diff options
-rw-r--r-- | .SRCINFO | 29 | ||||
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | PKGBUILD | 61 | ||||
-rw-r--r-- | auth-ldap-2.0.3-README.patch | 38 | ||||
-rw-r--r-- | auth-ldap-2.0.3-STARTTLS_before_auth.patch | 52 | ||||
-rw-r--r-- | auth-ldap-2.0.3-gnustep.patch | 201 | ||||
-rw-r--r-- | auth-ldap-2.0.3-remoteAddress.patch | 38 | ||||
-rw-r--r-- | auth-ldap-2.0.3-rfc2307.patch | 273 | ||||
-rw-r--r-- | auth-ldap-2.0.3-tools-CFLAGS.patch | 11 |
9 files changed, 33 insertions, 672 deletions
@@ -1,36 +1,23 @@ # Generated by mksrcinfo v8 -# Sun May 29 11:27:25 UTC 2016 +# Wed Feb 6 06:46:31 UTC 2019 pkgbase = openvpn-auth-ldap pkgdesc = OpenVPN Auth via LDAP/AD plugin. RFC2307 support. pkgver = 2.0.3 - pkgrel = 5 + pkgrel = 6 url = https://github.com/threerings/openvpn-auth-ldap arch = any license = BSD makedepends = gcc-objc - makedepends = gnustep-base makedepends = re2c makedepends = doxygen - makedepends = autoconf - makedepends = libldap + makedepends = git depends = openvpn - depends = gnustep-base depends = libldap - backup = etc/openvpn/auth-ldap.conf - source = openvpn-auth-ldap.tar.gz::https://github.com/threerings/openvpn-auth-ldap/archive/auth-ldap-2.0.3.tar.gz - source = auth-ldap-2.0.3-STARTTLS_before_auth.patch - source = auth-ldap-2.0.3-README.patch - source = auth-ldap-2.0.3-tools-CFLAGS.patch - source = auth-ldap-2.0.3-gnustep.patch - source = auth-ldap-2.0.3-remoteAddress.patch - source = auth-ldap-2.0.3-rfc2307.patch - sha256sums = 3bafd6733513d8d824cfc84e308dfa91b2ed021b67892fc7488962cb9f94d283 - sha256sums = a04bf0e2bbdc364a61df0521fc44ec58550e40a363fdb0fa7b1f666386dfa291 - sha256sums = c82a36fa3242ff6f6e4ee6aedbe85ad557f4ea56b2f91ba0cb72672bf08d8b73 - sha256sums = 40d463bcd50995edd4b052ce4a3c88243b1602214b5df7c60fd0b83418f92371 - sha256sums = a67f846c6ad4a06fc2b48656a16067094ad903e5afa73736a6f865459a8055a9 - sha256sums = 7e2a68566f8cf056ee0977245789ccda7d0155165711da16e33da46a8a07f9cb - sha256sums = ba7b00697baaebab9bf303bc5fd84f8da355115fa94ceb9884bc1c5c24aca4c0 + depends = libsasl + depends = openssl + backup = etc/openvpn/server/auth-ldap.conf + source = openvpn-auth-ldap::git+https://github.com/threerings/openvpn-auth-ldap + sha256sums = SKIP pkgname = openvpn-auth-ldap diff --git a/.gitignore b/.gitignore index 8b0760615c8b..287a63222115 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ pkg/* src/* *.tar.* -ipt_ndpi/* +openvpn-auth-ldap/* @@ -1,57 +1,44 @@ # Maintainer: Shalygin Konstantin <k0ste@k0ste.ru> # Contributor: Shalygin Konstantin <k0ste@k0ste.ru> -_ldap='auth-ldap' pkgname='openvpn-auth-ldap' pkgver='2.0.3' -pkgrel='5' +pkgrel='6' pkgdesc='OpenVPN Auth via LDAP/AD plugin. RFC2307 support.' arch=('any') -url='https://github.com/threerings/openvpn-auth-ldap' +url="https://github.com/threerings/${pkgname}" license=('BSD') -depends=('openvpn' 'gnustep-base' 'libldap') -makedepends=('gcc-objc' 'gnustep-base' 're2c' 'doxygen' 'autoconf' 'libldap') -source=("${pkgname}.tar.gz::${url}/archive/${_ldap}-${pkgver}.tar.gz" - "auth-ldap-2.0.3-STARTTLS_before_auth.patch" - "auth-ldap-2.0.3-README.patch" - "auth-ldap-2.0.3-tools-CFLAGS.patch" - "auth-ldap-2.0.3-gnustep.patch" - "auth-ldap-2.0.3-remoteAddress.patch" - "auth-ldap-2.0.3-rfc2307.patch") -sha256sums=('3bafd6733513d8d824cfc84e308dfa91b2ed021b67892fc7488962cb9f94d283' - 