Hello community,
here is the log from the commit of package pam_ldap
checked in at Mon Mar 5 15:27:38 CET 2007.
--------
--- pam_ldap/pam_ldap.changes 2006-10-24 09:18:54.000000000 +0200
+++ /mounts/work_src_done/STABLE/pam_ldap/pam_ldap.changes 2007-03-05 12:38:45.000000000 +0100
@@ -1,0 +2,7 @@
+Mon Mar 5 12:36:35 CET 2007 - rhafer@suse.de
+
+- Update to Version 184:
+ * fix for PADL-Bug#312: pam_ldap does not try to reconnect
+ when LDAP server closed the connection
+
+-------------------------------------------------------------------
Old:
----
pam_ldap-183.tar.bz2
New:
----
pam_ldap-184.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam_ldap.spec ++++++
--- /var/tmp/diff_new_pack.h21368/_old 2007-03-05 15:27:31.000000000 +0100
+++ /var/tmp/diff_new_pack.h21368/_new 2007-03-05 15:27:31.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package pam_ldap (Version 183)
+# spec file for package pam_ldap (Version 184)
#
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -15,7 +15,7 @@
License: GNU Library General Public License v. 2.0 and 2.1 (LGPL)
Group: Productivity/Networking/LDAP/Clients
Autoreqprov: on
-Version: 183
+Version: 184
Release: 1
Summary: A PAM Module for LDAP Authentication
URL: http://www.padl.com/OSS/pam_ldap.html
@@ -69,7 +69,11 @@
%doc %{_mandir}/man5/pam_ldap*
/%{_lib}/security/pam_ldap.so
-%changelog -n pam_ldap
+%changelog
+* Mon Mar 05 2007 - rhafer@suse.de
+- Update to Version 184:
+ * fix for PADL-Bug#312: pam_ldap does not try to reconnect
+ when LDAP server closed the connection
* Tue Oct 24 2006 - rhafer@suse.de
- update to version 183. Don't suppress password policy errors
which should not be suppressed (Bug #210158, CVE-2006-5170)
++++++ pam_ldap-183.tar.bz2 -> pam_ldap-184.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-183/ChangeLog new/pam_ldap-184/ChangeLog
--- old/pam_ldap-183/ChangeLog 2006-10-19 15:22:27.000000000 +0200
+++ new/pam_ldap-184/ChangeLog 2007-03-03 08:13:10.000000000 +0100
@@ -1,6 +1,11 @@
-$Id: ChangeLog,v 1.212 2006/10/05 23:23:52 lukeh Exp $
+$Id: ChangeLog,v 1.213 2007/03/03 07:12:01 lukeh Exp $
===============================================================
+184 Luke Howard
+
+ * fix for BUG#312: pam_ldap does not try to reconnect
+ when LDAP server closed the connection
+
183 Luke Howard
* fix for BUG#291: don't suppress password policy
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-183/config.h.in new/pam_ldap-184/config.h.in
--- old/pam_ldap-183/config.h.in 2006-10-19 15:22:27.000000000 +0200
+++ new/pam_ldap-184/config.h.in 2007-03-03 08:13:10.000000000 +0100
@@ -1,5 +1,4 @@
-/* config.h.in. Generated automatically from configure.in by autoheader. */
-
+/* config.h.in. Generated from configure.in by autoheader. */
/* Define to the number of arguments to ldap_set_rebindproc */
#undef LDAP_SET_REBIND_PROC_ARGS
@@ -9,123 +8,169 @@
/* define to support PADL ypldapd locator */
#undef YPLDAPD
+
#define PAM_LDAP_PATH_CONF "/etc/ldap.conf"
#define PAM_LDAP_PATH_ROOTPASSWD "/etc/ldap.secret"
-/* Define if you have the gethostbyname function. */
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_CRYPT_H
