diff options
Diffstat (limited to 'source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch')
-rw-r--r-- | source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch b/source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch new file mode 100644 index 00000000..13b0ace7 --- /dev/null +++ b/source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch @@ -0,0 +1,49 @@ +From fea0f5ed287b04406afca0835b1a333bd1fe617b Mon Sep 17 00:00:00 2001 +From: Arthur de Jong <arthur@arthurdejong.org> +Date: Sun, 13 Oct 2019 17:24:36 +0200 +Subject: [PATCH] Add pam_authc_ppolicy support in pynslcd + +See https://bugs.debian.org/900253 +--- + pynslcd/cfg.py | 3 ++- + pynslcd/pam.py | 6 ++++-- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py +index 877d4427..b970b5a7 100644 +--- a/pynslcd/cfg.py ++++ b/pynslcd/cfg.py +@@ -87,6 +87,7 @@ + nss_getgrent_skipmembers = False + nss_disable_enumeration = False + validnames = re.compile(r'^[a-z0-9._@$][a-z0-9._@$ \\~-]{0,98}[a-z0-9._@$~-]$', re.IGNORECASE) ++pam_authc_ppolicy = True + pam_authz_searches = [] + pam_password_prohibit_message = None + reconnect_invalidate = set() +@@ -184,7 +185,7 @@ def read(filename): # noqa: C901 (many simple branches) + # parse options with a single boolean argument + m = re.match( + r'(?P<keyword>referrals|nss_nested_groups|nss_getgrent_skipmembers|' +- r'nss_disable_enumeration)\s+(?P<value>%s)' % ( ++ r'nss_disable_enumeration|pam_authc_ppolicy)\s+(?P<value>%s)' % ( + '|'.join(_boolean_options.keys())), + line, re.IGNORECASE) + if m: +diff --git a/pynslcd/pam.py b/pynslcd/pam.py +index b372cdda..5f5486b3 100644 +--- a/pynslcd/pam.py ++++ b/pynslcd/pam.py +@@ -42,8 +42,10 @@ def authenticate(binddn, password): + # open a new connection + conn = search.Connection() + # bind using the specified credentials +- pwctrl = PasswordPolicyControl() +- res, data, msgid, ctrls = conn.simple_bind_s(binddn, password, serverctrls=[pwctrl]) ++ serverctrls = [] ++ if cfg.pam_authc_ppolicy: ++ serverctrls.append(PasswordPolicyControl()) ++ res, data, msgid, ctrls = conn.simple_bind_s(binddn, password, serverctrls=serverctrls) + # go over bind result server controls + for ctrl in ctrls: + if ctrl.controlType == PasswordPolicyControl.controlType: |