head	1.9;
access;
symbols
	RELEASE_8_3_0:1.9
	RELEASE_9_0_0:1.9
	RELEASE_7_4_0:1.9
	RELEASE_8_2_0:1.9
	RELEASE_6_EOL:1.8
	RELEASE_8_1_0:1.8
	RELEASE_7_3_0:1.8
	RELEASE_8_0_0:1.8
	RELEASE_7_2_0:1.8
	RELEASE_7_1_0:1.8
	RELEASE_6_4_0:1.8
	RELEASE_5_EOL:1.8
	RELEASE_7_0_0:1.8
	RELEASE_6_3_0:1.8
	PRE_XORG_7:1.8
	RELEASE_4_EOL:1.8
	RELEASE_6_2_0:1.8
	RELEASE_6_1_0:1.8
	RELEASE_5_5_0:1.8
	RELEASE_6_0_0:1.8
	RELEASE_5_4_0:1.8
	RELEASE_4_11_0:1.8
	RELEASE_5_3_0:1.7
	RELEASE_4_10_0:1.6
	RELEASE_5_2_1:1.6
	RELEASE_5_2_0:1.6
	RELEASE_4_9_0:1.6
	RELEASE_5_1_0:1.6
	RELEASE_4_8_0:1.6
	RELEASE_5_0_0:1.6
	RELEASE_4_7_0:1.6
	RELEASE_4_6_2:1.5
	RELEASE_4_6_1:1.5
	RELEASE_4_6_0:1.5
	RELEASE_5_0_DP1:1.5
	RELEASE_4_5_0:1.2
	RELEASE_4_4_0:1.2;
locks; strict;
comment	@# @;


1.9
date	2010.12.17.19.39.41;	author marcus;	state Exp;
branches;
next	1.8;

1.8
date	2004.10.31.07.54.19;	author marcus;	state Exp;
branches;
next	1.7;

1.7
date	2004.09.02.19.25.41;	author marcus;	state Exp;
branches;
next	1.6;

1.6
date	2002.07.26.02.22.27;	author marcus;	state Exp;
branches;
next	1.5;

1.5
date	2002.03.29.23.11.09;	author petef;	state Exp;
branches;
next	1.4;

1.4
date	2002.03.29.07.46.57;	author petef;	state Exp;
branches;
next	1.3;

1.3
date	2002.02.04.23.14.31;	author pat;	state dead;
branches;
next	1.2;

1.2
date	2001.06.11.20.11.29;	author dwcjr;	state Exp;
branches;
next	1.1;

1.1
date	2001.06.08.19.00.20;	author dwcjr;	state Exp;
branches;
next	;


desc
@@


1.9
log
@Update to 1.8.6.
@
text
@--- pam_ldap.c.orig	2010-12-17 14:36:11.105528000 -0500
+++ pam_ldap.c	2010-12-17 14:38:42.000000000 -0500
@@@@ -131,12 +131,7 @@@@
 #include "pam_ldap.h"
 #include "md5.h"
 
-#if defined(HAVE_SECURITY_PAM_MISC_H) || defined(HAVE_PAM_PAM_MISC_H) || defined(OPENPAM)
- /* FIXME: is there something better to check? */
 #define CONST_ARG const
-#else
-#define CONST_ARG
-#endif
 
 #ifndef HAVE_LDAP_MEMFREE
 #define ldap_memfree(x)	free(x)
@@@@ -3411,7 +3406,7 @@@@ pam_sm_authenticate (pam_handle_t * pamh
   int rc;
   const char *username;
   char *p;
-  int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0;
+  int use_first_pass = 0, try_first_pass = 0, ignore_flags = 0, migrate = 0;
   int i;
   pam_ldap_session_t *session = NULL;
   const char *configFile = NULL;
@@@@ -3432,6 +3427,8 @@@@ pam_sm_authenticate (pam_handle_t * pamh
 	;
       else if (!strcmp (argv[i], "debug"))
 	;
+      else if (!strcmp (argv[i], "migrate"))
+        migrate = 1;
       else
 	syslog (LOG_ERR, "illegal option %s", argv[i]);
     }
@@@@ -3445,6 +3442,22 @@@@ pam_sm_authenticate (pam_handle_t * pamh
     return rc;
 
   rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p);
+  /* start of migrate facility in "pam_ldap authentication" */
+  if (migrate==1 && rc==PAM_SUCCESS)
+    {
+      /* check if specified username exists in LDAP */
+      if (_get_user_info(session,username)==PAM_SUCCESS)
+        {
+          /*
+             overwrite old LDAP userPassword with a new password
+             obtained during pam authentication process
+             - rootbinddn and ldap.secret must be set
+          */
+          rc=_update_authtok(pamh,session,username,NULL,p);
+          return PAM_IGNORE;
+        }
+    }
+  /* end of migrate facility in "pam_ldap authentication" */
   if (rc == PAM_SUCCESS && (use_first_pass || try_first_pass))
     {
       rc = _do_authentication (pamh, session, username, p);
@@@@ -3721,7 +3734,7 @@@@ pam_sm_chauthtok (pam_handle_t * pamh, i
 	  if (curpass == NULL)
 	    return PAM_MAXTRIES;	/* maximum tries exceeded */
 	  else
-	    pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) curpass);
+	    pam_set_item (pamh, PAM_OLDAUTHTOK, (void *) strdup(curpass));
 	}
       else
 	{
@


