diff options
Diffstat (limited to 'network/openvpn-auth-ldap/auth-ldap.patch')
| -rw-r--r-- | network/openvpn-auth-ldap/auth-ldap.patch | 349 |
1 files changed, 0 insertions, 349 deletions
diff --git a/network/openvpn-auth-ldap/auth-ldap.patch b/network/openvpn-auth-ldap/auth-ldap.patch deleted file mode 100644 index e1cb9e055a..0000000000 --- a/network/openvpn-auth-ldap/auth-ldap.patch +++ /dev/null @@ -1,349 +0,0 @@ -diff -crB auth-ldap-2.0.3/auth-ldap.conf auth-ldap-2.0.3-patched/auth-ldap.conf -*** auth-ldap-2.0.3/auth-ldap.conf 2007-01-22 12:50:42.000000000 -0600 ---- auth-ldap-2.0.3-patched/auth-ldap.conf 2010-06-29 10:58:40.916276380 -0500 -*************** -*** 47,52 **** ---- 47,55 ---- - #PFTable ips_vpn_users - - <Group> -+ # Match full user DN if true, uid only if false -+ RFC2307bis true -+ - BaseDN "ou=Groups,dc=example,dc=com" - SearchFilter "(|(cn=developers)(cn=artists))" - MemberAttribute uniqueMember -diff -crB auth-ldap-2.0.3/src/LFAuthLDAPConfig.m auth-ldap-2.0.3-patched/src/LFAuthLDAPConfig.m -*** auth-ldap-2.0.3/src/LFAuthLDAPConfig.m 2007-01-22 12:50:42.000000000 -0600 ---- auth-ldap-2.0.3-patched/src/LFAuthLDAPConfig.m 2010-06-29 10:58:40.916276380 -0500 -*************** -*** 79,84 **** ---- 79,85 ---- - - /* Group Section Variables */ - LF_GROUP_MEMBER_ATTRIBUTE, /* Group Membership Attribute */ -+ LF_GROUP_MEMBER_RFC2307BIS, /* Look for full DN for user in attribute */ - - /* Misc Shared */ - LF_UNKNOWN_OPCODE, /* Unknown Opcode */ -*************** -*** 146,151 **** ---- 147,153 ---- - static OpcodeTable GroupSectionVariables[] = { - /* name opcode multi required */ - { "MemberAttribute", LF_GROUP_MEMBER_ATTRIBUTE, NO, NO }, -+ { "RFC2307bis", LF_GROUP_MEMBER_RFC2307BIS, NO, NO }, - { NULL, 0 } - }; - -*************** -*** 696,707 **** ---- 698,719 ---- - - switch(opcodeEntry->opcode) { - TRLDAPGroupConfig *config; -+ BOOL memberRFC2307BIS; - - case LF_GROUP_MEMBER_ATTRIBUTE: - config = [self currentSectionContext]; - [config setMemberAttribute: [value string]]; - break; - -+ case LF_GROUP_MEMBER_RFC2307BIS: -+ config = [self currentSectionContext]; -+ if (![value boolValue: &memberRFC2307BIS]) { -+ [self errorBoolValue: value]; -+ return; -+ } -+ [config setMemberRFC2307BIS: memberRFC2307BIS]; -+ break; -+ - case LF_LDAP_BASEDN: - config = [self currentSectionContext]; - [config setBaseDN: [value string]]; -diff -crB auth-ldap-2.0.3/src/LFLDAPConnection.h auth-ldap-2.0.3-patched/src/LFLDAPConnection.h -*** auth-ldap-2.0.3/src/LFLDAPConnection.h 2007-01-22 12:50:42.000000000 -0600 ---- auth-ldap-2.0.3-patched/src/LFLDAPConnection.h 2010-06-29 10:58:40.920285882 -0500 -*************** -*** 56,61 **** ---- 56,62 ---- - baseDN: (LFString *) base - attributes: (TRArray *) attributes; - - (BOOL) compareDN: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value; -+ - (BOOL) compare: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value; - - - (BOOL) setReferralEnabled: (BOOL) enabled; - - (BOOL) setTLSCACertFile: (LFString *) fileName; -diff -crB auth-ldap-2.0.3/src/LFLDAPConnection.m auth-ldap-2.0.3-patched/src/LFLDAPConnection.m -*** auth-ldap-2.0.3/src/LFLDAPConnection.m 2007-03-22 15:09:51.000000000 -0500 ---- auth-ldap-2.0.3-patched/src/LFLDAPConnection.m 2010-06-29 10:58:40.920285882 -0500 -*************** -*** 405,410 **** ---- 405,454 ---- - return NO; - } - -+ - (BOOL) compare: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value { -+ struct timeval timeout; -+ LDAPMessage *res; -+ struct berval bval; -+ int err; -+ int msgid; -+ -+ /* Set up the ber structure for our value */ -+ bval.bv_val = (char *) [value cString]; -+ bval.bv_len = [value length] - 1; /* Length includes NULL terminator */ -+ -+ /* Set up the timeout */ -+ timeout.tv_sec = _timeout; -+ timeout.tv_usec = 0; -+ -+ /* Perform the compare */ -+ if ((err = ldap_compare_ext(ldapConn, [dn cString], [attribute cString], &bval, NULL, NULL, &msgid)) != LDAP_SUCCESS) { -+ [TRLog debug: "LDAP compare failed: %d: %s", err, ldap_err2string(err)]; -+ return NO; -+ } -+ -+ /* Wait for the result */ -+ if (ldap_result(ldapConn, msgid, 1, &timeout, &res) == -1) { -+ err = ldap_get_errno(ldapConn); -+ if (err == LDAP_TIMEOUT) -+ ldap_abandon_ext(ldapConn, msgid, NULL, NULL); -+ -+ [TRLog debug: "ldap_compare_ext failed: %s", ldap_err2string(err)]; -+ return NO; -+ } -+ -+ /* Check the result */ -+ if (ldap_parse_result(ldapConn, res, &err, NULL, NULL, NULL, NULL, 1) != LDAP_SUCCESS) { -+ /* Parsing failed */ -+ return NO; -+ } -+ if (err == LDAP_COMPARE_TRUE) -+ return YES; -+ else -+ return NO; -+ -+ return NO; -+ } -+ - - - (BOOL) _setLDAPOption: (int) opt value: (const char *) value connection: (LDAP *) ldapConn { - int err; -diff -crB auth-ldap-2.0.3/src/TRLDAPEntry.h auth-ldap-2.0.3-patched/src/TRLDAPEntry.h -*** auth-ldap-2.0.3/src/TRLDAPEntry.h 2006-07-25 18:55:47.000000000 -0500 ---- auth-ldap-2.0.3-patched/src/TRLDAPEntry.h 2010-06-29 10:58:40.920285882 -0500 -*************** -*** 40,50 **** ---- 40,53 ---- - - @interface TRLDAPEntry : TRObject { - LFString *_dn; -+ LFString *_rdn; - TRHash *_attributes; - } - - - (id) initWithDN: (LFString *) dn attributes: (TRHash *) attributes; - - (LFString *) dn; -+ - (LFString *) rdn; -+ - (void) setRDN: (LFString *) rdn; - - (TRHash *) attributes; - - @end -diff -crB auth-ldap-2.0.3/src/TRLDAPEntry.m auth-ldap-2.0.3-patched/src/TRLDAPEntry.m -*** auth-ldap-2.0.3/src/TRLDAPEntry.m 2006-07-25 18:55:47.000000000 -0500 ---- auth-ldap-2.0.3-patched/src/TRLDAPEntry.m 2010-06-29 10:58:40.920285882 -0500 -*************** -*** 42,47 **** ---- 42,48 ---- - return self; - - _dn = [dn retain]; -+ _rdn = nil; - _attributes = [attributes retain]; - - return self; -*************** -*** 49,54 **** ---- 50,56 ---- - - - (void) dealloc { - [_dn release]; -+ [_rdn release]; - [_attributes release]; - [super dealloc]; - } -*************** -*** 57,62 **** ---- 59,72 ---- - return _dn; - } - -+ - (LFString *) rdn { -+ return _rdn; -+ } -+ -+ - (void) setRDN: (LFString *) rdn { -+ _rdn=rdn; -+ } -+ - - (TRHash *) attributes { - return _attributes; - } -diff -crB auth-ldap-2.0.3/src/TRLDAPGroupConfig.h auth-ldap-2.0.3-patched/src/TRLDAPGroupConfig.h -*** auth-ldap-2.0.3/src/TRLDAPGroupConfig.h 2006-07-30 15:19:54.000000000 -0500 ---- auth-ldap-2.0.3-patched/src/TRLDAPGroupConfig.h 2010-06-29 10:58:40.920285882 -0500 -*************** -*** 42,47 **** ---- 42,48 ---- - LFString *_baseDN; - LFString *_searchFilter; - LFString *_memberAttribute; -+ BOOL _memberRFC2307BIS; - LFString *_pfTable; - } - -*************** -*** 54,59 **** ---- 55,63 ---- - - (LFString *) memberAttribute; - - (void) setMemberAttribute: (LFString *) memberAttribute; - -+ - (BOOL) memberRFC2307BIS; -+ - (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS; -+ - - (LFString *) pfTable; - - (void) setPFTable: (LFString *) tableName; - -diff -crB auth-ldap-2.0.3/src/TRLDAPGroupConfig.m auth-ldap-2.0.3-patched/src/TRLDAPGroupConfig.m -*** auth-ldap-2.0.3/src/TRLDAPGroupConfig.m 2006-07-30 15:19:54.000000000 -0500 ---- auth-ldap-2.0.3-patched/src/TRLDAPGroupConfig.m 2010-06-29 10:58:40.920285882 -0500 -*************** -*** 81,86 **** ---- 81,94 ---- - _memberAttribute = [memberAttribute retain]; - } - -+ - (BOOL) memberRFC2307BIS { -+ return (_memberRFC2307BIS); -+ } -+ -+ - (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS { -+ _memberRFC2307BIS = memberRFC2307BIS; -+ } -+ - - (void) setPFTable: (LFString *) tableName { - if (_pfTable) - [_pfTable release]; -diff -crB auth-ldap-2.0.3/src/auth-ldap.m auth-ldap-2.0.3-patched/src/auth-ldap.m -*** auth-ldap-2.0.3/src/auth-ldap.m 2007-01-22 12:50:42.000000000 -0600 ---- auth-ldap-2.0.3-patched/src/auth-ldap.m 2010-06-29 11:02:14.680387830 -0500 -*************** -*** 307,320 **** - goto error; - } - -- /* Bind if requested */ -- if ([config bindDN]) { -- if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) { -- [TRLog error: "Unable to bind as %s", [[config bindDN] cString]]; -- goto error; -- } -- } -- - /* Certificate file */ - if ((value = [config tlsCACertFile])) - if (![ldap setTLSCACertFile: value]) ---- 307,312 ---- -*************** -*** 340,345 **** ---- 332,345 ---- - if (![ldap startTLS]) - goto error; - -+ /* Bind if requested */ -+ if ([config bindDN]) { -+ if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) { -+ [TRLog error: "Unable to bind as %s", [[config bindDN] cString]]; -+ goto error; -+ } -+ } -+ - return ldap; - - error: -*************** -*** 409,414 **** ---- 409,415 ---- - TREnumerator *entryIter; - TRLDAPEntry *entry; - TRLDAPGroupConfig *result = nil; -+ int userNameLength; - - /* - * Groups are loaded into the array in the order that they are listed -*************** -*** 426,440 **** - /* Error occured, all stop */ - if (!ldapEntries) - break; -! -! /* Iterate over the returned entries */ -! entryIter = [ldapEntries objectEnumerator]; -! while ((entry = [entryIter nextObject]) != nil) { -! if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) { -! /* Group match! */ -! result = groupConfig; - } - } - [entryIter release]; - [ldapEntries release]; - if (result) ---- 427,453 ---- - /* Error occured, all stop */ - if (!ldapEntries) - break; -! if ([groupConfig memberRFC2307BIS]) { -! /* Iterate over the returned entries */ -! entryIter = [ldapEntries objectEnumerator]; -! -! while ((entry = [entryIter nextObject]) != nil) { -! if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) { -! /* Group match! */ -! result = groupConfig; -! } -! } -! } else { -! /* Iterate over the returned entries */ -! entryIter = [ldapEntries objectEnumerator]; -! while ((entry = [entryIter nextObject]) != nil) { -! if ([ldap compare: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser rdn]]) { -! /* Group match! */ -! result = groupConfig; -! } - } - } -+ - [entryIter release]; - [ldapEntries release]; - if (result) -*************** -*** 551,556 **** ---- 564,570 ---- - int ret = OPENVPN_PLUGIN_FUNC_ERROR; - - username = get_env("username", envp); -+ LFString *userName=[[LFString alloc]initWithCString: username]; - password = get_env("password", envp); - remoteAddress = get_env("ifconfig_pool_remote_ip", envp); - -*************** -*** 568,573 **** ---- 582,588 ---- - - /* Find the user record */ - ldapUser = find_ldap_user(ldap, ctx->config, username); -+ [ldapUser setRDN: userName]; - if (!ldapUser) { - /* No such user. */ - [TRLog warning: "LDAP user \"%s\" was not found.", username]; |