Miroirs/slackbuilds_ponce
1
0
Fork 0
mirror of https://github.com/Ponce/slackbuilds synced 2024-11-18 22:06:04 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackbuilds_ponce/network/openvpn-auth-ldap/auth-ldap.patch
Christopher Walker e1f98f7da2 network/openvpn-auth-ldap: (LDAP authentication and authorization) 
Signed-off-by: Niels Horn <niels.horn@slackbuilds.org>
2011-03-07 11:21:28 -03:00

349 lines
10 KiB
Diff
Raw Blame History

diff -crB auth-ldap-2.0.3/auth-ldap.conf auth-ldap-2.0.3-patched/auth-ldap.conf
*** auth-ldap-2.0.3/auth-ldap.conf 2007-01-22 12:50:42.000000000 -0600
--- auth-ldap-2.0.3-patched/auth-ldap.conf 2010-06-29 10:58:40.916276380 -0500
***************
*** 47,52 ****
--- 47,55 ----
#PFTable ips_vpn_users
<Group>
+ # Match full user DN if true, uid only if false
+ RFC2307bis true
+
BaseDN "ou=Groups,dc=example,dc=com"
SearchFilter "(|(cn=developers)(cn=artists))"
MemberAttribute uniqueMember
diff -crB auth-ldap-2.0.3/src/LFAuthLDAPConfig.m auth-ldap-2.0.3-patched/src/LFAuthLDAPConfig.m
*** auth-ldap-2.0.3/src/LFAuthLDAPConfig.m 2007-01-22 12:50:42.000000000 -0600
--- auth-ldap-2.0.3-patched/src/LFAuthLDAPConfig.m 2010-06-29 10:58:40.916276380 -0500
***************
*** 79,84 ****
--- 79,85 ----
/* Group Section Variables */
LF_GROUP_MEMBER_ATTRIBUTE, /* Group Membership Attribute */
+ LF_GROUP_MEMBER_RFC2307BIS, /* Look for full DN for user in attribute */
/* Misc Shared */
LF_UNKNOWN_OPCODE, /* Unknown Opcode */
***************
*** 146,151 ****
--- 147,153 ----
static OpcodeTable GroupSectionVariables[] = {
/* name opcode multi required */
{ "MemberAttribute", LF_GROUP_MEMBER_ATTRIBUTE, NO, NO },
+ { "RFC2307bis", LF_GROUP_MEMBER_RFC2307BIS, NO, NO },
{ NULL, 0 }
};
***************
*** 696,707 ****
--- 698,719 ----
switch(opcodeEntry->opcode) {
TRLDAPGroupConfig *config;
+ BOOL memberRFC2307BIS;
case LF_GROUP_MEMBER_ATTRIBUTE:
config = [self currentSectionContext];
[config setMemberAttribute: [value string]];
break;
+ case LF_GROUP_MEMBER_RFC2307BIS:
+ config = [self currentSectionContext];
+ if (![value boolValue: &memberRFC2307BIS]) {
+ [self errorBoolValue: value];
+ return;
+ }
+ [config setMemberRFC2307BIS: memberRFC2307BIS];
+ break;
+
case LF_LDAP_BASEDN:
config = [self currentSectionContext];
[config setBaseDN: [value string]];
diff -crB auth-ldap-2.0.3/src/LFLDAPConnection.h auth-ldap-2.0.3-patched/src/LFLDAPConnection.h
*** auth-ldap-2.0.3/src/LFLDAPConnection.h 2007-01-22 12:50:42.000000000 -0600
--- auth-ldap-2.0.3-patched/src/LFLDAPConnection.h 2010-06-29 10:58:40.920285882 -0500
***************
*** 56,61 ****
--- 56,62 ----
baseDN: (LFString *) base
attributes: (TRArray *) attributes;
- (BOOL) compareDN: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value;
+ - (BOOL) compare: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value;
- (BOOL) setReferralEnabled: (BOOL) enabled;
- (BOOL) setTLSCACertFile: (LFString *) fileName;
diff -crB auth-ldap-2.0.3/src/LFLDAPConnection.m auth-ldap-2.0.3-patched/src/LFLDAPConnection.m
*** auth-ldap-2.0.3/src/LFLDAPConnection.m 2007-03-22 15:09:51.000000000 -0500
--- auth-ldap-2.0.3-patched/src/LFLDAPConnection.m 2010-06-29 10:58:40.920285882 -0500
***************
*** 405,410 ****
--- 405,454 ----
return NO;
}
+ - (BOOL) compare: (LFString *) dn withAttribute: (LFString *) attribute value: (LFString *) value {
