Hello community,
here is the log from the commit of package pam_ldap
checked in at Tue Aug 22 15:24:24 CEST 2006.
--------
--- pam_ldap/pam_ldap.changes 2006-01-25 21:39:14.000000000 +0100
+++ pam_ldap/pam_ldap.changes 2006-08-22 13:45:02.000000000 +0200
@@ -1,0 +2,18 @@
+Tue Aug 22 13:42:35 CEST 2006 - rhafer@suse.de
+
+- update to version 182
+ * fix for PADL-Bug#269: compile time error in call to
+ ldap_sasl_interactive_bind_s()
+ * fix for PADL-Bug#256: don't send password policy request
+ control if pam_lookup_policy no specified
+ * fix for PADL-Bug#254: check gethostbyname() result
+ * fix for PADL-Bug#237: typo in ldap_get_lderrno()
+ implementation
+ * fix for PADL-Bug#207: if ldap_start_tls_s() fails
+ return PAM_AUTHINFO_UNAVAIL
+ * fix for PADL-Bug#261: sslpath example wrong
+ * fix for PADL-Bug#268: POLICY_ERROR_CHANGE_AFTER_RESET
+ should be handled as POLICY_ERROR_PASSWORD_EXPIRED,
+ other password policy errors to be treated as fatal
+
+-------------------------------------------------------------------
Old:
----
pam_ldap-180.tar.bz2
New:
----
pam_ldap-182.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam_ldap.spec ++++++
--- /var/tmp/diff_new_pack.VjxyJE/_old 2006-08-22 15:23:09.000000000 +0200
+++ /var/tmp/diff_new_pack.VjxyJE/_new 2006-08-22 15:23:09.000000000 +0200
@@ -1,11 +1,11 @@
#
-# spec file for package pam_ldap (Version 180)
+# spec file for package pam_ldap (Version 182)
#
-# Copyright (c) 2005 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
-# Please submit bugfixes or comments via http://www.suse.de/feedback/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
@@ -15,7 +15,7 @@
License: LGPL
Group: Productivity/Networking/LDAP/Clients
Autoreqprov: on
-Version: 180
+Version: 182
Release: 1
Summary: A PAM Module for LDAP Authentication
URL: http://www.padl.com/OSS/pam_ldap.html
@@ -70,6 +70,21 @@
/%{_lib}/security/pam_ldap.so
%changelog -n pam_ldap
+* Tue Aug 22 2006 - rhafer@suse.de
+- update to version 182
+ * fix for PADL-Bug#269: compile time error in call to
+ ldap_sasl_interactive_bind_s()
+ * fix for PADL-Bug#256: don't send password policy request
+ control if pam_lookup_policy no specified
+ * fix for PADL-Bug#254: check gethostbyname() result
+ * fix for PADL-Bug#237: typo in ldap_get_lderrno()
+ implementation
+ * fix for PADL-Bug#207: if ldap_start_tls_s() fails
+ return PAM_AUTHINFO_UNAVAIL
+ * fix for PADL-Bug#261: sslpath example wrong
+ * fix for PADL-Bug#268: POLICY_ERROR_CHANGE_AFTER_RESET
+ should be handled as POLICY_ERROR_PASSWORD_EXPIRED,
+ other password policy errors to be treated as fatal
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Wed Oct 12 2005 - rhafer@suse.de
++++++ pam_ldap-180.tar.bz2 -> pam_ldap-182.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-180/CVSVersionInfo.txt new/pam_ldap-182/CVSVersionInfo.txt
--- old/pam_ldap-180/CVSVersionInfo.txt 2005-08-18 00:35:13.000000000 +0200
+++ new/pam_ldap-182/CVSVersionInfo.txt 2006-05-02 05:53:34.000000000 +0200
@@ -1,8 +1,8 @@
# Created and modified by checkpoint; do not edit
-# $Id: CVSVersionInfo.txt,v 1.200 2005/08/17 22:35:07 lukeh Exp $
-# $Name: pam_ldap-180 $
+# $Id: CVSVersionInfo.txt,v 1.202 2006/05/02 03:53:28 lukeh Exp $
+# $Name: pam_ldap-182 $
ProjectName: pam_ldap
-ProjectVersion: 180
+ProjectVersion: 182
ProjectMaintainer: lukeh
# run this before building in RC. @@@PLATFORM@@@ is
# substituted for our platform names (linux, solaris etc)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-180/ChangeLog new/pam_ldap-182/ChangeLog
--- old/pam_ldap-180/ChangeLog 2005-08-18 00:35:13.000000000 +0200
+++ new/pam_ldap-182/ChangeLog 2006-05-02 05:53:34.000000000 +0200
@@ -1,6 +1,25 @@
-$Id: ChangeLog,v 1.204 2005/08/17 22:35:03 lukeh Exp $
+$Id: ChangeLog,v 1.211 2006/05/02 01:29:45 lukeh Exp $
===============================================================
+182 Luke Howard
+
+ * fix for BUG#269: compile time error in call to
+ ldap_sasl_interactive_bind_s()
+
+181 Luke Howard
+
+ * fix for BUG#256: don't send password policy request