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_DES_H
+
+/* Define to 1 if you have the `gethostbyname' function. */
#undef HAVE_GETHOSTBYNAME
-/* Define if you have the gethostbyname_r function. */
+/* Define to 1 if you have the `gethostbyname_r' function. */
#undef HAVE_GETHOSTBYNAME_R
-/* Define if you have the ldap_controls_free function. */
+/* Define to 1 if you have the header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_LBER_H
+
+/* Define to 1 if you have the `ldapssl_init' function. */
+#undef HAVE_LDAPSSL_INIT
+
+/* Define to 1 if you have the `ldap_controls_free' function. */
#undef HAVE_LDAP_CONTROLS_FREE
-/* Define if you have the ldap_get_lderrno function. */
+/* Define to 1 if you have the `ldap_get_lderrno' function. */
#undef HAVE_LDAP_GET_LDERRNO
-/* Define if you have the ldap_get_option function. */
+/* Define to 1 if you have the `ldap_get_option' function. */
#undef HAVE_LDAP_GET_OPTION
-/* Define if you have the ldap_init function. */
+/* Define to 1 if you have the header file. */
+#undef HAVE_LDAP_H
+
+/* Define to 1 if you have the `ldap_init' function. */
#undef HAVE_LDAP_INIT
-/* Define if you have the ldap_initialize function. */
+/* Define to 1 if you have the `ldap_initialize' function. */
#undef HAVE_LDAP_INITIALIZE
-/* Define if you have the ldap_memfree function. */
+/* Define to 1 if you have the `ldap_memfree' function. */
#undef HAVE_LDAP_MEMFREE
-/* Define if you have the ldap_parse_result function. */
+/* Define to 1 if you have the `ldap_parse_result' function. */
#undef HAVE_LDAP_PARSE_RESULT
-/* Define if you have the ldap_pvt_tls_set_option function. */
+/* Define to 1 if you have the `ldap_pvt_tls_set_option' function. */
#undef HAVE_LDAP_PVT_TLS_SET_OPTION
-/* Define if you have the ldap_sasl_bind function. */
+/* Define to 1 if you have the `ldap_sasl_bind' function. */
#undef HAVE_LDAP_SASL_BIND
-/* Define if you have the ldap_sasl_interactive_bind_s function. */
+/* Define to 1 if you have the `ldap_sasl_interactive_bind_s' function. */
#undef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
-/* Define if you have the ldap_set_lderrno function. */
+/* Define to 1 if you have the `ldap_set_lderrno' function. */
#undef HAVE_LDAP_SET_LDERRNO
-/* Define if you have the ldap_set_option function. */
+/* Define to 1 if you have the `ldap_set_option' function. */
#undef HAVE_LDAP_SET_OPTION
-/* Define if you have the ldap_set_rebind_proc function. */
+/* Define to 1 if you have the `ldap_set_rebind_proc' function. */
#undef HAVE_LDAP_SET_REBIND_PROC
-/* Define if you have the ldap_start_tls_s function. */
+/* Define to 1 if you have the header file. */
+#undef HAVE_LDAP_SSL_H
+
+/* Define to 1 if you have the `ldap_start_tls_s' function. */
#undef HAVE_LDAP_START_TLS_S
-/* Define if you have the ldapssl_init function. */
-#undef HAVE_LDAPSSL_INIT
+/* Define to 1 if you have the `crypt' library (-lcrypt). */
+#undef HAVE_LIBCRYPT
-/* Define if you have the header file. */
-#undef HAVE_CRYPT_H
+/* Define to 1 if you have the `dl' library (-ldl). */
+#undef HAVE_LIBDL
-/* Define if you have the header file. */