'a04bf0e2bbdc364a61df0521fc44ec58550e40a363fdb0fa7b1f666386dfa291' - 'c82a36fa3242ff6f6e4ee6aedbe85ad557f4ea56b2f91ba0cb72672bf08d8b73' - '40d463bcd50995edd4b052ce4a3c88243b1602214b5df7c60fd0b83418f92371' - 'a67f846c6ad4a06fc2b48656a16067094ad903e5afa73736a6f865459a8055a9' - '7e2a68566f8cf056ee0977245789ccda7d0155165711da16e33da46a8a07f9cb' - 'ba7b00697baaebab9bf303bc5fd84f8da355115fa94ceb9884bc1c5c24aca4c0') -backup=("etc/openvpn/auth-ldap.conf") +depends=('openvpn' 'libldap' 'libsasl' 'openssl') +source=("${pkgname}::git+${url}") +makedepends=('gcc-objc' 're2c' 'doxygen' 'git') +sha256sums=('SKIP') +backup=("etc/openvpn/server/auth-ldap.conf") +_gcc_objc_path="`pacman -Ql gcc-objc | gawk 'match($0, /^gcc-objc\s(\/usr\/lib\/(.*)-gnu\/[0-9.]+\/include\/)$/, a) {print a[1]}'`" prepare() { - cd "${srcdir}/${pkgname}-${_ldap}-${pkgver}" - - patch -p1 -i "${srcdir}/auth-ldap-2.0.3-STARTTLS_before_auth.patch" - patch -p1 -i "${srcdir}/auth-ldap-2.0.3-README.patch" - patch -p1 -i "${srcdir}/auth-ldap-2.0.3-tools-CFLAGS.patch" - patch -p0 -i "${srcdir}/auth-ldap-2.0.3-gnustep.patch" - patch -p1 -i "${srcdir}/auth-ldap-2.0.3-remoteAddress.patch" - patch -p1 -i "${srcdir}/auth-ldap-2.0.3-rfc2307.patch" - - autoreconf + cd "${srcdir}/${pkgname}" + sed -i 's|AC_CONFIG_SRCDIR(${srcdir}/src/auth-ldap.m)|AC_CONFIG_SRCDIR(src/auth-ldap.m)|g' configure.ac + autoreconf -fvi autoheader - ./configure \ - --prefix=/usr \ - --with-openvpn=/usr/include \ - --with-objc-runtime=modern + + OBJCFLAGS=-I${_gcc_objc_path} \ + ./configure \ + --with-openvpn="/usr/include/openvpn" \ + --with-objc-runtime="GNU" } build() { - cd "${srcdir}/${pkgname}-${_ldap}-${pkgver}" + cd "${srcdir}/${pkgname}" make } +check() { + cd "${srcdir}/${pkgname}" + make test +} + package() { - cd "${srcdir}/${pkgname}-${_ldap}-${pkgver}" + cd "${srcdir}/${pkgname}" install -Dm775 "src/${pkgname}.so" "${pkgdir}/usr/lib/openvpn/plugins/${pkgname}.so" - install -Dm400 "${_ldap}.conf" "${pkgdir}/etc/openvpn/${_ldap}.conf" + install -Dm400 "auth-ldap.conf" "${pkgdir}/etc/openvpn/server/auth-ldap.conf" } diff --git a/auth-ldap-2.0.3-README.patch b/auth-ldap-2.0.3-README.patch deleted file mode 100644 index 60b1e9d4b893..000000000000 --- a/auth-ldap-2.0.3-README.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -Naupr auth-ldap-2.0.3.orig/README auth-ldap-2.0.3/README ---- auth-ldap-2.0.3.orig/README 2006-07-27 03:42:06.000000000 +0200 -+++ auth-ldap-2.0.3/README 2007-06-21 11:34:26.000000000 +0200 -@@ -6,31 +6,11 @@ LDAP. - You may send patches, bug reports, and complaints to: - landonf@threerings.net - --REQUIREMENTS -- --* OpenLDAP Headers & Library --* GNU Objective-C Compiler --* OpenVPN Plugin Header (included with the OpenVPN sources) --* re2c (http://www.re2c.org) -- --BUILD -- --To build, you will need to configure the sources appropriately. Example: -- ./configure --prefix=/usr/local --with-openldap=/usr/local --with-openvpn=/usr/ports/security/openvpn/work/openvpn-2.0.2 -- --The module will be build in src/openvpn-auth-ldap.so and installed as --${prefix}/lib/openvpn-auth-ldap.so. -- - USAGE - --Add the following to your OpenVPN configuration file (adjusting --the plugin path as required): -- -- plugin /usr/local/lib/openvpn-auth-ldap.so "<config>" -+Add the following to your OpenVPN configuration file : - --The config directive must point to an auth-ldap configuration file. --An example is provided with the distribution. -+plugin /usr/local/lib/openvpn-auth-ldap.so "<config>" - --CAVEATS -+The sample configuration is provided with the distribution. - --This plugin only works with the OpenLDAP libraries. diff --git a/auth-ldap-2.0.3-STARTTLS_before_auth.patch b/auth-ldap-2.0.3-STARTTLS_before_auth.patch deleted file mode 100644 index 32f00d4f0d79..000000000000 --- a/auth-ldap-2.0.3-STARTTLS_before_auth.patch +++ /dev/null @@ -1,52 +0,0 @@ -Description: Run STARTTLS *before* sending auth data - Avoid sending authentication data in clear if STARTTLS is available. -Author: Andre Pawlowski <sqall@h4des.org> -Bug: http://code.google.com/p/openvpn-auth-ldap/issues/detail?id=28 -Bug-Debian: http://bugs.debian.org/610339 -Forwarded: http://code.google.com/p/openvpn-auth-ldap/issues/detail?id=28 -Reviewed-By: Alberto Gonzalez Iniesta <agi@inittab.org> -Last-Update: 2012-02-20 - -Index: openvpn-auth-ldap/src/auth-ldap.m -=================================================================== ---- openvpn-auth-ldap.orig/src/auth-ldap.m 2014-07-25 12:48:50.067688930 +0200 -+++ openvpn-auth-ldap/src/auth-ldap.m 2014-07-25 12:48:50.063688930 +0200 -@@ -307,21 +307,13 @@ - goto error; - } - -- /* Bind if requested */ -- if ([config bindDN]) { -- if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) { -- [TRLog error: "Unable to bind as %s", [[config bindDN] cString]]; -- goto error; -- } -- } -- - /* Certificate file */ -- if ((value = [config tlsCACertFile])) -+ if ((value = [config tlsCACertFile])) - if (![ldap setTLSCACertFile: value]) - goto error; - - /* Certificate directory */ -- if ((value = [config tlsCACertDir])) -+ if ((value = [config tlsCACertDir])) - if (![ldap setTLSCACertDir: value]) - goto error; - -@@ -340,6 +332,14 @@ - if (![ldap startTLS]) - goto error; - -+ /* Bind if requested */ -+ if ([config bindDN]) { -+ if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) { -+ [TRLog error: "Unable to bind as %s", [[config bindDN] cString]]; -+ goto error; -+ } -+ } -+ - return ldap; - - error: diff --git a/auth-ldap-2.0.3-gnustep.patch b/auth-ldap-2.0.3-gnustep.patch deleted file mode 100644 index 970060f99377..000000000000 --- a/auth-ldap-2.0.3-gnustep.patch +++ /dev/null @@ -1,201 +0,0 @@ -Index: aclocal.m4 -=================================================================== ---- aclocal.m4 (revision 1378) -+++ aclocal.m4 (working copy) -@@ -1,4 +1,3 @@ --builtin(include,objc.m4) - builtin(include,pthread.m4) - builtin(include,platform.m4) - builtin(include,check.m4) -@@ -23,7 +22,7 @@ - # Result is cached. - # - # Defines one of the following preprocessor macros: --# APPLE_RUNTIME GNU_RUNTIME -+# APPLE_RUNTIME GNU_RUNTIME MODERN_RUNTIME - # - # Substitutes the following variables: - # OBJC_RUNTIME OBJC_RUNTIME_FLAGS OBJC_LIBS -@@ -31,7 +30,7 @@ - #------------------------------------------------------------------------ - AC_DEFUN([OD_OBJC_RUNTIME],[ - AC_REQUIRE([AC_PROG_OBJC]) -- AC_ARG_WITH(objc-runtime, AC_HELP_STRING([--with-objc-runtime], [Specify