Author: hawk Date: Wed Aug 10 10:25:12 2005 GMT Module: SOURCES Tag: HEAD ---- Log message: 811ea6e5428ee0a4d3d848b4f3f893fe nss_ldap-CAN-2005-2069.patch 4591bdcf0bd459c6fdbcabc93f5b6b55 openldap-CAN-2005-2069.patch b9c4286d38a1e35b660f7b6a1fa09c85 pam-pam_ldap-CAN-2005-2069.patch
---- Files affected: SOURCES: nss_ldap-CAN-2005-2069.patch (NONE -> 1.1) (NEW), openldap-CAN-2005-2069.patch (NONE -> 1.1) (NEW), pam-pam_ldap-CAN-2005-2069.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/nss_ldap-CAN-2005-2069.patch diff -u /dev/null SOURCES/nss_ldap-CAN-2005-2069.patch:1.1 --- /dev/null Wed Aug 10 12:25:12 2005 +++ SOURCES/nss_ldap-CAN-2005-2069.patch Wed Aug 10 12:25:07 2005 @@ -0,0 +1,40 @@ +--- ldap-nss.c 2005-07-16 15:45:17.000000000 +0100 ++++ ldap-nss.c.new 2005-07-16 15:46:15.000000000 +0100 +@@ -330,6 +330,37 @@ + + timelimit = __session.ls_config->ldc_bind_timelimit; + ++#ifdef HAVE_LDAP_START_TLS_S ++ if (__session.ls_config->ldc_ssl_on == SSL_START_TLS) ++ { ++ int version; ++ ++ if (ldap_get_option ++ (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION, ++ &version) == LDAP_OPT_SUCCESS) ++ { ++ if (version < LDAP_VERSION3) ++ { ++ version = LDAP_VERSION3; ++ ldap_set_option (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION, ++ &version); ++ } ++ } ++ ++ debug ("==> start_tls"); ++ if (ldap_start_tls_s (__session.ls_conn, NULL, NULL) == LDAP_SUCCESS) ++ { ++ debug ("TLS startup succeeded"); ++ } ++ else ++ { ++ debug ("TLS startup failed"); ++ return NSS_UNAVAIL; ++ } ++ debug ("<== start_tls"); ++ } ++#endif /* HAVE_LDAP_START_TLS_S */ ++ + return do_bind (ld, timelimit, who, cred, with_sasl); + } + #else ================================================================ Index: SOURCES/openldap-CAN-2005-2069.patch diff -u /dev/null SOURCES/openldap-CAN-2005-2069.patch:1.1 --- /dev/null Wed Aug 10 12:25:12 2005 +++ SOURCES/openldap-CAN-2005-2069.patch Wed Aug 10 12:25:07 2005 @@ -0,0 +1,13 @@ +diff -urN openldap-2.2.26.orig/libraries/libldap/tls.c openldap-2.2.26/libraries/libldap/tls.c +--- openldap-2.2.26.orig/libraries/libldap/tls.c 2005-01-20 17:01:02.000000000 +0000 ++++ openldap-2.2.26/libraries/libldap/tls.c 2005-06-22 01:34:22.000000000 +0100 +@@ -1738,7 +1738,8 @@ + + /* XXYYZ: this initiates operation only on default connection! */ + +- if ( ld->ld_sb != NULL && ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) { ++ if ( ( ld->ld_defconn != NULL ) ? ( ld->ld_defconn->lconn_sb != NULL && ldap_pvt_tls_inplace( ld->ld_defconn->lconn_sb ) != 0 ) ++ : ( ld->ld_sb != NULL && ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) ) { + return LDAP_LOCAL_ERROR; + } + ================================================================ Index: SOURCES/pam-pam_ldap-CAN-2005-2069.patch diff -u /dev/null SOURCES/pam-pam_ldap-CAN-2005-2069.patch:1.1 --- /dev/null Wed Aug 10 12:25:12 2005 +++ SOURCES/pam-pam_ldap-CAN-2005-2069.patch Wed Aug 10 12:25:07 2005 @@ -0,0 +1,29 @@ +diff -urN pam_ldap-176/pam_ldap.c pam_ldap-176.new/pam_ldap.c +--- pam_ldap-176/pam_ldap.c 2004-10-01 03:33:14.000000000 +0100 ++++ pam_ldap-176.new/pam_ldap.c 2005-06-22 01:40:06.000000000 +0100 +@@ -1587,6 +1587,7 @@ + pam_ldap_session_t *session = global_session; + #endif + char *who, *cred; ++ int rc; + + if (session->info != NULL && session->info->bound_as_user == 1) + { +@@ -1607,6 +1608,17 @@ + } + } + ++ if (session->conf->ssl_on == SSL_START_TLS) ++ { ++ rc = ldap_start_tls_s (session->ld, NULL, NULL); ++ if (rc != LDAP_SUCCESS) ++ { ++ syslog (LOG_ERR, "pam_ldap: ldap_starttls_s: %s", ++ ldap_err2string (rc)); ++ return PAM_SERVICE_ERR; ++ } ++ } ++ + return ldap_simple_bind_s (ld, who, cred); + } + #else ================================================================ _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit