diff options
Diffstat (limited to 'auth-ldap-2.0.3-rfc2307.patch')
-rw-r--r-- | auth-ldap-2.0.3-rfc2307.patch | 273 |
1 files changed, 0 insertions, 273 deletions
diff --git a/auth-ldap-2.0.3-rfc2307.patch b/auth-ldap-2.0.3-rfc2307.patch deleted file mode 100644 index 14e79e26276c..000000000000 --- a/auth-ldap-2.0.3-rfc2307.patch +++ /dev/null @@ -1,273 +0,0 @@ -diff -Naupr auth-ldap-2.0.3.orig/auth-ldap.conf auth-ldap-2.0.3/auth-ldap.conf ---- auth-ldap-2.0.3.orig/auth-ldap.conf 2007-01-23 00:50:42.000000000 +0600 -+++ auth-ldap-2.0.3/auth-ldap.conf 2015-06-14 16:02:26.496989160 +0600 -@@ -47,6 +47,9 @@ - #PFTable ips_vpn_users - - <Group> -+ # Match full user DN if true, uid only if false -+ RFC2307bis true -+ - BaseDN "ou=Groups,dc=example,dc=com" - SearchFilter "(|(cn=developers)(cn=artists))" - MemberAttribute uniqueMember -diff -Naupr auth-ldap-2.0.3.orig/src/auth-ldap.m auth-ldap-2.0.3/src/auth-ldap.m ---- auth-ldap-2.0.3.orig/src/auth-ldap.m 2015-06-14 16:01:38.000000000 +0600 -+++ auth-ldap-2.0.3/src/auth-ldap.m 2015-06-14 16:02:26.496989160 +0600 -@@ -411,6 +411,7 @@ static TRLDAPGroupConfig *find_ldap_grou - TREnumerator *entryIter; - TRLDAPEntry *entry; - TRLDAPGroupConfig *result = nil; -+ int userNameLength; - - /* - * Groups are loaded into the array in the order that they are listed -@@ -428,15 +429,27 @@ static TRLDAPGroupConfig *find_ldap_grou - /* Error occured, all stop */ - if (!ldapEntries) - break; -- -- /* Iterate over the returned entries */ -- entryIter = [ldapEntries objectEnumerator]; -- while ((entry = [entryIter nextObject]) != nil) { -- if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) { -- /* Group match! */ -- result = groupConfig; -+ if ([groupConfig memberRFC2307BIS]) { -+ /* Iterate over the returned entries */ -+ entryIter = [ldapEntries objectEnumerator]; -+ -+ while ((entry = [entryIter nextObject]) != nil) { -+ if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) { -+ /* Group match! */ -+ result = groupConfig; -+ } -+ } -+ } else { -+ /* Iterate over the returned entries */ -+ entryIter = [ldapEntries objectEnumerator]; -+ while ((entry = [entryIter nextObject]) != nil) { -+ if ([ldap compare: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser rdn]]) { -+ /* Group match! */ -+ result = groupConfig; -+ } - } - } -+ - [entryIter release]; - [ldapEntries release]; - if (result) -@@ -560,6 +573,7 @@ openvpn_plugin_func_v1(openvpn_plugin_ha - #endif - - username = get_env("username", envp); -+ LFString *userName=[[LFString alloc]initWithCString: username]; - password = get_env("password", envp); - remoteAddress = get_env("ifconfig_pool_remote_ip", envp); - -@@ -577,6 +591,7 @@ openvpn_plugin_func_v1(openvpn_plugin_ha - - /* Find the user record */ - ldapUser = find_ldap_user(ldap, ctx->config, username); -+ [ldapUser setRDN: userName]; - if (!ldapUser) { - /* No such user. */ - [TRLog warning: "LDAP user \"%s\" was not found.", username]; -diff -Naupr auth-ldap-2.0.3.orig/src/LFAuthLDAPConfig.m auth-ldap-2.0.3/src/LFAuthLDAPConfig.m ---- auth-ldap-2.0.3.orig/src/LFAuthLDAPConfig.m 