+ struct timeval timeout;
+ LDAPMessage *res;
+ struct berval bval;
+ int err;
+ int msgid;
+
+ /* Set up the ber structure for our value */
+ bval.bv_val = (char *) [value cString];
+ bval.bv_len = [value length] - 1; /* Length includes NULL terminator */
+
+ /* Set up the timeout */
+ timeout.tv_sec = _timeout;
+ timeout.tv_usec = 0;
+
+ /* Perform the compare */
+ if ((err = ldap_compare_ext(ldapConn, [dn cString], [attribute cString], &bval, NULL, NULL, &msgid)) != LDAP_SUCCESS) {
+ [TRLog debug: "LDAP compare failed: %d: %s", err, ldap_err2string(err)];
+ return NO;
+ }
+
+ /* Wait for the result */
+ if (ldap_result(ldapConn, msgid, 1, &timeout, &res) == -1) {
+ err = ldap_get_errno(ldapConn);
+ if (err == LDAP_TIMEOUT)
+ ldap_abandon_ext(ldapConn, msgid, NULL, NULL);
+
+ [TRLog debug: "ldap_compare_ext failed: %s", ldap_err2string(err)];
+ return NO;
+ }
+
+ /* Check the result */
+ if (ldap_parse_result(ldapConn, res, &err, NULL, NULL, NULL, NULL, 1) != LDAP_SUCCESS) {
+ /* Parsing failed */
+ return NO;
+ }
+ if (err == LDAP_COMPARE_TRUE)
+ return YES;
+ else
+ return NO;
+
+ return NO;
+ }
+
- (BOOL) _setLDAPOption: (int) opt value: (const char *) value connection: (LDAP *) ldapConn {
int err;
diff -crB auth-ldap-2.0.3/src/TRLDAPEntry.h auth-ldap-2.0.3-patched/src/TRLDAPEntry.h
*** auth-ldap-2.0.3/src/TRLDAPEntry.h 2006-07-25 18:55:47.000000000 -0500
--- auth-ldap-2.0.3-patched/src/TRLDAPEntry.h 2010-06-29 10:58:40.920285882 -0500
***************
*** 40,50 ****
--- 40,53 ----
@interface TRLDAPEntry : TRObject {
LFString *_dn;
+ LFString *_rdn;
TRHash *_attributes;
}
- (id) initWithDN: (LFString *) dn attributes: (TRHash *) attributes;
- (LFString *) dn;
+ - (LFString *) rdn;
+ - (void) setRDN: (LFString *) rdn;
- (TRHash *) attributes;
@end
diff -crB auth-ldap-2.0.3/src/TRLDAPEntry.m auth-ldap-2.0.3-patched/src/TRLDAPEntry.m
*** auth-ldap-2.0.3/src/TRLDAPEntry.m 2006-07-25 18:55:47.000000000 -0500
--- auth-ldap-2.0.3-patched/src/TRLDAPEntry.m 2010-06-29 10:58:40.920285882 -0500
***************
*** 42,47 ****
--- 42,48 ----
return self;
_dn = [dn retain];
+ _rdn = nil;
_attributes = [attributes retain];
return self;
***************
*** 49,54 ****
--- 50,56 ----
- (void) dealloc {
[_dn release];
+ [_rdn release];
[_attributes release];
[super dealloc];
}
***************
*** 57,62 ****
--- 59,72 ----
return _dn;
}
+ - (LFString *) rdn {
+ return _rdn;
+ }
+
+ - (void) setRDN: (LFString *) rdn {
+ _rdn=rdn;
+ }
+
- (TRHash *) attributes {
return _attributes;
}
diff -crB auth-ldap-2.0.3/src/TRLDAPGroupConfig.h auth-ldap-2.0.3-patched/src/TRLDAPGroupConfig.h
*** auth-ldap-2.0.3/src/TRLDAPGroupConfig.h 2006-07-30 15:19:54.000000000 -0500
--- auth-ldap-2.0.3-patched/src/TRLDAPGroupConfig.h 2010-06-29 10:58:40.920285882 -0500
***************
*** 42,47 ****
--- 42,48 ----
LFString *_baseDN;
LFString *_searchFilter;
LFString *_memberAttribute;
+ BOOL _memberRFC2307BIS;
LFString *_pfTable;
}
***************
*** 54,59 ****
--- 55,63 ----
- (LFString *) memberAttribute;
- (void) setMemberAttribute: (LFString *) memberAttribute;
+ - (BOOL) memberRFC2307BIS;
+ - (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS;
+
- (LFString *) pfTable;
- (void) setPFTable: (LFString *) tableName;
diff -crB auth-ldap-2.0.3/src/TRLDAPGroupConfig.m auth-ldap-2.0.3-patched/src/TRLDAPGroupConfig.m
