diff options
| author | Konstantin Shalygin | 2016-05-29 17:27:55 +0600 |
|---|---|---|
| committer | Konstantin Shalygin | 2016-05-29 17:27:55 +0600 |
| commit | 9ddf02d421ce204e23c3873d7213044d7423acd3 (patch) | |
| tree | e96d4c70fa5cc0848da22f9f49ba17abd207a5c6 /auth-ldap-2.0.3-STARTTLS_before_auth.patch | |
| parent | c69c55c28b1dc3628c8c0b69a860d8ab03a67018 (diff) | |
| download | aur-9ddf02d421ce204e23c3873d7213044d7423acd3.tar.gz | |
Make up for work in real life. From 2007 to 2016
Diffstat (limited to 'auth-ldap-2.0.3-STARTTLS_before_auth.patch')
| -rw-r--r-- | auth-ldap-2.0.3-STARTTLS_before_auth.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/auth-ldap-2.0.3-STARTTLS_before_auth.patch b/auth-ldap-2.0.3-STARTTLS_before_auth.patch new file mode 100644 index 000000000000..32f00d4f0d79 --- /dev/null +++ b/auth-ldap-2.0.3-STARTTLS_before_auth.patch @@ -0,0 +1,52 @@ +Description: Run STARTTLS *before* sending auth data + Avoid sending authentication data in clear if STARTTLS is available. +Author: Andre Pawlowski <sqall@h4des.org> +Bug: http://code.google.com/p/openvpn-auth-ldap/issues/detail?id=28 +Bug-Debian: http://bugs.debian.org/610339 +Forwarded: http://code.google.com/p/openvpn-auth-ldap/issues/detail?id=28 +Reviewed-By: Alberto Gonzalez Iniesta <agi@inittab.org> +Last-Update: 2012-02-20 + +Index: openvpn-auth-ldap/src/auth-ldap.m +=================================================================== +--- openvpn-auth-ldap.orig/src/auth-ldap.m 2014-07-25 12:48:50.067688930 +0200 ++++ openvpn-auth-ldap/src/auth-ldap.m 2014-07-25 12:48:50.063688930 +0200 +@@ -307,21 +307,13 @@ + goto error; + } + +- /* Bind if requested */ +- if ([config bindDN]) { +- if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) { +- [TRLog error: "Unable to bind as %s", [[config bindDN] cString]]; +- goto error; +- } +- } +- + /* Certificate file */ +- if ((value = [config tlsCACertFile])) ++ if ((value = [config tlsCACertFile])) + if (![ldap setTLSCACertFile: value]) + goto error; + + /* Certificate directory */ +- if ((value = [config tlsCACertDir])) ++ if ((value = [config tlsCACertDir])) + if (![ldap setTLSCACertDir: value]) + goto error; + +@@ -340,6 +332,14 @@ + if (![ldap startTLS]) + goto error; + ++ /* Bind if requested */ ++ if ([config bindDN]) { ++ if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) { ++ [TRLog error: "Unable to bind as %s", [[config bindDN] cString]]; ++ goto error; ++ } ++ } ++ + return ldap; + + error: |