either "GNU" or "apple"]), [with_objc_runtime=${withval}]) -+ AC_ARG_WITH(objc-runtime, AC_HELP_STRING([--with-objc-runtime], [Specify either "GNU", "apple", or "modern"]), [with_objc_runtime=${withval}]) - - if test x"${with_objc_runtime}" != x; then - case "${with_objc_runtime}" in -@@ -39,8 +38,10 @@ - ;; - apple) - ;; -+ modern) -+ ;; - *) -- AC_MSG_ERROR([${with_objc_runtime} is not a valid argument to --with-objc-runtime. Please specify either "GNU" or "apple"]) -+ AC_MSG_ERROR([${with_objc_runtime} is not a valid argument to --with-objc-runtime. Please specify either "GNU", "apple", or "modern"]) - ;; - esac - fi -@@ -174,6 +175,33 @@ - od_cv_objc_runtime_gnu="no" - fi - -+ if test x"${with_objc_runtime}" = x || test x"${with_objc_runtime}" = x"modern"; then -+ AC_MSG_CHECKING([for Modern Objective C runtime]) -+ AC_CACHE_VAL(od_cv_objc_runtime_modern, [ -+ # The following uses quadrigraphs -+ # '@<:@' = '[' -+ # '@:>@' = ']' -+ AC_LINK_IFELSE([ -+ AC_LANG_PROGRAM([ -+ #include <objc/objc.h> -+ #include <objc/runtime.h> -+ ], [ -+ id class = objc_lookUpClass("NSObject"); -+ id obj = @<:@class alloc@:>@; -+ puts(@<:@obj name@:>@); -+ ]) -+ ], [ -+ od_cv_objc_runtime_modern="yes" -+ ], [ -+ od_cv_objc_runtime_modern="no" -+ ] -+ ) -+ ]) -+ AC_MSG_RESULT(${od_cv_objc_runtime_modern}) -+ else -+ od_cv_objc_runtime_modern="no" -+ fi -+ - # Apple runtime is prefered - if test x"${od_cv_objc_runtime_apple}" = x"yes"; then - OBJC_RUNTIME="APPLE_RUNTIME" -@@ -185,6 +213,16 @@ - OBJC_RUNTIME_FLAGS="-fgnu-runtime" - AC_MSG_NOTICE([Using GNU Objective-C runtime]) - AC_DEFINE([GNU_RUNTIME], 1, [Define if using the GNU Objective-C runtime and compiler.]) -+ elif test x"${od_cv_objc_runtime_modern}" = x"yes"; then -+ OBJC_RUNTIME="MODERN_RUNTIME" -+ case "${target_os}" in -+ linux*) OBJC_RUNTIME_FLAGS="-fgnu-runtime" -+ OBJC_LIBS="-lgnustep-base ${OBJC_LIBS}";; -+ darwin*) OBJC_RUNTIME_FLAGS="-fnext-runtime" -+ LDFLAGS="-framework Foundation ${LDFLAGS}";; -+ esac -+ AC_MSG_NOTICE([Using Modern Objective-C runtime]) -+ AC_DEFINE([MODERN_RUNTIME], 1, [Define if using the Modern Objective-C runtime and compiler.]) - else - AC_MSG_FAILURE([Could not locate a working Objective-C runtime.]) - fi -Index: src/TRObject.h -=================================================================== ---- src/TRObject.h (revision 1378) -+++ src/TRObject.h (working copy) -@@ -40,7 +40,11 @@ - #endif - - #include <stdbool.h> -+#ifdef MODERN_RUNTIME -+#include <Foundation/NSObject.h> -+#else - #include <objc/Object.h> -+#endif - - #include "auth-ldap.h" - -@@ -54,7 +58,11 @@ - @end - - -+#ifdef MODERN_RUNTIME -+@interface TRObject : NSObject <TRObject> { -+#else - @interface TRObject : Object <TRObject> { -+#endif - unsigned int _refCount; - } - -Index: src/TRObject.m -=================================================================== ---- src/TRObject.m (revision 1378) -+++ src/TRObject.m (working copy) -@@ -53,9 +53,11 @@ - * Additionally, we implement brain-dead, non-thread-safe - * reference counting. - */ -+#ifndef MODERN_RUNTIME - @interface Object (AppleAddedAReallyStupidGCCWarning) - - (void) dealloc; - @end -+#endif - - @implementation TRObject - -@@ -69,7 +71,11 @@ - } - - - (void) dealloc { -+#ifdef