*** auth-ldap-2.0.3/src/TRLDAPGroupConfig.m 2006-07-30 15:19:54.000000000 -0500
--- auth-ldap-2.0.3-patched/src/TRLDAPGroupConfig.m 2010-06-29 10:58:40.920285882 -0500
***************
*** 81,86 ****
--- 81,94 ----
_memberAttribute = [memberAttribute retain];
}
+ - (BOOL) memberRFC2307BIS {
+ return (_memberRFC2307BIS);
+ }
+
+ - (void) setMemberRFC2307BIS: (BOOL) memberRFC2307BIS {
+ _memberRFC2307BIS = memberRFC2307BIS;
+ }
+
- (void) setPFTable: (LFString *) tableName {
if (_pfTable)
[_pfTable release];
diff -crB auth-ldap-2.0.3/src/auth-ldap.m auth-ldap-2.0.3-patched/src/auth-ldap.m
*** auth-ldap-2.0.3/src/auth-ldap.m 2007-01-22 12:50:42.000000000 -0600
--- auth-ldap-2.0.3-patched/src/auth-ldap.m 2010-06-29 11:02:14.680387830 -0500
***************
*** 307,320 ****
goto error;
}
- /* Bind if requested */
- if ([config bindDN]) {
- if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) {
- [TRLog error: "Unable to bind as %s", [[config bindDN] cString]];
- goto error;
- }
- }
-
/* Certificate file */
if ((value = [config tlsCACertFile]))
if (![ldap setTLSCACertFile: value])
--- 307,312 ----
***************
*** 340,345 ****
--- 332,345 ----
if (![ldap startTLS])
goto error;
+ /* Bind if requested */
+ if ([config bindDN]) {
+ if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) {
+ [TRLog error: "Unable to bind as %s", [[config bindDN] cString]];
+ goto error;
+ }
+ }
+
return ldap;
error:
***************
*** 409,414 ****
--- 409,415 ----
TREnumerator *entryIter;
TRLDAPEntry *entry;
TRLDAPGroupConfig *result = nil;
+ int userNameLength;
/*
* Groups are loaded into the array in the order that they are listed
***************
*** 426,440 ****
/* Error occured, all stop */
if (!ldapEntries)
break;
!
! /* Iterate over the returned entries */
! entryIter = [ldapEntries objectEnumerator];
! while ((entry = [entryIter nextObject]) != nil) {
! if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) {
! /* Group match! */
! result = groupConfig;
}
}
[entryIter release];
[ldapEntries release];
if (result)
--- 427,453 ----
/* Error occured, all stop */
if (!ldapEntries)
break;
! if ([groupConfig memberRFC2307BIS]) {
! /* Iterate over the returned entries */
! entryIter = [ldapEntries objectEnumerator];
!
! while ((entry = [entryIter nextObject]) != nil) {
! if ([ldap compareDN: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser dn]]) {
! /* Group match! */
! result = groupConfig;
! }
! }
! } else {
! /* Iterate over the returned entries */
! entryIter = [ldapEntries objectEnumerator];
! while ((entry = [entryIter nextObject]) != nil) {
! if ([ldap compare: [entry dn] withAttribute: [groupConfig memberAttribute] value: [ldapUser rdn]]) {
! /* Group match! */
! result = groupConfig;
! }
}
}
+
[entryIter release];
[ldapEntries release];
if (result)
***************
*** 551,556 ****
--- 564,570 ----
int ret = OPENVPN_PLUGIN_FUNC_ERROR;
username = get_env("username", envp);
+ LFString *userName=[[LFString alloc]initWithCString: username];
password = get_env("password", envp);
remoteAddress = get_env("ifconfig_pool_remote_ip", envp);
***************
*** 568,573 ****
--- 582,588 ----
/* Find the user record */
ldapUser = find_ldap_user(ldap, ctx->config, username);
+ [ldapUser setRDN: userName];
if (!ldapUser) {
/* No such user. */
[TRLog warning: "LDAP user \"%s\" was not found.", username];
Reference in a new issue View git blame Copy permalink