diff options
Diffstat (limited to 'source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch')
| -rw-r--r-- | source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch b/source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch deleted file mode 100644 index 168b9ba0..00000000 --- a/source/n/krb5/patches/krb5-1.13-dirsrv-accountlock.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 0a33cb5ff8f80c62a652bc60860fad375ee58a85 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood <rharwood@redhat.com> -Date: Tue, 23 Aug 2016 16:47:44 -0400 -Subject: [PATCH] krb5-1.13-dirsrv-accountlock.patch - -Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. Updated from -original version filed as RT#5891. ---- - src/aclocal.m4 | 9 +++++++++ - src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 17 +++++++++++++++++ - src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 3 +++ - 3 files changed, 29 insertions(+) - -diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index f5667c3..2bfb994 100644 ---- a/src/aclocal.m4 -+++ b/src/aclocal.m4 -@@ -1656,6 +1656,15 @@ if test "$with_ldap" = yes; then - AC_MSG_NOTICE(enabling OpenLDAP database backend module support) - OPENLDAP_PLUGIN=yes - fi -+AC_ARG_WITH([dirsrv-account-locking], -+[ --with-dirsrv-account-locking compile 389/Red Hat/Fedora/Netscape Directory Server database backend module], -+[case "$withval" in -+ yes | no) ;; -+ *) AC_MSG_ERROR(Invalid option value --with-dirsrv-account-locking="$withval") ;; -+esac], with_dirsrv_account_locking=no) -+if test $with_dirsrv_account_locking = yes; then -+ AC_DEFINE(HAVE_DIRSRV_ACCOUNT_LOCKING,1,[Define if LDAP KDB interface should heed 389 DS's nsAccountLock attribute.]) -+fi - ])dnl - dnl - dnl If libkeyutils exists (on Linux) include it and use keyring ccache -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -index 32efc4f..af8b2db 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -@@ -1674,6 +1674,23 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context, - ret = krb5_dbe_update_tl_data(context, entry, &userinfo_tl_data); - if (ret) - goto cleanup; -+#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING -+ { -+ krb5_timestamp expiretime=0; -+ char *is_login_disabled=NULL; -+ -+ /* LOGIN DISABLED */ -+ ret = krb5_ldap_get_string(ld, ent, "nsAccountLock", &is_login_disabled, -+ &attr_present); -+ if (ret) -+ goto cleanup; -+ if (attr_present == TRUE) { -+ if (strcasecmp(is_login_disabled, "TRUE")== 0) -+ entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX; -+ free (is_login_disabled); -+ } -+ } -+#endif - - ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname); - if (ret) -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c -index d722dbf..5e8e9a8 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c -@@ -54,6 +54,9 @@ char *principal_attributes[] = { "krbprincipalname", - "krbLastFailedAuth", - "krbLoginFailedCount", - "krbLastSuccessfulAuth", -+#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING -+ "nsAccountLock", -+#endif - "krbLastPwdChange", - "krbLastAdminUnlock", - "krbPrincipalAuthInd", |