MODERN_RUNTIME -+ [super dealloc]; -+#else - [super free]; -+#endif - - /* Make Apple's objc compiler be quiet */ - if (false) -Index: src/auth-ldap.m -=================================================================== ---- src/auth-ldap.m (revision 1378) -+++ src/auth-ldap.m (working copy) -@@ -48,6 +48,9 @@ - #include <TRPacketFilter.h> - #include <TRPFAddress.h> - #include <TRLog.h> -+#ifdef MODERN_RUNTIME -+#include <Foundation/NSAutoreleasePool.h> -+#endif - - /* Plugin Context */ - typedef struct ldap_ctx { -@@ -267,7 +270,6 @@ - } - #endif - -- - *type = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | - OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) | - OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT); -@@ -550,6 +552,10 @@ - TRLDAPEntry *ldapUser = nil; - int ret = OPENVPN_PLUGIN_FUNC_ERROR; - -+#ifdef MODERN_RUNTIME -+ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; -+#endif -+ - username = get_env("username", envp); - password = get_env("password", envp); - remoteAddress = get_env("ifconfig_pool_remote_ip", envp); -@@ -613,5 +619,8 @@ - [ldapUser release]; - if (ldap) - [ldap release]; -+#ifdef MODERN_RUNTIME -+ [pool drain]; -+#endif - return (ret); - } -Index: tests/Makefile.in -=================================================================== ---- tests/Makefile.in (revision 1378) -+++ tests/Makefile.in (working copy) -@@ -26,7 +26,7 @@ - CFLAGS+= @CHECK_CFLAGS@ -DTEST_DATA=\"${srcdir}/data\" - OBJCFLAGS+= @CHECK_CFLAGS@ -DTEST_DATA=\"${srcdir}/data\" - LIBS+= -lauth-ldap-testing $(OBJC_LIBS) $(LDAP_LIBS) @CHECK_LIBS@ --LDFLAGS+= -L${top_builddir}src $(LIBS) -+LDFLAGS+= -L${top_builddir}/src $(LIBS) - - # Recompile the tests every time - all: tests diff --git a/auth-ldap-2.0.3-remoteAddress.patch b/auth-ldap-2.0.3-remoteAddress.patch deleted file mode 100644 index 50220a43ec05..000000000000 --- a/auth-ldap-2.0.3-remoteAddress.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -Naupr auth-ldap-2.0.3.orig/src/auth-ldap.m auth-ldap-2.0.3/src/auth-ldap.m ---- auth-ldap-2.0.3.orig/src/auth-ldap.m 2007-01-22 19:50:42.000000000 +0100 -+++ auth-ldap-2.0.3/src/auth-ldap.m 2009-04-29 13:21:06.000000000 +0200 -@@ -533,7 +533,10 @@ - } - - if (tableName) -- if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting)) -+ if (!remoteAddress) { -+ [TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."]; -+ return OPENVPN_PLUGIN_FUNC_ERROR; -+ } else if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting)) - return OPENVPN_PLUGIN_FUNC_ERROR; - #endif /* HAVE_PF */ - -@@ -587,20 +590,10 @@ - break; - /* New connection established */ - case OPENVPN_PLUGIN_CLIENT_CONNECT: -- if (!remoteAddress) { -- [TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."]; -- ret = OPENVPN_PLUGIN_FUNC_ERROR; -- } else { -- ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES); -- } -+ ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES); - break; - case OPENVPN_PLUGIN_CLIENT_DISCONNECT: -- if (!remoteAddress) { -- [TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_DISCONNECT)."]; -- ret = OPENVPN_PLUGIN_FUNC_ERROR; -- } else { -- ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO); -- } -+ ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO); - break; - default: - [TRLog debug: "Unhandled plugin type in OpenVPN LDAP Plugin (type=%d)", type]; diff --git a/auth-ldap-2.0.3-rfc2307.patch b/auth-ldap-2.0.3-rfc2307.patch deleted file mode 100644 index 14e79e26276c..000000000000 --- a/auth-ldap-2.0.3-rfc2307.patch +++ /dev/null @@ -1,273 +0,0 @@ -diff -Naupr auth-ldap-2.0.3.orig/auth-ldap.conf auth-ldap-2.0.3/auth-ldap.conf ---- auth-ldap-2.0.3.orig/auth-ldap.conf 2007-01-23 00:50:42.000000000 +0600 -+++ auth-ldap-2.0.3/auth-ldap.conf 2015-06-14 16:02:26.496989160 +0600 -@@ -47,6 +47,9 @@ - #PFTable ips_vpn_users - - <Group> -+ # Match full user DN if true, uid only if false -+ RFC2307bis true -+ - BaseDN "ou=Groups,dc=example,dc=com" - SearchFilter "(|(cn=developers)(cn=artists))" - MemberAttribute uniqueMember -diff -Naupr auth-ldap-2.0.3.orig/src/auth-ldap.m auth-ldap-2.0.3/src/auth-ldap.m ---- auth-ldap-2.0.3.orig/src/auth-ldap.m 2015-06-14 16:01:38.000000000 +0600 -+++ auth-ldap-2.0.3/src/auth-ldap.m 2015-06-14 16:02:26.496989160 +0600 -@@ -411,6 +411,7 @@ static TRLDAPGroupConfig *find_ldap_grou - TREnumerator *entryIter; - TRLDAPEntry *entry; - TRLDAPGroupConfig *result = nil; -+ int userNameLength; - - /* - * Groups are loaded into the array in the order that they are listed -@@ -428,15 +429,27 @@ static TRLDAPGroupConfig *find_ldap_grou - /* Error occured, all stop */ - if (!ldapEntries) - break; -- -- /* Iterate over the returned entries */ -- entryIter = [ldapEntries objectEnumerator]; -- while ((entry = [entryIter nextObject]) != nil) { -- if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) { -- /* Group match! */ -- result = groupConfig; -+ if ([groupConfig memberRFC2307BIS]) { -+ /* Iterate over the returned entries */ -+ entryIter = [ldapEntries objectEnumerator]; -+ -+ while ((entry = [entryIter nextObject]) != nil) { -+ if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) { -+ /* Group match! */ -+ result = groupConfig; -+ } -+ } -+ } else { -+ /* Iterate over the returned entries */ -+ entryIter = [ldapEntries objectEnumerator]; -+ while ((entry = [entryIter nextObject]) != nil) { -+ if ([ldap compare: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser rdn]]) { -+ /* Group match! */ -+ result = groupConfig; -+ } - } - } -+ - [entryIter release]; - [ldapEntries release]; - if (result) -@@ -560,6 +573,7 @@ openvpn_plugin_func_v1(openvpn_plugin_ha - #endif - - username = get_env("username", envp); -+ LFString *userName=[[LFString alloc]initWithCString: username]; - password = get_env("password", envp); - remoteAddress = get_env("ifconfig_pool_remote_ip", envp); - -@@ -577,6 +591,7 @@ openvpn_plugin_func_v1(openvpn_plugin_ha - - /* Find the user record */ - ldapUser = find_ldap_user(ldap, ctx->config, username); -+ [ldapUser setRDN: userName]; - if (!ldapUser) { - /* No such user. */ - [TRLog warning: "LDAP user \"%s\" was not found.", username]; -diff -Naupr auth-ldap-2.0.3.orig/src/LFAuthLDAPConfig.m auth-ldap-2.0.3/src/LFAuthLDAPConfig.m ---- auth-ldap-2.0.3.orig/src/LFAuthLDAPConfig.m 2007-01-23 00:50:42.000000000 +0600 -+++ auth-ldap-2.0.3/src/LFAuthLDAPConfig.m 2015-06-14 16:02:26.497989147 +0600 -@@ -79,6 +79,7 @@ typedef enum { - - /* Group Section Variables */ - LF_GROUP_MEMBER_ATTRIBUTE, /* Group Membership Attribute */ -+ LF_GROUP_MEMBER_RFC2307BIS, /* Look for full DN for user in attribute */ - - /* Misc Shared */ - LF_UNKNOWN_OPCODE, /* Unknown Opcode */ -@@ -146,6 +147,7 @@ static OpcodeTable AuthSectionVariables[ - static OpcodeTable GroupSectionVariables[] = { - /* name opcode multi required */ - { "MemberAttribute", LF_GROUP_MEMBER_ATTRIBUTE, NO, NO }, -+ { "RFC2307bis", LF_GROUP_MEMBER_RFC2307BIS, NO, NO }, - { NULL, 0 } - }; - -@@ -696,12 +698,22 @@ error: - - switch(opcodeEntry->opcode) { - TRLDAPGroupConfig *config; -+ BOOL memberRFC2307BIS; - - case LF_GROUP_MEMBER_ATTRIBUTE: - config = [self currentSectionContext]; - [config setMemberAttribute: [value string]]; - break; - -+ case LF_GROUP_MEMBER_RFC2307BIS: -+ config = [self currentSectionContext]; -+ if (![value boolValue: &memberRFC2307BIS]) { -+ [self errorBoolValue: value]; -+ return; -+ } -+ [config setMemberRFC2307BIS: memberRFC2307BIS]; -+ break; -+ - case LF_LDAP_BASEDN: - config = [self currentSectionContext]; - [config setBaseDN: [value string]]; -diff -Naupr auth-ldap-2.0.3.orig/src/LFLDAPConnection.h auth-ldap-2.0.3/src/LFLDAPConnection.h ---- auth-ldap-2.0.3.orig/src/LFLDAPConnection.h 2007-01-23 00:50:42.000000000 +0600 -+++ auth-ldap-2.0.3/src/LFLDAPConnection.h 2015-06-14 16:02:26.497989147 +0600 -@@ -56,6 +56,7 @@ - baseDN: (LFString *) base - attributes: (TRArray *) attributes; - - (BOOL) compareDN: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value; -+- (BOOL) compare: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value; - - - (BOOL) setReferralEnabled: (BOOL) enabled; - - (BOOL) setTLSCACertFile: (LFString *) fileName; -diff -Naupr auth-ldap-2.0.3.orig/src/LFLDAPConnection.m auth-ldap-2.0.3/src/LFLDAPConnection.m ---- auth-ldap-2.0.3.orig/src/LFLDAPConnection.m 2007-03-23 02:09:51.000000000 +0600 -+++ auth-ldap-2.0.3/src/LFLDAPConnection.m 2015-06-14 16:02:26.497989147 +0600 -@@ -405,6 +405,50 @@ finish: - return NO; - } - -+- (BOOL) compare: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value { -+ struct timeval timeout; -+ LDAPMessage *res; -+ struct berval bval; -+ int err; -+ int msgid; -+ -+ /* Set up the ber structure for our value */ -+ bval.bv_val = (char *) [value cString]; -+ bval.bv_len = [value length] - 1; /* Length includes NULL terminator */ -+ -+ /* Set up the timeout */ -+ timeout.tv_sec = _timeout; -+ timeout.tv_usec = 0; -+ -+ /* Perform the compare */ -+ if ((err = ldap_compare_ext(ldapConn, [dn cString], [attribute cString], &bval, NULL, NULL, &msgid)) != LDAP_SUCCESS) { -+ [TRLog debug: "LDAP compare failed: %d: %s", err, ldap_err2string(err)]; -+ return NO; -+ } -+ -+ /* Wait for the result */ -+ if (ldap_result(ldapConn, msgid, 1, &timeout, &res) == -1) { -+ err = ldap_get_errno(ldapConn); -+ if (err == LDAP_TIMEOUT) -+ ldap_abandon_ext(ldapConn, msgid, NULL, NULL); -+ -+ [TRLog debug: "ldap_compare_ext failed: %s", ldap_err2string(err)]; -+ return NO; -+ } -+ -+ /* Check the result */ -+ if (ldap_parse_result(ldapConn, res, &err, NULL, NULL, NULL, NULL, 1) != LDAP_SUCCESS) { -+ /* Parsing failed */ -+ return NO; -+ } -+ if (err == LDAP_COMPARE_TRUE) -+ return YES; -+ else -+ return NO; -+ -+ return NO; -+} -+ - - - (BOOL) _setLDAPOption: (int) opt value: (const char *) value