nss-pam-ldapd branch master updated. 0.9.11-6-g37a00e9

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org, nss-pam-ldapd-commits [at] lists.arthurdejong.org
Subject: nss-pam-ldapd branch master updated. 0.9.11-6-g37a00e9
Date: Fri, 11 Sep 2020 20:59:40 +0200 (CEST)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  37a00e988304dd8b3b04886b56ecc713347f596f (commit)
       via  18740fbc730327ddfc10d8e77a419dcd1320718c (commit)
      from  b33551895b3c02dc7082363c6aae13f8e336f4e5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=37a00e988304dd8b3b04886b56ecc713347f596f

commit 37a00e988304dd8b3b04886b56ecc713347f596f
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Sep 11 20:53:15 2020 +0200

    Fix handling of the pam_authc_ppolicy option
    
    Check the result of the BIND operation instead of that of the
    ldap_result() call when pam_authc_ppolicy is set to "no".
    
    This could have resulted in successful authentication if the BIND
    operation to the LDAP server timed out and pam_authc_ppolicy was set to
    "no" but should not result in successful authentication otherwise so it
    is unlikely that setting pam_authc_ppolicy to "no" ever worked as
    intended. The timeout also would have to occur on the BIND operation,
    not on setting up the connection.
    
    Fixes 31cd2cf

diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 0ee1be8..2dccc65 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2006 Luke Howard
    Copyright (C) 2006-2007 West Consulting
-   Copyright (C) 2006-2017 Arthur de Jong
+   Copyright (C) 2006-2020 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -632,25 +632,22 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP 
*ld, const char *uri)
       ldap_msgfree(result);
     return LDAP_TIMEOUT;
   }
+  /* parse the result from the bind operation (frees result, gets controls) */
   responsectrls = NULL;
-  /* ignore any response controls unless we're interested in ppolicy */
-  if (nslcd_cfg->pam_authc_ppolicy)
+  parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL, 
&responsectrls, 1);
+  if (parserc != LDAP_SUCCESS)
   {
-    /* parse the result from the bind operation (frees result, gets controls) 
*/
-    parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL, 
&responsectrls, 1);
-    if (parserc != LDAP_SUCCESS)
-    {
-      myldap_err(LOG_ERR, ld, parserc, "ldap_parse_result() failed");
-      if (responsectrls != NULL)
-        ldap_controls_free(responsectrls);
-      return parserc;
-    }
-    /* handle any returned controls */
+    myldap_err(LOG_ERR, ld, parserc, "ldap_parse_result() failed");
     if (responsectrls != NULL)
-    {
-      handle_ppolicy_controls(session, ld, responsectrls);
       ldap_controls_free(responsectrls);
-    }
+    return parserc;
+  }
+  /* handle any returned controls */
+  if (responsectrls != NULL)
+  {
+    if (nslcd_cfg->pam_authc_ppolicy)
+      handle_ppolicy_controls(session, ld, responsectrls);
+    ldap_controls_free(responsectrls);
   }
   /* return the result of the BIND operation */
   if (rc != LDAP_SUCCESS)
@@ -658,7 +655,6 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP 
*ld, const char *uri)
     myldap_err(LOG_DEBUG, ld, rc, "ldap_parse_result() result");
     return rc;
   }
-  /* check the returned controls */
   return LDAP_SUCCESS;
 }
 #endif /* no SASL, so no ppolicy */

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=18740fbc730327ddfc10d8e77a419dcd1320718c

commit 18740fbc730327ddfc10d8e77a419dcd1320718c
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Apr 19 17:26:51 2020 +0200

    Fix typo
    
    Thanks Filip Dvorak
    
    See https://bugzilla.redhat.com/show_bug.cgi?id=1825240

diff --git a/README b/README
index f496de3..36cff68 100644
--- a/README
+++ b/README
@@ -201,7 +201,7 @@ CONFIGURATION
 
 After installation, the name service switch configuration file
 (/etc/nsswitch.conf) needs to be modified to do name lookups using the new
-module. This consist mostly of adding ldap in the list of lookup methods in
+module. This consists mostly of adding ldap in the list of lookup methods in
 the right place. See the nsswitch.conf(5) manual page for details on the
 format. As an example the file could look a little like this:
 

-----------------------------------------------------------------------

Summary of changes:
 README         |  2 +-
 nslcd/myldap.c | 30 +++++++++++++-----------------
 2 files changed, 14 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
nss-pam-ldapd

nss-pam-ldapd branch master updated. 0.9.11-6-g37a00e9, Commits of the nss-pam-ldapd project

Prev by Date: nss-pam-ldapd branch master updated. 0.9.11-4-gb335518
Previous by thread: nss-pam-ldapd branch master updated. 0.9.11-4-gb335518