1.8
log
@Update to 1.7.6.
@
text
@d1 2
a2 2
--- pam_ldap.c.orig	Sun Oct 31 02:42:54 2004
+++ pam_ldap.c	Sun Oct 31 02:48:03 2004
d7 1
a7 1
-#if defined(HAVE_SECURITY_PAM_MISC_H) || defined(HAVE_PAM_PAM_MISC_H)
d16 1
a16 1
@@@@ -3137,7 +3132,7 @@@@
d25 1
a25 1
@@@@ -3158,6 +3153,8 @@@@
d34 1
a34 1
@@@@ -3171,6 +3168,22 @@@@
d57 1
a57 17
@@@@ -3419,11 +3432,11 @@@@
 		    {
 		      _conv_sendmsg (appconv, "Password change aborted",
 				     PAM_ERROR_MSG, no_warn);
-#ifdef PAM_AUTHTOK_RECOVERY_ERR
-		      return PAM_AUTHTOK_RECOVERY_ERR;
-#else
+#ifdef PAM_AUTHTOK_RECOVER_ERR
 		      return PAM_AUTHTOK_RECOVER_ERR;
-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
+#else
+		      return PAM_AUTHTOK_RECOVERY_ERR;
+#endif
 		    }
 		  else
 		    {
@@@@ -3437,7 +3450,7 @@@@
a65 64
@@@@ -3465,11 +3478,11 @@@@
       syslog (LOG_ERR,
 	      "pam_ldap: error getting old authentication token (%s)",
 	      pam_strerror (pamh, rc));
-#ifdef PAM_AUTHTOK_RECOVERY_ERR
-      return PAM_AUTHTOK_RECOVERY_ERR;
-#else
+#ifdef PAM_AUTHTOK_RECOVER_ERR
       return PAM_AUTHTOK_RECOVER_ERR;
-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
+#else
+      return PAM_AUTHTOK_RECOVERY_ERR;
+#endif /* PAM_AUTHTOK_RECOVER_ERR */
     }
 
   if (try_first_pass || use_first_pass)
@@@@ -3479,11 +3492,11 @@@@
 	newpass = NULL;
 
       if (use_first_pass && newpass == NULL)
-#ifdef PAM_AUTHTOK_RECOVERY_ERR
-	return PAM_AUTHTOK_RECOVERY_ERR;
-#else
+#ifdef PAM_AUTHTOK_RECOVER_ERR
 	return PAM_AUTHTOK_RECOVER_ERR;
-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
+#else
+	return PAM_AUTHTOK_RECOVERY_ERR;
+#endif /* PAM_AUTHTOK_RECOVER_ERR */
     }
 
   tries = 0;
@@@@ -3533,11 +3546,11 @@@@
 	}
       else
 	{
-#ifdef PAM_AUTHTOK_RECOVERY_ERR
-	  return PAM_AUTHTOK_RECOVERY_ERR;
-#else
+#ifdef PAM_AUTHTOK_RECOVER_ERR
 	  return PAM_AUTHTOK_RECOVER_ERR;
-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
+#else
+	  return PAM_AUTHTOK_RECOVERY_ERR;
+#endif /* PAM_AUTHTOK_RECOVER_ERR */
 	}
 
       if (cmiscptr == NULL)
@@@@ -3569,11 +3582,11 @@@@
 		{
 		  _conv_sendmsg (appconv, "Password change aborted",
 				 PAM_ERROR_MSG, no_warn);
-#ifdef PAM_AUTHTOK_RECOVERY_ERR
-		  return PAM_AUTHTOK_RECOVERY_ERR;
-#else
+#ifdef PAM_AUTHTOK_RECOVER_ERR
 		  return PAM_AUTHTOK_RECOVER_ERR;
-#endif /* PAM_AUTHTOK_RECOVERY_ERR */
+#else
+		  return PAM_AUTHTOK_RECOVERY_ERR;
+#endif /* PAM_AUTHTOK_RECOVER_ERR */
 		}
 	    }
 	  else if (!strcmp (newpass, miscptr))
@


1.7
log
@Implement a "mgrate" facility that lets one migrate/overwrite the LDAP
userPassword field of the user being authenticated.  The PAM and LDAP
usernames must be the same.  This makes "pam_ldap migrate" similar to
"pam_smbpass migrate".  This has been submitted to PADL in
http://bugzilla.padl.com/show_bug.cgi?id=178. [1]

Allow pam_ldap to change user passwords under certain circumstances.  This
has been submitted to PADL in
http://bugzilla.padl.com/show_bug.cgi?id=177. [2]

All of this is documented further at
http://www.iem.pw.edu.pl/~wielebap/ldap/pam_ldap/pam_ldap_doc.pdf.