-#undef HAVE_DES_H
+/* Define to 1 if you have the `lber' library (-llber). */
+#undef HAVE_LIBLBER
-/* Define if you have the header file. */
-#undef HAVE_LBER_H
+/* Define to 1 if you have the `nsl' library (-lnsl). */
+#undef HAVE_LIBNSL
-/* Define if you have the header file. */
-#undef HAVE_LDAP_H
+/* Define to 1 if you have the `pam' library (-lpam). */
+#undef HAVE_LIBPAM
-/* Define if you have the header file. */
-#undef HAVE_LDAP_SSL_H
+/* Define to 1 if you have the `pthread' library (-lpthread). */
+#undef HAVE_LIBPTHREAD
-/* Define if you have the header file. */
+/* Define to 1 if you have the `resolv' library (-lresolv). */
+#undef HAVE_LIBRESOLV
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the header file. */
#undef HAVE_PAM_PAM_APPL_H
-/* Define if you have the header file. */
+/* Define to 1 if you have the header file. */
#undef HAVE_PAM_PAM_MISC_H
-/* Define if you have the header file. */
+/* Define to 1 if you have the header file. */
#undef HAVE_PAM_PAM_MODULES_H
-/* Define if you have the header file. */
+/* Define to 1 if you have the header file. */
#undef HAVE_SASL_H
-/* Define if you have the header file. */
+/* Define to 1 if you have the header file. */
#undef HAVE_SASL_SASL_H
-/* Define if you have the header file. */
+/* Define to 1 if you have the header file. */
#undef HAVE_SECURITY_PAM_APPL_H
-/* Define if you have the header file. */
+/* Define to 1 if you have the header file. */
#undef HAVE_SECURITY_PAM_MISC_H
-/* Define if you have the header file. */
+/* Define to 1 if you have the header file. */
#undef HAVE_SECURITY_PAM_MODULES_H
-/* Define if you have the crypt library (-lcrypt). */
-#undef HAVE_LIBCRYPT
+/* Define to 1 if you have the header file. */
+#undef HAVE_STDINT_H
-/* Define if you have the dl library (-ldl). */
-#undef HAVE_LIBDL
+/* Define to 1 if you have the header file. */
+#undef HAVE_STDLIB_H
-/* Define if you have the lber library (-llber). */
-#undef HAVE_LIBLBER
+/* Define to 1 if you have the header file. */
+#undef HAVE_STRINGS_H
-/* Define if you have the nsl library (-lnsl). */
-#undef HAVE_LIBNSL
+/* Define to 1 if you have the header file. */
+#undef HAVE_STRING_H
-/* Define if you have the pam library (-lpam). */
-#undef HAVE_LIBPAM
+/* Define to 1 if you have the header file. */
+#undef HAVE_SYS_STAT_H
-/* Define if you have the pthread library (-lpthread). */
-#undef HAVE_LIBPTHREAD
+/* Define to 1 if you have the header file. */
+#undef HAVE_SYS_TYPES_H
-/* Define if you have the resolv library (-lresolv). */
-#undef HAVE_LIBRESOLV
+/* Define to 1 if you have the header file. */
+#undef HAVE_UNISTD_H
/* Name of package */
#undef PACKAGE
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
/* Version number of package */
#undef VERSION
-
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-183/configure new/pam_ldap-184/configure
--- old/pam_ldap-183/configure 2006-10-19 15:22:27.000000000 +0200
+++ new/pam_ldap-184/configure 2007-03-03 08:13:10.000000000 +0100
@@ -806,7 +806,7 @@
PACKAGE=pam_ldap
-VERSION=183
+VERSION=184
if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then
{ echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; }
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-183/configure.in new/pam_ldap-184/configure.in
--- old/pam_ldap-183/configure.in 2006-10-19 15:22:27.000000000 +0200
+++ new/pam_ldap-184/configure.in 2007-03-03 08:13:10.000000000 +0100
@@ -2,7 +2,7 @@
AC_CANONICAL_SYSTEM
AC_PREFIX_DEFAULT()
-AM_INIT_AUTOMAKE(pam_ldap, 183)
+AM_INIT_AUTOMAKE(pam_ldap, 184)
AM_CONFIG_HEADER(config.h)
AC_PROG_CC
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-183/CVSVersionInfo.txt new/pam_ldap-184/CVSVersionInfo.txt
--- old/pam_ldap-183/CVSVersionInfo.txt 2006-10-19 15:22:27.000000000 +0200
+++ new/pam_ldap-184/CVSVersionInfo.txt 2007-03-03 08:13:10.000000000 +0100
@@ -1,8 +1,8 @@
# Created and modified by checkpoint; do not edit
-# $Id: CVSVersionInfo.txt,v 1.203 2006/10/19 13:22:24 lukeh Exp $
-# $Name: pam_ldap-183 $
+# $Id: CVSVersionInfo.txt,v 1.204 2007/03/03 07:13:08 lukeh Exp $
+# $Name: pam_ldap-184 $
ProjectName: pam_ldap
-ProjectVersion: 183
+ProjectVersion: 184
ProjectMaintainer: lukeh
# run this before building in RC. @@@PLATFORM@@@ is
# substituted for our platform names (linux, solaris etc)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-183/pam_ldap.c new/pam_ldap-184/pam_ldap.c
--- old/pam_ldap-183/pam_ldap.c 2006-10-19 15:22:27.000000000 +0200
+++ new/pam_ldap-184/pam_ldap.c 2007-03-03 08:13:10.000000000 +0100
@@ -149,7 +149,7 @@
#endif
static char rcsid[] __UNUSED__ =
- "$Id: pam_ldap.c,v 1.207 2006/10/05 23:23:52 lukeh Exp $";
+ "$Id: pam_ldap.c,v 1.208 2007/03/03 07:12:01 lukeh Exp $";
#if LDAP_SET_REBIND_PROC_ARGS < 3
static pam_ldap_session_t *global_session = 0;
#endif
@@ -1512,7 +1512,18 @@
int msgid;
struct timeval timeout;
LDAPMessage *result;
+ int reconnect = 0;
+retry:
+ if (reconnect)
+ {
+ if (session->ld != NULL)
+ {
+ ldap_unbind (session->ld);
+ session->ld = NULL;
+ }
+ syslog(LOG_ERR, "pam_ldap: reconnecting to LDAP server...");
+ }
if (session->ld == NULL)
{
rc = _open_session (session);
@@ -1534,8 +1545,15 @@
if (msgid == -1)
{
+ int ld_errno = ldap_get_lderrno (session->ld, 0, 0);
+
syslog (LOG_ERR, "pam_ldap: ldap_simple_bind %s",
- ldap_err2string (ldap_get_lderrno (session->ld, 0, 0)));
+ ldap_err2string (ld_errno));
+ if (ld_errno == LDAP_SERVER_DOWN && !reconnect)
+ {
+ reconnect = 1;
+ goto retry;
+ }
return PAM_AUTHINFO_UNAVAIL;
}
@@ -1544,8 +1562,15 @@
rc = ldap_result (session->ld, msgid, FALSE, &timeout, &result);
if (rc == -1 || rc == 0)
{
+ int ld_errno = ldap_get_lderrno (session->ld, 0, 0);
+
syslog (LOG_ERR, "pam_ldap: ldap_result %s",
- ldap_err2string (ldap_get_lderrno (session->ld, 0, 0)));
+ ldap_err2string (ld_errno));
+ if (ld_errno == LDAP_SERVER_DOWN && !reconnect)
+ {
+ reconnect = 1;
+ goto retry;
+ }
return PAM_AUTHINFO_UNAVAIL;
}
@@ -1882,6 +1907,7 @@
LDAPControl passwd_policy_req;
LDAPControl *srvctrls[2], **psrvctrls = NULL;
struct berval userpw;
+ int reconnect=0;
#endif /* HAVE_LDAP_PARSE_RESULT && HAVE_LDAP_CONTROLS_FREE */
/* avoid binding anonymously with a DN but no password */
@@ -1896,6 +1922,18 @@
if (session->info->bound_as_user)
return PAM_SUCCESS;