connection: (LDAP *) ldapConn { - int err; -diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPEntry.h auth-ldap-2.0.3/src/TRLDAPEntry.h ---- auth-ldap-2.0.3.orig/src/TRLDAPEntry.h 2006-07-26 06:55:47.000000000 +0700 -+++ auth-ldap-2.0.3/src/TRLDAPEntry.h 2015-06-14 16:02:26.497989147 +0600 -@@ -40,11 +40,14 @@ - - @interface TRLDAPEntry : TRObject { - LFString *_dn; -+ LFString *_rdn; - TRHash *_attributes; - } - - - (id) initWithDN: (LFString *) dn attributes: (TRHash *) attributes; - - (LFString *) dn; -+- (LFString *) rdn; -+- (void) setRDN: (LFString *) rdn; - - (TRHash *) attributes; - - @end -diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPEntry.m auth-ldap-2.0.3/src/TRLDAPEntry.m ---- auth-ldap-2.0.3.orig/src/TRLDAPEntry.m 2006-07-26 06:55:47.000000000 +0700 -+++ auth-ldap-2.0.3/src/TRLDAPEntry.m 2015-06-14 16:02:26.497989147 +0600 -@@ -42,6 +42,7 @@ - return self; - - _dn = [dn retain]; -+ _rdn = nil; - _attributes = [attributes retain]; - - return self; -@@ -49,6 +50,7 @@ - - - (void) dealloc { - [_dn release]; -+ [_rdn release]; - [_attributes release]; - [super dealloc]; - } -@@ -57,6 +59,14 @@ - return _dn; - } - -+- (LFString *) rdn { -+ return _rdn; -+} -+ -+- (void) setRDN: (LFString *) rdn { -+ _rdn=rdn; -+} -+ - - (TRHash *) attributes { - return _attributes; - } -diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.h auth-ldap-2.0.3/src/TRLDAPGroupConfig.h ---- auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.h 2006-07-31 03:19:54.000000000 +0700 -+++ auth-ldap-2.0.3/src/TRLDAPGroupConfig.h 2015-06-14 16:02:26.497989147 +0600 -@@ -42,6 +42,7 @@ - LFString *_baseDN; - LFString *_searchFilter; - LFString *_memberAttribute; -+ BOOL _memberRFC2307BIS; - LFString *_pfTable; - } - -@@ -54,6 +55,9 @@ - - (LFString *) memberAttribute; - - (void) setMemberAttribute: (LFString *) memberAttribute; - -+- (BOOL) memberRFC2307BIS; -+- (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS; -+ - - (LFString *) pfTable; - - (void) setPFTable: (LFString *) tableName; - -diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.m auth-ldap-2.0.3/src/TRLDAPGroupConfig.m ---- auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.m 2006-07-31 03:19:54.000000000 +0700 -+++ auth-ldap-2.0.3/src/TRLDAPGroupConfig.m 2015-06-14 16:02:26.497989147 +0600 -@@ -81,6 +81,14 @@ - _memberAttribute = [memberAttribute retain]; - } - -+- (BOOL) memberRFC2307BIS { -+ return (_memberRFC2307BIS); -+} -+ -+- (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS { -+ _memberRFC2307BIS = memberRFC2307BIS; -+} -+ - - (void) setPFTable: (LFString *) tableName { - if (_pfTable) - [_pfTable release]; diff --git a/auth-ldap-2.0.3-tools-CFLAGS.patch b/auth-ldap-2.0.3-tools-CFLAGS.patch deleted file mode 100644 index 7e2e39fc23d5..000000000000 --- a/auth-ldap-2.0.3-tools-CFLAGS.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naupr auth-ldap-2.0.3.orig/tools/Makefile.in auth-ldap-2.0.3/tools/Makefile.in ---- auth-ldap-2.0.3.orig/tools/Makefile.in 2006-04-30 21:56:47.000000000 +0200 -+++ auth-ldap-2.0.3/tools/Makefile.in 2011-08-13 22:57:23.409789931 +0200 -@@ -12,7 +12,6 @@ LEMON_OBJS= lemon.o - LEMON_GEN_SRCS= lempar.c - - MAKEHEADERS_OBJS= makeheaders.o --CFLAGS= - - all:: lemon makeheaders - |