PR:		71289 [1]
		71287 [2]
Submitted by:	Pawel Wieleba <wielebap@@iem.pw.edu.pl>
@
text
@d1 3
a3 3
--- pam_ldap.c.orig	Thu Sep  2 19:20:15 2004
+++ pam_ldap.c	Thu Sep  2 19:21:04 2004
@@@@ -127,12 +127,7 @@@@
d16 1
a16 1
@@@@ -2946,7 +2941,7 @@@@
d25 1
a25 1
@@@@ -2967,6 +2962,8 @@@@
d34 1
a34 1
@@@@ -2980,6 +2977,22 @@@@
d49 1
a49 1
+          rc=_update_authtok(session,username,NULL,p);
d56 2
a57 2
       rc = _do_authentication (session, username, p);
@@@@ -3228,11 +3241,11 @@@@
d73 1
a73 1
@@@@ -3246,7 +3259,7 @@@@
d82 1
a82 1
@@@@ -3274,11 +3287,11 @@@@
d98 1
a98 1
@@@@ -3288,11 +3301,11 @@@@
d114 1
a114 1
@@@@ -3342,11 +3355,11 @@@@
d130 1
a130 1
@@@@ -3378,11 +3391,11 @@@@
@


1.6
log
@Update to 1.5.0.
@
text
@d1 3
a3 3
--- pam_ldap.c.orig	Thu Jul 25 22:15:52 2002
+++ pam_ldap.c	Thu Jul 25 22:20:11 2002
@@@@ -126,12 +126,7 @@@@
d16 42
a57 1
@@@@ -2898,11 +2893,11 @@@@
d73 10
a82 1
@@@@ -2942,11 +2937,11 @@@@
d98 1
a98 1
@@@@ -2956,11 +2951,11 @@@@
d114 1
a114 1
@@@@ -3010,11 +3005,11 @@@@
d130 1
a130 1
@@@@ -3046,11 +3041,11 @@@@
@


1.5
log
@Forced commit to note that this patch was:

Submitted by:	des
@
text
@d1 2
a2 4
$FreeBSD: ports/security/pam_ldap/files/patch-ab,v 1.4 2002/03/29 07:46:57 petef Exp $

--- pam_ldap.c.orig	Mon Mar 25 15:54:28 2002
+++ pam_ldap.c	Mon Mar 25 15:54:29 2002
d7 1
a7 1
-#ifdef HAVE_SECURITY_PAM_MISC_H
d16 1
a16 1
@@@@ -2843,11 +2838,11 @@@@
d28 1
a28 1
+#endif /* PAM_AUTHTOK_RECOVER_ERR */
d32 1
a32 1
@@@@ -2887,11 +2882,11 @@@@
d48 1
a48 1
@@@@ -2901,11 +2896,11 @@@@
d64 1
a64 1
@@@@ -2955,11 +2950,11 @@@@
d80 1
a80 1
@@@@ -2991,11 +2986,11 @@@@
@


1.4
log
@- add a patch to let this build with OpenPAM, but mark as broken for
  -currents with OpenPAM because functionality is broken.
- touch -> ${TOUCH}

PR:		36469
Submitted by:	maintainer
@
text
@d1 1
a1 1
$FreeBSD$
@


1.3
log
@Update to 1.3.7

PR:		34592
Submitted by:	maintainer
@
text
@d1 7
a7 8
--- pam_ldap.c.orig	Mon Jun 11 11:44:49 2001
+++ pam_ldap.c	Mon Jun 11 11:45:07 2001
@@@@ -557,7 +557,7 @@@@
 
   /* configuration file location is configurable; default /etc/ldap.conf */
   if (configFile == NULL)
-    configFile = "/etc/ldap.conf";
+    configFile = LDAP_CONF_FILE;
d9 6
a14 1
   fp = fopen (configFile, "r");
d16 82
@


1.2
log
@Fix patches to use etc instead of etc/pam_ldap
Bump PORTREVISION
@
text
@@


1.1
log
@New pam port for ldap authentication.

PR:		27673
Submitted by:	Joe Marcus Clarke <marcus@@marcuscom.com>
Reviewed by:	will
@
text
@d1 3
a3 3
--- pam_ldap.c.orig	Sat May 26 16:06:17 2001
+++ pam_ldap.c	Sat May 26 16:07:05 2001
@@@@ -551,7 +551,7 @@@@
d8 1
a8 1
+    configFile = "/usr/local/etc/pam_ldap/ldap.conf";
@