+retry:
+ if (reconnect)
+ {
+ if (session->ld != NULL)
+ {
+ ldap_unbind (session->ld);
+ session->ld = NULL;
+ }
+ session->info->bound_as_user = 0;
+ syslog(LOG_INFO, "pam_ldap: reconnecting to LDAP server...");
+ }
+
if (session->ld == NULL)
{
rc = _open_session (session);
@@ -1952,8 +1990,15 @@
_do_sasl_interact, &args);
if (rc != LDAP_SUCCESS)
{
+ int ld_errno = ldap_get_lderrno (session->ld, 0, 0);
+
syslog (LOG_ERR, "pam_ldap: ldap_sasl_interactive_bind %s",
- ldap_err2string (ldap_get_lderrno (session->ld, 0, 0)));
+ ldap_err2string (ld_errno));
+ if (ld_errno == LDAP_SERVER_DOWN && !reconnect)
+ {
+ reconnect = 1;
+ goto retry;
+ }
_pam_overwrite (session->info->userpw);
_pam_drop (session->info->userpw);
return PAM_AUTHINFO_UNAVAIL;
@@ -1973,8 +2018,15 @@
&userpw, psrvctrls, 0, &msgid);
if (rc != LDAP_SUCCESS || msgid == -1)
{
+ int ld_errno = ldap_get_lderrno (session->ld, 0, 0);
+
syslog (LOG_ERR, "pam_ldap: ldap_sasl_bind %s",
- ldap_err2string (ldap_get_lderrno (session->ld, 0, 0)));
+ ldap_err2string (ld_errno));
+ if (ld_errno == LDAP_SERVER_DOWN && !reconnect)
+ {
+ reconnect = 1;
+ goto retry;
+ }
_pam_overwrite (session->info->userpw);
_pam_drop (session->info->userpw);
return PAM_AUTHINFO_UNAVAIL;
@@ -1986,8 +2038,15 @@
session->info->userpw);
if (msgid == -1)
{
+ int ld_errno = ldap_get_lderrno (session->ld, 0, 0);
+
syslog (LOG_ERR, "pam_ldap: ldap_simple_bind %s",
- ldap_err2string (ldap_get_lderrno (session->ld, 0, 0)));
+ ldap_err2string (ld_errno));
+ if (ld_errno == LDAP_SERVER_DOWN && !reconnect)
+ {
+ reconnect = 1;
+ goto retry;
+ }
_pam_overwrite (session->info->userpw);
_pam_drop (session->info->userpw);
return PAM_AUTHINFO_UNAVAIL;
@@ -1999,8 +2058,18 @@
session->info->userpw);
if (msgid == -1)
{
+ int ld_errno = ldap_get_lderrno (session->ld, 0, 0);
+
+
+
+
syslog (LOG_ERR, "pam_ldap: ldap_simple_bind %s",
- ldap_err2string (ldap_get_lderrno (session->ld, 0, 0)));
+ ldap_err2string (ld_errno));
+ if (ld_errno == LDAP_SERVER_DOWN && !reconnect)
+ {
+ reconnect = 1;
+ goto retry;
+ }
_pam_overwrite (session->info->userpw);
_pam_drop (session->info->userpw);
return PAM_AUTHINFO_UNAVAIL;
@@ -2012,8 +2081,15 @@
rc = ldap_result (session->ld, msgid, FALSE, &timeout, &result);
if (rc == -1 || rc == 0)
{
+ int ld_errno = ldap_get_lderrno (session->ld, 0, 0);
+
syslog (LOG_ERR, "pam_ldap: ldap_result %s",
- ldap_err2string (ldap_get_lderrno (session->ld, 0, 0)));
+ ldap_err2string (ld_errno));
+ if (ld_errno == LDAP_SERVER_DOWN && !reconnect)
+ {
+ reconnect = 1;
+ goto retry;
+ }
_pam_overwrite (session->info->userpw);
_pam_drop (session->info->userpw);
return PAM_AUTHINFO_UNAVAIL;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-183/pam_ldap.spec new/pam_ldap-184/pam_ldap.spec
--- old/pam_ldap-183/pam_ldap.spec 2006-10-19 15:22:27.000000000 +0200
+++ new/pam_ldap-184/pam_ldap.spec 2007-03-03 08:13:10.000000000 +0100
@@ -1,6 +1,6 @@
Summary: PAM module for LDAP.
Name: pam_ldap
-Version: 183
+Version: 184
Release: 1
Source0: ftp://ftp.padl.com/pub/%{name}-%{version}.tar.gz
Source1: ldap.conf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org