summarylogtreecommitdiffstats
path: root/auth-ldap-2.0.3-rfc2307.patch
diff options
context:
space:
mode:
Diffstat (limited to 'auth-ldap-2.0.3-rfc2307.patch')
-rw-r--r--auth-ldap-2.0.3-rfc2307.patch273
1 files changed, 0 insertions, 273 deletions
diff --git a/auth-ldap-2.0.3-rfc2307.patch b/auth-ldap-2.0.3-rfc2307.patch
deleted file mode 100644
index 14e79e26276c..000000000000
--- a/auth-ldap-2.0.3-rfc2307.patch
+++ /dev/null
@@ -1,273 +0,0 @@
-diff -Naupr auth-ldap-2.0.3.orig/auth-ldap.conf auth-ldap-2.0.3/auth-ldap.conf
---- auth-ldap-2.0.3.orig/auth-ldap.conf 2007-01-23 00:50:42.000000000 +0600
-+++ auth-ldap-2.0.3/auth-ldap.conf 2015-06-14 16:02:26.496989160 +0600
-@@ -47,6 +47,9 @@
- #PFTable ips_vpn_users
-
- <Group>
-+ # Match full user DN if true, uid only if false
-+ RFC2307bis true
-+
- BaseDN "ou=Groups,dc=example,dc=com"
- SearchFilter "(|(cn=developers)(cn=artists))"
- MemberAttribute uniqueMember
-diff -Naupr auth-ldap-2.0.3.orig/src/auth-ldap.m auth-ldap-2.0.3/src/auth-ldap.m
---- auth-ldap-2.0.3.orig/src/auth-ldap.m 2015-06-14 16:01:38.000000000 +0600
-+++ auth-ldap-2.0.3/src/auth-ldap.m 2015-06-14 16:02:26.496989160 +0600
-@@ -411,6 +411,7 @@ static TRLDAPGroupConfig *find_ldap_grou
- TREnumerator *entryIter;
- TRLDAPEntry *entry;
- TRLDAPGroupConfig *result = nil;
-+ int userNameLength;
-
- /*
- * Groups are loaded into the array in the order that they are listed
-@@ -428,15 +429,27 @@ static TRLDAPGroupConfig *find_ldap_grou
- /* Error occured, all stop */
- if (!ldapEntries)
- break;
--
-- /* Iterate over the returned entries */
-- entryIter = [ldapEntries objectEnumerator];
-- while ((entry = [entryIter nextObject]) != nil) {
-- if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) {
-- /* Group match! */
-- result = groupConfig;
-+ if ([groupConfig memberRFC2307BIS]) {
-+ /* Iterate over the returned entries */
-+ entryIter = [ldapEntries objectEnumerator];
-+
-+ while ((entry = [entryIter nextObject]) != nil) {
-+ if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) {
-+ /* Group match! */
-+ result = groupConfig;
-+ }
-+ }
-+ } else {
-+ /* Iterate over the returned entries */
-+ entryIter = [ldapEntries objectEnumerator];
-+ while ((entry = [entryIter nextObject]) != nil) {
-+ if ([ldap compare: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser rdn]]) {
-+ /* Group match! */
-+ result = groupConfig;
-+ }
- }
- }
-+
- [entryIter release];
- [ldapEntries release];
- if (result)
-@@ -560,6 +573,7 @@ openvpn_plugin_func_v1(openvpn_plugin_ha
- #endif
-
- username = get_env("username", envp);
-+ LFString *userName=[[LFString alloc]initWithCString: username];
- password = get_env("password", envp);
- remoteAddress = get_env("ifconfig_pool_remote_ip", envp);
-
-@@ -577,6 +591,7 @@ openvpn_plugin_func_v1(openvpn_plugin_ha
-
- /* Find the user record */
- ldapUser = find_ldap_user(ldap, ctx->config, username);
-+ [ldapUser setRDN: userName];
- if (!ldapUser) {
- /* No such user. */
- [TRLog warning: "LDAP user \"%s\" was not found.", username];
-diff -Naupr auth-ldap-2.0.3.orig/src/LFAuthLDAPConfig.m auth-ldap-2.0.3/src/LFAuthLDAPConfig.m
