regenerated copyright notes broadly, without renewing them.
17 years ago
* relocated current package database to the trunk of the package sub-project git-svn-id: svn://svn.opensde.net/opensde/package/trunk@20072 10447126-35f2-4685-b0cf-6dd780d3921f
18 years ago
Regenerated copyright notes broadly, without renewing them.
17 years ago
* relocated current package database to the trunk of the package sub-project git-svn-id: svn://svn.opensde.net/opensde/package/trunk@20072 10447126-35f2-4685-b0cf-6dd780d3921f
18 years ago
Regenerated copyright notes broadly, without renewing them.
17 years ago
* relocated current package database to the trunk of the package sub-project git-svn-id: svn://svn.opensde.net/opensde/package/trunk@20072 10447126-35f2-4685-b0cf-6dd780d3921f
18 years ago
Regenerated copyright notes broadly, without renewing them.
17 years ago
* relocated current package database to the trunk of the package sub-project git-svn-id: svn://svn.opensde.net/opensde/package/trunk@20072 10447126-35f2-4685-b0cf-6dd780d3921f
18 years ago
Regenerated copyright notes broadly, without renewing them.
17 years ago
* relocated current package database to the trunk of the package sub-project git-svn-id: svn://svn.opensde.net/opensde/package/trunk@20072 10447126-35f2-4685-b0cf-6dd780d3921f
18 years ago
  1. # --- SDE-COPYRIGHT-NOTE-BEGIN ---
  2. # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
  3. #
  4. # Filename: package/.../pam_ldap/pam_ldap-178-nonDNmember.patch
  5. # Copyright (C) 2004 - 2006 The T2 SDE Project
  6. #
  7. # More information can be found in the files COPYING and README.
  8. #
  9. # This patch file is dual-licensed. It is available under the license the
  10. # patched project is licensed under, as long as it is an OpenSource license
  11. # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
  12. # of the GNU General Public License as published by the Free Software
  13. # Foundation; either version 2 of the License, or (at your option) any later
  14. # version.
  15. # --- SDE-COPYRIGHT-NOTE-END ---
  16. ## pam_ldap-178-nonDNmember.patch by Peter Marschall <peter@adpm.de>
  17. ##
  18. ## DP: search for group members with non-DN attribute username
  19. ## DP: after searching for DN-valued attribute failed
  21. --- ./pam_ldap.c
  22. +++ ./pam_ldap.c 2005-03-28 11:44:52.939314905 +0200
  23. @@ -3871,15 +3871,39 @@
  24. rc = ldap_compare_s (session->ld,
  25. session->conf->groupdn,
  26. session->conf->groupattr, session->info->userdn);
  27. - if (rc != LDAP_COMPARE_TRUE)
  28. +
  29. + if (rc == LDAP_COMPARE_FALSE)
  30. + {
  31. +#ifndef NO_2ND_CHANCE
  32. + /* 2nd chance: compare group membership based on non-DN attributes */
  33. + rc = ldap_compare_s (session->ld,
  34. + session->conf->groupdn,
  35. + session->conf->groupattr, username);
  36. +#endif /* NO_2ND_CHANCE */
  37. +
  38. + if (rc != LDAP_COMPARE_TRUE)
  39. + {
  40. + snprintf (buf, sizeof buf, "You must be a %s of %s to login.",
  41. + session->conf->groupattr, session->conf->groupdn);
  42. + _conv_sendmsg (appconv, buf, PAM_ERROR_MSG, no_warn);
  43. +
  44. + /* return error in case of failure, denied in case of no membership */
  45. + return (rc == LDAP_COMPARE_FALSE) ? PAM_PERM_DENIED : PAM_AUTH_ERR;
  46. + }
  47. + }
  48. + else if (rc == LDAP_COMPARE_TRUE)
  49. + {
  50. + rc = success;
  51. + }
  52. + else
  53. {
  54. snprintf (buf, sizeof buf, "You must be a %s of %s to login.",
  55. session->conf->groupattr, session->conf->groupdn);
  56. _conv_sendmsg (appconv, buf, PAM_ERROR_MSG, no_warn);
  57. - return PAM_PERM_DENIED;
  58. +
  59. + /* return error in case of failure, denied in case of no membership */
  60. + return (rc == LDAP_COMPARE_FALSE) ? PAM_PERM_DENIED : PAM_AUTH_ERR;
  61. }
  62. - else
  63. - rc = success;
  64. }
  66. if (rc == success && session->conf->checkserviceattr)