nss-pam-ldapd branch master updated. 0.9.11-6-g37a00e9
[
Date Prev][Date Next]
[
Thread Prev][Thread Next]
nss-pam-ldapd branch master updated. 0.9.11-6-g37a00e9
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org, nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd branch master updated. 0.9.11-6-g37a00e9
- Date: Fri, 11 Sep 2020 20:59:40 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".
The branch, master has been updated
via 37a00e988304dd8b3b04886b56ecc713347f596f (commit)
via 18740fbc730327ddfc10d8e77a419dcd1320718c (commit)
from b33551895b3c02dc7082363c6aae13f8e336f4e5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=37a00e988304dd8b3b04886b56ecc713347f596f
commit 37a00e988304dd8b3b04886b56ecc713347f596f
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Fri Sep 11 20:53:15 2020 +0200
Fix handling of the pam_authc_ppolicy option
Check the result of the BIND operation instead of that of the
ldap_result() call when pam_authc_ppolicy is set to "no".
This could have resulted in successful authentication if the BIND
operation to the LDAP server timed out and pam_authc_ppolicy was set to
"no" but should not result in successful authentication otherwise so it
is unlikely that setting pam_authc_ppolicy to "no" ever worked as
intended. The timeout also would have to occur on the BIND operation,
not on setting up the connection.
Fixes 31cd2cf
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 0ee1be8..2dccc65 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2006 Luke Howard
Copyright (C) 2006-2007 West Consulting
- Copyright (C) 2006-2017 Arthur de Jong
+ Copyright (C) 2006-2020 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -632,25 +632,22 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP
*ld, const char *uri)
ldap_msgfree(result);
return LDAP_TIMEOUT;
}
+ /* parse the result from the bind operation (frees result, gets controls) */
responsectrls = NULL;
- /* ignore any response controls unless we're interested in ppolicy */
- if (nslcd_cfg->pam_authc_ppolicy)
+ parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL,
&responsectrls, 1);
+ if (parserc != LDAP_SUCCESS)
{
- /* parse the result from the bind operation (frees result, gets controls)
*/
- parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL,
&responsectrls, 1);
- if (parserc != LDAP_SUCCESS)
- {
- myldap_err(LOG_ERR, ld, parserc, "ldap_parse_result() failed");
- if (responsectrls != NULL)
- ldap_controls_free(responsectrls);
- return parserc;
- }
- /* handle any returned controls */
+ myldap_err(LOG_ERR, ld, parserc, "ldap_parse_result() failed");
if (responsectrls != NULL)
- {
- handle_ppolicy_controls(session, ld, responsectrls);
ldap_controls_free(responsectrls);
- }
+ return parserc;
+ }
+ /* handle any returned controls */
+ if (responsectrls != NULL)
+ {
+ if (nslcd_cfg->pam_authc_ppolicy)
+ handle_ppolicy_controls(session, ld, responsectrls);
+ ldap_controls_free(responsectrls);
}
/* return the result of the BIND operation */
if (rc != LDAP_SUCCESS)
@@ -658,7 +655,6 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP
*ld, const char *uri)
myldap_err(LOG_DEBUG, ld, rc, "ldap_parse_result() result");
return rc;
}
- /* check the returned controls */
return LDAP_SUCCESS;
}
#endif /* no SASL, so no ppolicy */
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=18740fbc730327ddfc10d8e77a419dcd1320718c
commit 18740fbc730327ddfc10d8e77a419dcd1320718c
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun Apr 19 17:26:51 2020 +0200
Fix typo
Thanks Filip Dvorak
See https://bugzilla.redhat.com/show_bug.cgi?id=1825240
diff --git a/README b/README
index f496de3..36cff68 100644
--- a/README
+++ b/README
@@ -201,7 +201,7 @@ CONFIGURATION
After installation, the name service switch configuration file
(/etc/nsswitch.conf) needs to be modified to do name lookups using the new
-module. This consist mostly of adding ldap in the list of lookup methods in
+module. This consists mostly of adding ldap in the list of lookup methods in
the right place. See the nsswitch.conf(5) manual page for details on the
format. As an example the file could look a little like this:
-----------------------------------------------------------------------
Summary of changes:
README | 2 +-
nslcd/myldap.c | 30 +++++++++++++-----------------
2 files changed, 14 insertions(+), 18 deletions(-)
hooks/post-receive
--
nss-pam-ldapd
- nss-pam-ldapd branch master updated. 0.9.11-6-g37a00e9,
Commits of the nss-pam-ldapd project