SOURCES: nss_ldap-CAN-2005-2069.patch (NEW), openldap-CAN-2005-206...
hawk
hawk at pld-linux.org
Wed Aug 10 12:25:13 CEST 2005
Author: hawk Date: Wed Aug 10 10:25:12 2005 GMT
Module: SOURCES Tag: HEAD
---- Log message:
811ea6e5428ee0a4d3d848b4f3f893fe nss_ldap-CAN-2005-2069.patch
4591bdcf0bd459c6fdbcabc93f5b6b55 openldap-CAN-2005-2069.patch
b9c4286d38a1e35b660f7b6a1fa09c85 pam-pam_ldap-CAN-2005-2069.patch
---- Files affected:
SOURCES:
nss_ldap-CAN-2005-2069.patch (NONE -> 1.1) (NEW), openldap-CAN-2005-2069.patch (NONE -> 1.1) (NEW), pam-pam_ldap-CAN-2005-2069.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/nss_ldap-CAN-2005-2069.patch
diff -u /dev/null SOURCES/nss_ldap-CAN-2005-2069.patch:1.1
--- /dev/null Wed Aug 10 12:25:12 2005
+++ SOURCES/nss_ldap-CAN-2005-2069.patch Wed Aug 10 12:25:07 2005
@@ -0,0 +1,40 @@
+--- ldap-nss.c 2005-07-16 15:45:17.000000000 +0100
++++ ldap-nss.c.new 2005-07-16 15:46:15.000000000 +0100
+@@ -330,6 +330,37 @@
+
+ timelimit = __session.ls_config->ldc_bind_timelimit;
+
++#ifdef HAVE_LDAP_START_TLS_S
++ if (__session.ls_config->ldc_ssl_on == SSL_START_TLS)
++ {
++ int version;
++
++ if (ldap_get_option
++ (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
++ &version) == LDAP_OPT_SUCCESS)
++ {
++ if (version < LDAP_VERSION3)
++ {
++ version = LDAP_VERSION3;
++ ldap_set_option (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
++ &version);
++ }
++ }
++
++ debug ("==> start_tls");
++ if (ldap_start_tls_s (__session.ls_conn, NULL, NULL) == LDAP_SUCCESS)
++ {
++ debug ("TLS startup succeeded");
++ }
++ else
++ {
++ debug ("TLS startup failed");
++ return NSS_UNAVAIL;
++ }
++ debug ("<== start_tls");
++ }
++#endif /* HAVE_LDAP_START_TLS_S */
++
+ return do_bind (ld, timelimit, who, cred, with_sasl);
+ }
+ #else
================================================================
Index: SOURCES/openldap-CAN-2005-2069.patch
diff -u /dev/null SOURCES/openldap-CAN-2005-2069.patch:1.1
--- /dev/null Wed Aug 10 12:25:12 2005
+++ SOURCES/openldap-CAN-2005-2069.patch Wed Aug 10 12:25:07 2005
@@ -0,0 +1,13 @@
+diff -urN openldap-2.2.26.orig/libraries/libldap/tls.c openldap-2.2.26/libraries/libldap/tls.c
+--- openldap-2.2.26.orig/libraries/libldap/tls.c 2005-01-20 17:01:02.000000000 +0000
++++ openldap-2.2.26/libraries/libldap/tls.c 2005-06-22 01:34:22.000000000 +0100
+@@ -1738,7 +1738,8 @@
+
+ /* XXYYZ: this initiates operation only on default connection! */
+
+- if ( ld->ld_sb != NULL && ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) {
++ if ( ( ld->ld_defconn != NULL ) ? ( ld->ld_defconn->lconn_sb != NULL && ldap_pvt_tls_inplace( ld->ld_defconn->lconn_sb ) != 0 )
++ : ( ld->ld_sb != NULL && ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) ) {
+ return LDAP_LOCAL_ERROR;
+ }
+
================================================================
Index: SOURCES/pam-pam_ldap-CAN-2005-2069.patch
diff -u /dev/null SOURCES/pam-pam_ldap-CAN-2005-2069.patch:1.1
--- /dev/null Wed Aug 10 12:25:12 2005
+++ SOURCES/pam-pam_ldap-CAN-2005-2069.patch Wed Aug 10 12:25:07 2005
@@ -0,0 +1,29 @@
+diff -urN pam_ldap-176/pam_ldap.c pam_ldap-176.new/pam_ldap.c
+--- pam_ldap-176/pam_ldap.c 2004-10-01 03:33:14.000000000 +0100
++++ pam_ldap-176.new/pam_ldap.c 2005-06-22 01:40:06.000000000 +0100
+@@ -1587,6 +1587,7 @@
+ pam_ldap_session_t *session = global_session;
+ #endif
+ char *who, *cred;
++ int rc;
+
+ if (session->info != NULL && session->info->bound_as_user == 1)
+ {
+@@ -1607,6 +1608,17 @@
+ }
+ }
+
++ if (session->conf->ssl_on == SSL_START_TLS)
++ {
++ rc = ldap_start_tls_s (session->ld, NULL, NULL);
++ if (rc != LDAP_SUCCESS)
++ {
++ syslog (LOG_ERR, "pam_ldap: ldap_starttls_s: %s",
++ ldap_err2string (rc));
++ return PAM_SERVICE_ERR;
++ }
++ }
++
+ return ldap_simple_bind_s (ld, who, cred);
+ }
+ #else
================================================================
More information about the pld-cvs-commit
mailing list