+ control if pam_lookup_policy no specified
+ * fix for BUG#254: check gethostbyname() result
+ * fix for BUG#237: typo in ldap_get_lderrno()
+ implementation
+ * fix for BUG#207: if ldap_start_tls_s() fails
+ return PAM_AUTHINFO_UNAVAIL
+ * fix for BUG#261: sslpath example wrong
+ * fix for BUG#268: POLICY_ERROR_CHANGE_AFTER_RESET
+ should be handled as POLICY_ERROR_PASSWORD_EXPIRED,
+ other password policy errors to be treated as fatal
+
180 Luke Howard
* from Peter Marschall :
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-180/configure new/pam_ldap-182/configure
--- old/pam_ldap-180/configure 2005-08-18 00:35:13.000000000 +0200
+++ new/pam_ldap-182/configure 2006-05-02 05:53:34.000000000 +0200
@@ -806,7 +806,7 @@
PACKAGE=pam_ldap
-VERSION=179
+VERSION=182
if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then
{ echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; }
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-180/configure.in new/pam_ldap-182/configure.in
--- old/pam_ldap-180/configure.in 2005-08-18 00:35:13.000000000 +0200
+++ new/pam_ldap-182/configure.in 2006-05-02 05:53:34.000000000 +0200
@@ -2,7 +2,7 @@
AC_CANONICAL_SYSTEM
AC_PREFIX_DEFAULT()
-AM_INIT_AUTOMAKE(pam_ldap, 179)
+AM_INIT_AUTOMAKE(pam_ldap, 182)
AM_CONFIG_HEADER(config.h)
AC_PROG_CC
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-180/ldap.conf new/pam_ldap-182/ldap.conf
--- old/pam_ldap-180/ldap.conf 2005-08-18 00:35:13.000000000 +0200
+++ new/pam_ldap-182/ldap.conf 2006-05-02 05:53:34.000000000 +0200
@@ -1,4 +1,4 @@
-# @(#)$Id: ldap.conf,v 1.36 2005/03/23 08:29:59 lukeh Exp $
+# @(#)$Id: ldap.conf,v 1.37 2006/04/13 03:26:17 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
@@ -249,7 +249,7 @@
#ssl on
# Netscape SDK SSL options
-#sslpath /etc/ssl/certs/cert7.db
+#sslpath /etc/ssl/certs
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-180/pam_ldap.c new/pam_ldap-182/pam_ldap.c
--- old/pam_ldap-180/pam_ldap.c 2005-08-18 00:35:13.000000000 +0200
+++ new/pam_ldap-182/pam_ldap.c 2006-05-02 05:53:34.000000000 +0200
@@ -149,7 +149,7 @@
#endif
static char rcsid[] __UNUSED__ =
- "$Id: pam_ldap.c,v 1.199 2005/08/11 03:16:02 lukeh Exp $";
+ "$Id: pam_ldap.c,v 1.206 2006/05/02 01:29:45 lukeh Exp $";
#if LDAP_SET_REBIND_PROC_ARGS < 3
static pam_ldap_session_t *global_session = 0;
#endif
@@ -372,7 +372,7 @@
#endif
}
- if (s != NULL)
+ if (m != NULL)
{
#if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_MATCHED_DN)
rc = ldap_get_option (ld, LDAP_OPT_MATCHED_DN, m);
@@ -1380,7 +1380,7 @@
{
syslog (LOG_ERR, "pam_ldap: ldap_starttls_s: %s",
ldap_err2string (rc));
- return PAM_SERVICE_ERR;
+ return PAM_AUTHINFO_UNAVAIL;
}
}
}
@@ -1615,7 +1615,7 @@
{
syslog (LOG_ERR, "pam_ldap: ldap_starttls_s: %s",
ldap_err2string (rc));
- return PAM_SERVICE_ERR;
+ return PAM_AUTHINFO_UNAVAIL;
}
}
@@ -1880,7 +1880,7 @@
LDAPMessage *result;
LDAPControl **controls;
LDAPControl passwd_policy_req;
- LDAPControl *srvctrls[2];
+ LDAPControl *srvctrls[2], **psrvctrls = NULL;
struct berval userpw;
#endif /* HAVE_LDAP_PARSE_RESULT && HAVE_LDAP_CONTROLS_FREE */
@@ -1918,11 +1918,9 @@
if (session->info->userpw == NULL)
return PAM_BUF_ERR;
-#if (defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_H)) && defined(HAVE_LDAP_SASL_INTERACTIVE_BIND_S)
- if (session->conf->sasl_mechanism != NULL)
+#if defined(HAVE_LDAP_PARSE_RESULT) && defined(HAVE_LDAP_CONTROLS_FREE)
+ if (session->conf->getpolicy)
{
- void *args[] = { pamh, session };
-
passwd_policy_req.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
passwd_policy_req.ldctl_value.bv_val = 0; /* none */
passwd_policy_req.ldctl_value.bv_len = 0;
@@ -1930,13 +1928,22 @@
srvctrls[0] = &passwd_policy_req;
srvctrls[1] = 0;
+ psrvctrls = srvctrls;
+ }
+#endif
+
+#if (defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_H)) && defined(HAVE_LDAP_SASL_INTERACTIVE_BIND_S)
+ if (session->conf->sasl_mechanism != NULL)
+ {
+ void *args[] = { pamh, session };
+
/*
* XXX this API is broken - how can we extract the password policy
* controls? do we need to implement DIGEST-MD5 ourself?