2007-01-23 00:50:42.000000000 +0600 -+++ auth-ldap-2.0.3/src/LFAuthLDAPConfig.m 2015-06-14 16:02:26.497989147 +0600 -@@ -79,6 +79,7 @@ typedef enum { - - /* Group Section Variables */ - LF_GROUP_MEMBER_ATTRIBUTE, /* Group Membership Attribute */ -+ LF_GROUP_MEMBER_RFC2307BIS, /* Look for full DN for user in attribute */ - - /* Misc Shared */ - LF_UNKNOWN_OPCODE, /* Unknown Opcode */ -@@ -146,6 +147,7 @@ static OpcodeTable AuthSectionVariables[ - static OpcodeTable GroupSectionVariables[] = { - /* name opcode multi required */ - { "MemberAttribute", LF_GROUP_MEMBER_ATTRIBUTE, NO, NO }, -+ { "RFC2307bis", LF_GROUP_MEMBER_RFC2307BIS, NO, NO }, - { NULL, 0 } - }; - -@@ -696,12 +698,22 @@ error: - - switch(opcodeEntry->opcode) { - TRLDAPGroupConfig *config; -+ BOOL memberRFC2307BIS; - - case LF_GROUP_MEMBER_ATTRIBUTE: - config = [self currentSectionContext]; - [config setMemberAttribute: [value string]]; - break; - -+ case LF_GROUP_MEMBER_RFC2307BIS: -+ config = [self currentSectionContext]; -+ if (![value boolValue: &memberRFC2307BIS]) { -+ [self errorBoolValue: value]; -+ return; -+ } -+ [config setMemberRFC2307BIS: memberRFC2307BIS]; -+ break; -+ - case LF_LDAP_BASEDN: - config = [self currentSectionContext]; - [config setBaseDN: [value string]]; -diff -Naupr auth-ldap-2.0.3.orig/src/LFLDAPConnection.h auth-ldap-2.0.3/src/LFLDAPConnection.h ---- auth-ldap-2.0.3.orig/src/LFLDAPConnection.h 2007-01-23 00:50:42.000000000 +0600 -+++ auth-ldap-2.0.3/src/LFLDAPConnection.h 2015-06-14 16:02:26.497989147 +0600 -@@ -56,6 +56,7 @@ - baseDN: (LFString *) base - attributes: (TRArray *) attributes; - - (BOOL) compareDN: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value; -+- (BOOL) compare: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value; - - - (BOOL) setReferralEnabled: (BOOL) enabled; - - (BOOL) setTLSCACertFile: (LFString *) fileName; -diff -Naupr auth-ldap-2.0.3.orig/src/LFLDAPConnection.m auth-ldap-2.0.3/src/LFLDAPConnection.m ---- auth-ldap-2.0.3.orig/src/LFLDAPConnection.m 2007-03-23 02:09:51.000000000 +0600 -+++ auth-ldap-2.0.3/src/LFLDAPConnection.m 2015-06-14 16:02:26.497989147 +0600 -@@ -405,6 +405,50 @@ finish: - return NO; - } - -+- (BOOL) compare: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value { -+ struct timeval timeout; -+ LDAPMessage *res; -+ struct berval bval; -+ int err; -+ int msgid; -+ -+ /* Set up the ber structure for our value */ -+ bval.bv_val = (char *) [value cString]; -+ bval.bv_len = [value length] - 1; /* Length includes NULL terminator */ -+ -+ /* Set up the timeout */ -+ timeout.tv_sec = _timeout; -+ timeout.tv_usec = 0; -+ -+ /* Perform the compare */ -+ if ((err = ldap_compare_ext(ldapConn, [dn cString], [attribute cString], &bval, NULL, NULL, &msgid)) != LDAP_SUCCESS) { -+ [TRLog debug: "LDAP compare failed: %d: %s", err, ldap_err2string(err)]; -+ return NO; -+ } -+ -+ /* Wait for the result */ -+ if (ldap_result(ldapConn, msgid, 1, &timeout, &res) == -1) { -+ err = ldap_get_errno(ldapConn); -+ if (err == LDAP_TIMEOUT) -+ ldap_abandon_ext(ldapConn, msgid, NULL, NULL); -+ -+ [TRLog debug: "ldap_compare_ext failed: %s", ldap_err2string(err)]; -+ return NO; -+ } -+ -+ /* Check the result */ -+ if (ldap_parse_result(ldapConn, res, &err, NULL, NULL, NULL, NULL, 1) != LDAP_SUCCESS) { -+ /* Parsing failed */ -+ return NO; -+ } -+ if (err == LDAP_COMPARE_TRUE) -+ return YES; -+ else -+ return NO; -+ -+ return NO; -+} -+ - - - (BOOL) _setLDAPOption: (int) opt value: (const char *) value connection: (LDAP *) ldapConn { - int err; -diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPEntry.h auth-ldap-2.0.3/src/TRLDAPEntry.h ---- auth-ldap-2.0.3.orig/src/TRLDAPEntry.h 2006-07-26 06:55:47.000000000 +0700 -+++ auth-ldap-2.0.3/src/TRLDAPEntry.h 2015-06-14 16:02:26.497989147 +0600 -@@ -40,11 +40,14 @@ - - @interface TRLDAPEntry : TRObject { - LFString *_dn; -+ LFString *_rdn; - TRHash *_attributes; - } - - - (id) initWithDN: (LFString *) dn attributes: (TRHash *) attributes; - - (LFString *) dn; -+- (LFString *) rdn; -+- (void) setRDN: (LFString *) rdn; - - (TRHash *) attributes; - - @end -diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPEntry.m auth-ldap-2.0.3/src/TRLDAPEntry.m ---- auth-ldap-2.0.3.orig/src/TRLDAPEntry.m 2006-07-26 06:55:47.000000000 +0700 -+++ auth-ldap-2.0.3/src/TRLDAPEntry.m 2015-06-14 16:02:26.497989147 +0600 -@@ -42,6 +42,7 @@ - return self; - - _dn = [dn retain]; -+ _rdn = nil; - _attributes = [attributes retain]; - - return self; -@@ -49,6 +50,7 @@ - - - (void) dealloc { - [_dn release]; -+ [_rdn release]; - [_attributes release]; - [super dealloc]; - } -@@ -57,6 +59,14 @@ - return _dn; - } - -+- (LFString *) rdn { -+ return _rdn; -+} -+ -+- (void) setRDN: (LFString *) rdn { -+ _rdn=rdn; -+} -+ - - (TRHash *) attributes { - return _attributes; - } -diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.h auth-ldap-2.0.3/src/TRLDAPGroupConfig.h ---- auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.h 2006-07-31 03:19:54.000000000 +0700 -+++ auth-ldap-2.0.3/src/TRLDAPGroupConfig.h 2015-06-14 16:02:26.497989147 +0600 -@@ -42,6 +42,7 @@ - LFString *_baseDN; - LFString *_searchFilter; - LFString *_memberAttribute; -+ BOOL _memberRFC2307BIS; - LFString *_pfTable; - } - -@@ -54,6 +55,9 @@ - - (LFString *) memberAttribute; - - (void) setMemberAttribute: (LFString *) memberAttribute; - -+- (BOOL) memberRFC2307BIS; -+- (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS; -+ - - (LFString *) pfTable; - - (void) setPFTable: (LFString *) tableName; - -diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.m auth-ldap-2.0.3/src/TRLDAPGroupConfig.m ---- auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.m 2006-07-31 03:19:54.000000000 +0700 -+++ auth-ldap-2.0.3/src/TRLDAPGroupConfig.m 2015-06-14 16:02:26.497989147 +0600 -@@ -81,6 +81,14 @@ - _memberAttribute = [memberAttribute retain]; - } - -+- (BOOL) memberRFC2307BIS { -+ return (_memberRFC2307BIS); -+} -+ -+- (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS { -+ _memberRFC2307BIS = memberRFC2307BIS; -+} -+ - - (void) setPFTable: (LFString *) tableName { - if (_pfTable) - [_pfTable release]; |