rpms/nss_ldap/devel pam_ldap-184-nsrole.patch, NONE, 1.1 nss_ldap.spec, 1.103, 1.104
Nalin Dahyabhai
nalin at fedoraproject.org
Mon Dec 22 18:43:45 UTC 2008
- Previous message (by thread): rpms/lighttpd/devel lighttpd.spec,1.49,1.50
- Next message (by thread): rpms/php-eaccelerator/devel php-eaccelerator.cron, NONE, 1.1 .cvsignore, 1.10, 1.11 php-eaccelerator.spec, 1.39, 1.40 sources, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/nss_ldap/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27772
Modified Files:
nss_ldap.spec
Added Files:
pam_ldap-184-nsrole.patch
Log Message:
- correct some build errors
- add but do not apply proposed pam_ldap patch to add nsrole support
pam_ldap-184-nsrole.patch:
--- NEW FILE pam_ldap-184-nsrole.patch ---
Submitted to upstream #382.
diff -up pam_ldap-184/pam_ldap.5 pam_ldap-184/pam_ldap.5
--- pam_ldap-184/pam_ldap.5 2008-11-17 13:36:03.000000000 -0500
+++ pam_ldap-184/pam_ldap.5 2008-11-17 13:37:35.000000000 -0500
@@ -333,6 +333,10 @@ group specified in the
.B pam_groupdn
option.
.TP
+.B pam_nsrole <role>
+Specifies a value which the user's entry's "nsRole" attribute must match
+for logon authorization to succeed.
+.TP
.B pam_min_uid <uid>
If specified, a user must have a POSIX user ID of at least
.B uid
diff -up pam_ldap-184/pam_ldap.c pam_ldap-184/pam_ldap.c
--- pam_ldap-184/pam_ldap.c 2008-11-17 13:35:52.000000000 -0500
+++ pam_ldap-184/pam_ldap.c 2008-11-17 13:35:56.000000000 -0500
@@ -499,6 +499,11 @@ _release_config (pam_ldap_config_t ** pc
free (c->groupdn);
}
+ if (c->nsrole != NULL)
+ {
+ free (c->nsrole);
+ }
+
if (c->filter != NULL)
{
free (c->filter);
@@ -639,6 +644,7 @@ _alloc_config (pam_ldap_config_t ** pres
result->userattr = NULL;
result->groupattr = NULL;
result->groupdn = NULL;
+ result->nsrole = NULL;
result->getpolicy = 0;
result->checkhostattr = 0;
result->checkserviceattr = 0;
@@ -1043,6 +1049,10 @@ _read_config (const char *configFile, pa
{
CHECKPOINTER (result->groupattr = strdup (v));
}
+ else if (!strcasecmp (k, "pam_nsrole"))
+ {
+ CHECKPOINTER (result->nsrole = strdup (v));
+ }
else if (!strcasecmp (k, "pam_min_uid"))
{
result->min_uid = (uid_t) atol (v);
@@ -4136,6 +4146,23 @@ pam_sm_acct_mgmt (pam_handle_t * pamh, i
rc = success;
}
+ /* check the user's entry's nsRole attribute for the required value */
+ if (rc == success && session->conf->nsrole != NULL)
+ {
+ rc = ldap_compare_s (session->ld,
+ session->info->userdn,
+ "nsRole", session->conf->nsrole);
+ if (rc != LDAP_COMPARE_TRUE)
+ {
+ snprintf (buf, sizeof buf, "You must have the %s role to login.",
+ session->conf->nsrole);
+ _conv_sendmsg (appconv, buf, PAM_ERROR_MSG, no_warn);
+ return PAM_PERM_DENIED;
+ }
+ else
+ rc = success;
+ }
+
if (rc == success && session->conf->checkserviceattr)
{
rc = _service_ok (pamh, session);
--- pam_ldap-184/pam_ldap.h 2008-11-17 13:39:49.000000000 -0500
+++ pam_ldap-184/pam_ldap.h 2008-11-17 13:39:50.000000000 -0500
@@ -95,6 +95,8 @@
char *groupdn;
/* group membership attribute; defaults to uniquemember */
char *groupattr;
+ /* role name; optional, for access authorization */
+ char *nsrole;
/* LDAP protocol version */
int version;
/* search timelimit */
Index: nss_ldap.spec
===================================================================
RCS file: /cvs/pkgs/rpms/nss_ldap/devel/nss_ldap.spec,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -r1.103 -r1.104
--- nss_ldap.spec 29 Oct 2008 21:20:18 -0000 1.103
+++ nss_ldap.spec 22 Dec 2008 18:43:15 -0000 1.104
@@ -2,7 +2,7 @@
Summary: NSS library and PAM module for LDAP
Name: nss_ldap
Version: 263
-Release: 1%{?dist}
+Release: 2%{?dist}
Source0: ftp://ftp.padl.com/pub/nss_ldap-%{version}.tar.gz
Source1: ftp://ftp.padl.com/pub/pam_ldap-%{pam_ldap_version}.tar.gz
Source3: nss_ldap.versions
@@ -24,6 +24,7 @@
Patch16: pam_ldap-184-referral-passwd2.patch
Patch17: nss_ldap-259-res_init.patch
Patch19: pam_ldap-184-broken-sasl-rebind.patch
+Patch20: pam_ldap-184-nsrole.patch
URL: http://www.padl.com/
License: LGPLv2+
@@ -76,6 +77,7 @@
%patch13 -p1 -b .exop-modify
%patch16 -p1 -b .referral-passwd2
%patch19 -p1 -b .broken-sasl-rebind
+#%patch20 -p1 -b .nsrole
autoreconf -f -i
popd
@@ -95,8 +97,8 @@
cp pam_ldap-%{pam_ldap_version}/NEWS NEWS.pam_ldap
cp pam_ldap-%{pam_ldap_version}/README README.pam_ldap
-cp %{_datadir}/libtool/config.{sub,guess} nss_ldap-%{version}/
-cp %{_datadir}/libtool/config.{sub,guess} pam_ldap-%{pam_ldap_version}/
+cp %{_datadir}/libtool/config/config.{sub,guess} nss_ldap-%{version}/
+cp %{_datadir}/libtool/config/config.{sub,guess} pam_ldap-%{pam_ldap_version}/
%build
# We're building modules here, so make sure -fPIC is always used.
@@ -190,6 +192,10 @@
%doc pam_ldap-%{pam_ldap_version}/ns-pwd-policy.schema
%changelog
+* Mon Dec 22 2008 Nalin Dahyabhai <nalin at redhat.com> - 263-2
+- correct some build errors
+- add but do not apply proposed pam_ldap patch to add nsrole support
+
* Wed Oct 29 2008 Nalin Dahyabhai <nalin at redhat.com> - 263-1
- update to 263, pulling in Luke's patch for #374 (#445972) which doesn't
leak the result message, and the fix for #376 (#466794)
- Previous message (by thread): rpms/lighttpd/devel lighttpd.spec,1.49,1.50
- Next message (by thread): rpms/php-eaccelerator/devel php-eaccelerator.cron, NONE, 1.1 .cvsignore, 1.10, 1.11 php-eaccelerator.spec, 1.39, 1.40 sources, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list