aboutsummaryrefslogtreecommitdiff
path: root/security/sssd/files/patch-src__providers__ldap__ldap_auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/sssd/files/patch-src__providers__ldap__ldap_auth.c')
-rw-r--r--security/sssd/files/patch-src__providers__ldap__ldap_auth.c152
1 files changed, 111 insertions, 41 deletions
diff --git a/security/sssd/files/patch-src__providers__ldap__ldap_auth.c b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c
index c2dd1328a508..ae1bfc922d00 100644
--- a/security/sssd/files/patch-src__providers__ldap__ldap_auth.c
+++ b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c
@@ -1,4 +1,6 @@
---- src/providers/ldap/ldap_auth.c.orig 2014-09-17 13:01:37 UTC
+diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c
+index de22689ae..fdfd67cf4 100644
+--- src/providers/ldap/ldap_auth.c
+++ src/providers/ldap/ldap_auth.c
@@ -37,7 +37,6 @@
#include <sys/time.h>
@@ -8,9 +10,9 @@
#include <security/pam_modules.h>
#include "util/util.h"
-@@ -56,6 +55,22 @@ enum pwexpire {
- PWEXPIRE_SHADOW
- };
+@@ -52,6 +51,22 @@
+
+ #define LDAP_PWEXPIRE_WARNING_TIME 0
+struct spwd
+{
@@ -31,20 +33,9 @@
static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
{
int ret;
-@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *exp
- return EINVAL;
- }
-
-+ tzset();
- expire_time = mktime(&tm);
- if (expire_time == -1) {
- DEBUG(SSSDBG_CRIT_FAILURE,
-@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *exp
- return EINVAL;
+@@ -97,9 +112,9 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
}
-- tzset();
-- expire_time -= timezone;
DEBUG(SSSDBG_TRACE_ALL,
- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
@@ -55,7 +46,59 @@
if (difftime(now, expire_time) > 0.0) {
DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");
-@@ -924,7 +938,7 @@ void sdap_pam_chpass_handler(struct be_req *breq)
+@@ -946,14 +961,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx,
+
+ state->pd = pd;
+ state->be_ctx = params->be_ctx;
+- pd->pam_status = PAM_SYSTEM_ERR;
++ pd->pam_status = PAM_SERVICE_ERR;
+
+ switch (pd->cmd) {
+ case SSS_PAM_AUTHENTICATE:
+ subreq = auth_send(state, params->ev, auth_ctx,
+ pd->user, pd->authtok, false);
+ if (subreq == NULL) {
+- pd->pam_status = PAM_SYSTEM_ERR;
++ pd->pam_status = PAM_SERVICE_ERR;
+ goto immediately;
+ }
+
+@@ -963,14 +978,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx,
+ subreq = auth_send(state, params->ev, auth_ctx,
+ pd->user, pd->authtok, true);
+ if (subreq == NULL) {
+- pd->pam_status = PAM_SYSTEM_ERR;
++ pd->pam_status = PAM_SERVICE_ERR;
+ goto immediately;
+ }
+
+ tevent_req_set_callback(subreq, sdap_pam_auth_handler_done, req);
+ break;
+ case SSS_PAM_CHAUTHTOK:
+- pd->pam_status = PAM_SYSTEM_ERR;
++ pd->pam_status = PAM_SERVICE_ERR;
+ goto immediately;
+
+ case SSS_PAM_ACCT_MGMT:
+@@ -1015,7 +1030,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq)
+ state->be_ctx->domain->pwd_expiration_warning);
+ if (ret == EINVAL) {
+ /* Unknown password expiration type. */
+- state->pd->pam_status = PAM_SYSTEM_ERR;
++ state->pd->pam_status = PAM_SERVICE_ERR;
+ goto done;
+ }
+ }
+@@ -1049,7 +1064,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq)
+ state->pd->pam_status = PAM_BAD_ITEM;
+ break;
+ default:
+- state->pd->pam_status = PAM_SYSTEM_ERR;
++ state->pd->pam_status = PAM_SERVICE_ERR;
+ break;
+ }
+
+@@ -1271,7 +1286,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
DEBUG(SSSDBG_OP_FAILURE,
"starting password change request for user [%s].\n", pd->user);
@@ -64,16 +107,61 @@
if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
DEBUG(SSSDBG_OP_FAILURE,
-@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *r
- dp_err = DP_ERR_OFFLINE;
+@@ -1282,7 +1297,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
+ subreq = auth_send(state, params->ev, auth_ctx,
+ pd->user, pd->authtok, true);
+ if (subreq == NULL) {
+- pd->pam_status = PAM_SYSTEM_ERR;
++ pd->pam_status = PAM_SERVICE_ERR;
+ goto immediately;
+ }
+
+@@ -1335,7 +1350,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+ if (ret == ERR_PASSWORD_EXPIRED) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "LDAP provider cannot change "
+ "kerberos passwords.\n");
+- state->pd->pam_status = PAM_SYSTEM_ERR;
++ state->pd->pam_status = PAM_SERVICE_ERR;
+ goto done;
+ }
+ break;
+@@ -1344,7 +1359,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+ break;
+ default:
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n");
+- state->pd->pam_status = PAM_SYSTEM_ERR;
++ state->pd->pam_status = PAM_SERVICE_ERR;
+ goto done;
+ }
+ }
+@@ -1369,7 +1384,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+ if (subreq == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to change password for "
+ "%s\n", state->pd->user);
+- state->pd->pam_status = PAM_SYSTEM_ERR;
++ state->pd->pam_status = PAM_SERVICE_ERR;
+ goto done;
+ }
+
+@@ -1401,7 +1416,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+ be_mark_offline(state->be_ctx);
+ break;
+ default:
+- state->pd->pam_status = PAM_SYSTEM_ERR;
++ state->pd->pam_status = PAM_SERVICE_ERR;
+ break;
+ }
+
+@@ -1437,7 +1452,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
+ state->pd->pam_status = PAM_AUTHTOK_ERR;
break;
default:
- state->pd->pam_status = PAM_SYSTEM_ERR;
+ state->pd->pam_status = PAM_SERVICE_ERR;
+ break;
}
- done:
-@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *re
+@@ -1463,7 +1478,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
state->sh, state->dn,
lastchanged_name);
if (subreq == NULL) {
@@ -82,30 +170,12 @@
goto done;
}
-@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *re
+@@ -1489,7 +1504,7 @@ static void sdap_pam_chpass_handler_last_done(struct tevent_req *subreq)
+ talloc_free(subreq);
- ret = sdap_modify_shadow_lastchange_recv(req);
if (ret != EOK) {
- state->pd->pam_status = PAM_SYSTEM_ERR;
+ state->pd->pam_status = PAM_SERVICE_ERR;
goto done;
}
-@@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq)
- goto done;
- }
-
-- pd->pam_status = PAM_SYSTEM_ERR;
-+ pd->pam_status = PAM_SERVICE_ERR;
-
- switch (pd->cmd) {
- case SSS_PAM_AUTHENTICATE:
-@@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
- state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
- break;
- default:
-- state->pd->pam_status = PAM_SYSTEM_ERR;
-+ state->pd->pam_status = PAM_SERVICE_ERR;
- dp_err = DP_ERR_FATAL;
- }
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 09:48:56 +0000