---- auth-ldap-2.0.3.orig/src/LFAuthLDAPConfig.m 2007-01-23 00:50:42.000000000 +0600
-+++ auth-ldap-2.0.3/src/LFAuthLDAPConfig.m 2015-06-14 16:02:26.497989147 +0600
-@@ -79,6 +79,7 @@ typedef enum {
-
- /* Group Section Variables */
- LF_GROUP_MEMBER_ATTRIBUTE, /* Group Membership Attribute */
-+ LF_GROUP_MEMBER_RFC2307BIS, /* Look for full DN for user in attribute */
-
- /* Misc Shared */
- LF_UNKNOWN_OPCODE, /* Unknown Opcode */
-@@ -146,6 +147,7 @@ static OpcodeTable AuthSectionVariables[
- static OpcodeTable GroupSectionVariables[] = {
- /* name opcode multi required */
- { "MemberAttribute", LF_GROUP_MEMBER_ATTRIBUTE, NO, NO },
-+ { "RFC2307bis", LF_GROUP_MEMBER_RFC2307BIS, NO, NO },
- { NULL, 0 }
- };
-
-@@ -696,12 +698,22 @@ error:
-
- switch(opcodeEntry->opcode) {
- TRLDAPGroupConfig *config;
-+ BOOL memberRFC2307BIS;
-
- case LF_GROUP_MEMBER_ATTRIBUTE:
- config = [self currentSectionContext];
- [config setMemberAttribute: [value string]];
- break;
-
-+ case LF_GROUP_MEMBER_RFC2307BIS:
-+ config = [self currentSectionContext];
-+ if (![value boolValue: &memberRFC2307BIS]) {
-+ [self errorBoolValue: value];
-+ return;
-+ }
-+ [config setMemberRFC2307BIS: memberRFC2307BIS];
-+ break;
-+
- case LF_LDAP_BASEDN:
- config = [self currentSectionContext];
- [config setBaseDN: [value string]];
-diff -Naupr auth-ldap-2.0.3.orig/src/LFLDAPConnection.h auth-ldap-2.0.3/src/LFLDAPConnection.h
---- auth-ldap-2.0.3.orig/src/LFLDAPConnection.h 2007-01-23 00:50:42.000000000 +0600
-+++ auth-ldap-2.0.3/src/LFLDAPConnection.h 2015-06-14 16:02:26.497989147 +0600
-@@ -56,6 +56,7 @@
- baseDN: (LFString *) base
- attributes: (TRArray *) attributes;
- - (BOOL) compareDN: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value;
-+- (BOOL) compare: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value;
-
- - (BOOL) setReferralEnabled: (BOOL) enabled;
- - (BOOL) setTLSCACertFile: (LFString *) fileName;
-diff -Naupr auth-ldap-2.0.3.orig/src/LFLDAPConnection.m auth-ldap-2.0.3/src/LFLDAPConnection.m
---- auth-ldap-2.0.3.orig/src/LFLDAPConnection.m 2007-03-23 02:09:51.000000000 +0600
-+++ auth-ldap-2.0.3/src/LFLDAPConnection.m 2015-06-14 16:02:26.497989147 +0600
-@@ -405,6 +405,50 @@ finish:
- return NO;
- }
-
-+- (BOOL) compare: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value {
-+ struct timeval timeout;
-+ LDAPMessage *res;
-+ struct berval bval;
-+ int err;
-+ int msgid;
-+
-+ /* Set up the ber structure for our value */
-+ bval.bv_val = (char *) [value cString];
-+ bval.bv_len = [value length] - 1; /* Length includes NULL terminator */
-+
-+ /* Set up the timeout */
-+ timeout.tv_sec = _timeout;
-+ timeout.tv_usec = 0;
-+
-+ /* Perform the compare */
-+ if ((err = ldap_compare_ext(ldapConn, [dn cString], [attribute cString], &bval, NULL, NULL, &msgid)) != LDAP_SUCCESS) {
-+ [TRLog debug: "LDAP compare failed: %d: %s", err, ldap_err2string(err)];
-+ return NO;
-+ }
-+
-+ /* Wait for the result */
-+ if (ldap_result(ldapConn, msgid, 1, &timeout, &res) == -1) {
-+ err = ldap_get_errno(ldapConn);
-+ if (err == LDAP_TIMEOUT)
-+ ldap_abandon_ext(ldapConn, msgid, NULL, NULL);
-+
-+ [TRLog debug: "ldap_compare_ext failed: %s", ldap_err2string(err)];
-+ return NO;
-+ }
-+
-+ /* Check the result */
-+ if (ldap_parse_result(ldapConn, res, &err, NULL, NULL, NULL, NULL, 1) != LDAP_SUCCESS) {
-+ /* Parsing failed */
-+ return NO;
-+ }
-+ if (err == LDAP_COMPARE_TRUE)
-+ return YES;
-+ else
-+ return NO;
-+
-+ return NO;
-+}
-+
-
- - (BOOL) _setLDAPOption: (int) opt value: (const char *) value connection: (LDAP *) ldapConn {
- int err;
-diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPEntry.h auth-ldap-2.0.3/src/TRLDAPEntry.h
---- auth-ldap-2.0.3.orig/src/TRLDAPEntry.h 2006-07-26 06:55:47.000000000 +0700
-+++ auth-ldap-2.0.3/src/TRLDAPEntry.h 2015-06-14 16:02:26.497989147 +0600
-@@ -40,11 +40,14 @@
-
- @interface TRLDAPEntry : TRObject {
- LFString *_dn;
-+ LFString *_rdn;
- TRHash *_attributes;
- }
-
- - (id) initWithDN: (LFString *) dn attributes: (TRHash *) attributes;
- - (LFString *) dn;
-+- (LFString *) rdn;
-+- (void) setRDN: (LFString *) rdn;
- - (TRHash *) attributes;
-
- @end
-diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPEntry.m auth-ldap-2.0.3/src/TRLDAPEntry.m
---- auth-ldap-2.0.3.orig/src/TRLDAPEntry.m 2006-07-26 06:55:47.000000000 +0700
-+++ auth-ldap-2.0.3/src/TRLDAPEntry.m 2015-06-14 16:02:26.497989147 +0600
-@@ -42,6 +42,7 @@
- return self;
-
- _dn = [dn retain];
-+ _rdn = nil;
- _attributes = [attributes retain];
-
- return self;
-@@ -49,6 +50,7 @@
-
- - (void) dealloc {
- [_dn release];
-+ [_rdn release];
- [_attributes release];
- [super dealloc];
- }
-@@ -57,6 +59,14 @@
- return _dn;
- }
-
-+- (LFString *) rdn {
-+ return _rdn;
-+}
-+
-+- (void) setRDN: (LFString *) rdn {
-+ _rdn=rdn;
-+}
-+
- - (TRHash *) attributes {
- return _attributes;
- }
-diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.h auth-ldap-2.0.3/src/TRLDAPGroupConfig.h
---- auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.h 2006-07-31 03:19:54.000000000 +0700
-+++ auth-ldap-2.0.3/src/TRLDAPGroupConfig.h 2015-06-14 16:02:26.497989147 +0600
-@@ -42,6 +42,7 @@
- LFString *_baseDN;
- LFString *_searchFilter;
- LFString *_memberAttribute;
-+ BOOL _memberRFC2307BIS;
- LFString *_pfTable;
- }
-
-@@ -54,6 +55,9 @@
- - (LFString *) memberAttribute;
- - (void) setMemberAttribute: (LFString *) memberAttribute;
-
-+- (BOOL) memberRFC2307BIS;
-+- (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS;
-+
- - (LFString *) pfTable;
- - (void) setPFTable: (LFString *) tableName;
-
-diff -Naupr auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.m auth-ldap-2.0.3/src/TRLDAPGroupConfig.m
---- auth-ldap-2.0.3.orig/src/TRLDAPGroupConfig.m 2006-07-31 03:19:54.000000000 +0700
-+++ auth-ldap-2.0.3/src/TRLDAPGroupConfig.m 2015-06-14 16:02:26.497989147 +0600
-@@ -81,6 +81,14 @@
- _memberAttribute = [memberAttribute retain];
- }
-
-+- (BOOL) memberRFC2307BIS {
-+ return (_memberRFC2307BIS);
-+}
-+
-+- (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS {
-+ _memberRFC2307BIS = memberRFC2307BIS;
-+}
-+
- - (void) setPFTable: (LFString *) tableName {
- if (_pfTable)
- [_pfTable release];