*/
rc = ldap_sasl_interactive_bind_s (session->ld, session->info->userdn,
session->conf->sasl_mechanism,
- srvctrls, NULL,
+ psrvctrls, NULL,
#ifdef LDAP_SASL_AUTOMATIC
LDAP_SASL_AUTOMATIC,
#else
@@ -1960,16 +1967,10 @@
{
userpw.bv_val = session->info->userpw;
userpw.bv_len = (userpw.bv_val != 0) ? strlen (userpw.bv_val) : 0;
- passwd_policy_req.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
- passwd_policy_req.ldctl_value.bv_val = 0; /* none */
- passwd_policy_req.ldctl_value.bv_len = 0;
- passwd_policy_req.ldctl_iscritical = 0; /* not critical */
- srvctrls[0] = &passwd_policy_req;
- srvctrls[1] = 0;
rc =
ldap_sasl_bind (session->ld, session->info->userdn, LDAP_SASL_SIMPLE,
- &userpw, srvctrls, 0, &msgid);
+ &userpw, psrvctrls, 0, &msgid);
if (rc != LDAP_SUCCESS || msgid == -1)
{
syslog (LOG_ERR, "pam_ldap: ldap_sasl_bind %s",
@@ -2325,6 +2326,9 @@
}
#endif
+ if (h == NULL || h->h_name == NULL)
+ return PAM_SYSTEM_ERR;
+
if (_has_deny_value (session->info->hosts_allow, h->h_name))
return PAM_PERM_DENIED;
else if (_has_value (session->info->hosts_allow, h->h_name))
@@ -2486,7 +2490,7 @@
ssd->next = NULL;
}
nxt:
- if ((session->conf->filter != NULL) && (ssd->filter != NULL))
+ if (session->conf->filter != NULL && ssd->filter != NULL)
{
snprintf (filter, sizeof filter, "(&(%s)(%s)(%s=%s))",
ssd->filter, session->conf->filter, session->conf->userattr,
@@ -3819,6 +3823,7 @@
case POLICY_ERROR_SUCCESS:
break;
case POLICY_ERROR_PASSWORD_EXPIRED:
+ case POLICY_ERROR_CHANGE_AFTER_RESET:
_conv_sendmsg (appconv,
"You are required to change your LDAP password immediately.",
PAM_ERROR_MSG, no_warn);
@@ -3829,7 +3834,6 @@
#endif /* LINUX */
break;
case POLICY_ERROR_ACCOUNT_LOCKED:
- case POLICY_ERROR_CHANGE_AFTER_RESET:
case POLICY_ERROR_PASSWORD_MOD_NOT_ALLOWED:
case POLICY_ERROR_MUST_SUPPLY_OLD_PASSWORD:
case POLICY_ERROR_INSUFFICIENT_PASSWORD_QUALITY:
@@ -3839,14 +3843,14 @@
_conv_sendmsg (appconv,
policy_error_table[session->info->policy_error],
PAM_ERROR_MSG, no_warn);
- rc = success = PAM_PERM_DENIED;
+ return PAM_PERM_DENIED;
break;
default:
snprintf (buf, sizeof buf,
"Unknown password policy error %d received.",
session->info->policy_error);
_conv_sendmsg (appconv, buf, PAM_ERROR_MSG, no_warn);
- rc = success = PAM_PERM_DENIED;
+ return PAM_PERM_DENIED;
break;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ldap-180/pam_ldap.spec new/pam_ldap-182/pam_ldap.spec
--- old/pam_ldap-180/pam_ldap.spec 2005-08-18 00:35:13.000000000 +0200
+++ new/pam_ldap-182/pam_ldap.spec 2006-05-02 05:53:34.000000000 +0200
@@ -1,6 +1,6 @@
Summary: PAM module for LDAP.
Name: pam_ldap
-Version: 179
+Version: 182
Release: 1
Source0: ftp://ftp.padl.com/pub/%{name}-%{version}.tar.gz
Source1: ldap.conf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org