From 254ba4db33179bf8df50aea6e9138ade4ff5cb98 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sep 29 2020 07:05:54 +0000 Subject: import nss-pam-ldapd-0.8.13-25.el7 --- diff --git a/SOURCES/0029-increase-dnsname-buffer-size.patch b/SOURCES/0029-increase-dnsname-buffer-size.patch new file mode 100644 index 0000000..872db5c --- /dev/null +++ b/SOURCES/0029-increase-dnsname-buffer-size.patch @@ -0,0 +1,94 @@ +diff -up nss-pam-ldapd-0.8.13/nslcd/cfg.c.orig nss-pam-ldapd-0.8.13/nslcd/cfg.c +--- nss-pam-ldapd-0.8.13/nslcd/cfg.c.orig 2020-04-07 16:25:47.620202608 +0200 ++++ nss-pam-ldapd-0.8.13/nslcd/cfg.c 2020-04-07 16:05:37.465906217 +0200 +@@ -197,7 +197,7 @@ static void add_uris_from_dns(const char + { + int rc; + char *hostlist=NULL,*nxt; +- char buf[HOST_NAME_MAX+sizeof("ldap://")]; ++ char buf[BUFLEN_HOSTNAME+sizeof("ldap://")]; + log_log(LOG_DEBUG,"query %s for SRV records",domain); + rc=ldap_domain2hostlist(domain,&hostlist); + if (rc!=LDAP_SUCCESS) +diff -up nss-pam-ldapd-0.8.13/nslcd/common.c.orig nss-pam-ldapd-0.8.13/nslcd/common.c +--- nss-pam-ldapd-0.8.13/nslcd/common.c.orig 2020-04-07 16:24:34.790524739 +0200 ++++ nss-pam-ldapd-0.8.13/nslcd/common.c 2020-04-07 16:04:48.080441998 +0200 +@@ -62,7 +62,7 @@ int mysnprintf(char *buffer,size_t bufle + const char *getfqdn(void) + { + static char *fqdn=NULL; +- char hostname[HOST_NAME_MAX+1]; ++ char hostname[BUFLEN_HOSTNAME+1]; + int hostnamelen; + int i; + struct hostent *host=NULL; +diff -up nss-pam-ldapd-0.8.13/nslcd/common.h.orig nss-pam-ldapd-0.8.13/nslcd/common.h +--- nss-pam-ldapd-0.8.13/nslcd/common.h.orig 2020-04-07 16:25:28.271022516 +0200 ++++ nss-pam-ldapd-0.8.13/nslcd/common.h 2020-04-07 16:03:34.186747405 +0200 +@@ -133,14 +133,7 @@ void get_shadow_properties(MYLDAP_ENTRY + /* check whether the nsswitch.conf file has LDAP as a naming source for db */ + int nsswitch_db_uses_ldap(const char *filename,const char *db); + +-/* fallback definition of HOST_NAME_MAX */ +-#ifndef HOST_NAME_MAX +-#ifdef _POSIX_HOST_NAME_MAX +-#define HOST_NAME_MAX _POSIX_HOST_NAME_MAX +-#else +-#define HOST_NAME_MAX 255 +-#endif /* _POSIX_HOST_NAME_MAX */ +-#endif /* not HOST_NAME_MAX */ ++#define BUFLEN_HOSTNAME 256 /* host names or FQDN (and safe version) */ + + uint32_t strtoid(const char *nptr,char **endptr,int base); + #define strtouid (uid_t)strtoid +diff -up nss-pam-ldapd-0.8.13/nslcd/pam.c.orig nss-pam-ldapd-0.8.13/nslcd/pam.c +--- nss-pam-ldapd-0.8.13/nslcd/pam.c.orig 2020-04-07 16:26:09.738408467 +0200 ++++ nss-pam-ldapd-0.8.13/nslcd/pam.c 2020-04-07 16:06:43.298525030 +0200 +@@ -385,7 +385,7 @@ static int try_autzsearch(MYLDAP_SESSION + const char *username,const char *servicename, + const char *ruser,const char *rhost,const char *tty) + { +- char hostname[HOST_NAME_MAX+1]; ++ char hostname[BUFLEN_HOSTNAME+1]; + const char *fqdn; + DICT *dict=NULL; + char filter[4096]; +@@ -471,7 +471,7 @@ int nslcd_pam_authz(TFILE *fp,MYLDAP_SES + int rc; + char username[256]; + char servicename[64]; +- char ruser[256],rhost[HOST_NAME_MAX+1],tty[64]; ++ char ruser[256],rhost[BUFLEN_HOSTNAME+1],tty[64]; + MYLDAP_ENTRY *entry; + char authzmsg[1024]; + authzmsg[0]='\0'; +@@ -529,7 +529,7 @@ int nslcd_pam_sess_o(TFILE *fp,MYLDAP_SE + int32_t tmpint32; + char username[256]; + char servicename[64]; +- char tty[64],rhost[HOST_NAME_MAX+1],ruser[256]; ++ char tty[64],rhost[BUFLEN_HOSTNAME+1],ruser[256]; + int32_t sessionid; + /* read request parameters */ + READ_STRING(fp,username); +@@ -558,7 +558,7 @@ int nslcd_pam_sess_c(TFILE *fp,MYLDAP_SE + int32_t tmpint32; + char username[256]; + char servicename[64]; +- char tty[64],rhost[HOST_NAME_MAX+1],ruser[256]; ++ char tty[64],rhost[BUFLEN_HOSTNAME+1],ruser[256]; + int32_t sessionid; + /* read request parameters */ + READ_STRING(fp,username); +diff -up nss-pam-ldapd-0.8.13/nss/ethers.c.orig nss-pam-ldapd-0.8.13/nss/ethers.c +--- nss-pam-ldapd-0.8.13/nss/ethers.c.orig 2020-04-07 16:24:00.767208075 +0200 ++++ nss-pam-ldapd-0.8.13/nss/ethers.c 2020-04-07 16:04:21.376190986 +0200 +@@ -99,7 +99,7 @@ nss_status_t _nss_ldap_endetherent(void) + + /* provide a fallback definition */ + #ifndef NSS_BUFLEN_ETHERS +-#define NSS_BUFLEN_ETHERS HOST_NAME_MAX ++#define NSS_BUFLEN_ETHERS BUFLEN_HOSTNAME + #endif /* NSS_BUFLEN_ETHERS */ + + #ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN diff --git a/SOURCES/0030-unify-expire-password-message.patch b/SOURCES/0030-unify-expire-password-message.patch new file mode 100644 index 0000000..dd420bc --- /dev/null +++ b/SOURCES/0030-unify-expire-password-message.patch @@ -0,0 +1,24 @@ +diff -up nss-pam-ldapd-0.8.13/nslcd/pam.c.orig nss-pam-ldapd-0.8.13/nslcd/pam.c +--- nss-pam-ldapd-0.8.13/nslcd/pam.c.orig 2020-04-07 17:02:56.289417432 +0200 ++++ nss-pam-ldapd-0.8.13/nslcd/pam.c 2020-04-07 17:12:11.027606707 +0200 +@@ -196,9 +196,9 @@ static int check_shadow(MYLDAP_SESSION * + /* check maxdays */ + daysleft=lastchangedate+maxdays-today; + if (daysleft==0) +- mysnprintf(authzmsg,authzmsgsz-1,"password will expire today"); ++ mysnprintf(authzmsg,authzmsgsz-1,"Password will expire today"); + else if (daysleft<0) +- mysnprintf(authzmsg,authzmsgsz-1,"password expired %ld days ago",-daysleft); ++ mysnprintf(authzmsg,authzmsgsz-1,"Password expired %ld days ago",-daysleft); + /* check inactdays */ + if ((daysleft<=0)&&(inactdays!=-1)) + { +@@ -228,7 +228,7 @@ static int check_shadow(MYLDAP_SESSION * + /* check warndays */ + if ((warndays>0)&&(daysleft<=warndays)) + { +- mysnprintf(authzmsg,authzmsgsz-1,"password will expire in %ld days",daysleft); ++ mysnprintf(authzmsg,authzmsgsz-1,"Password will expire in %ld days",daysleft); + log_log(LOG_WARNING,"%s: %s: %s", + myldap_get_dn(entry),attmap_shadow_shadowWarning,authzmsg); + } diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec index 4983093..56e6cee 100644 --- a/SPECS/nss-pam-ldapd.spec +++ b/SPECS/nss-pam-ldapd.spec @@ -39,7 +39,7 @@ Name: nss-pam-ldapd Version: 0.8.13 -Release: 22%{?dist}.1 +Release: 25%{?dist} Summary: An nsswitch module which uses directory servers Group: System Environment/Base License: LGPLv2+ @@ -80,6 +80,8 @@ Patch25: 0025-Backport-of-Update-shadow.c-to-resolve-pwdLastSet-is.patch Patch26: 0026-RHEL-specific-Disable-the-password-policies-unless-e.patch Patch27: 0027-RHEL-specific-document-the-ppolicy-option-default.patch Patch28: 0028-increase-password-buffer-size.patch +Patch29: 0029-increase-dnsname-buffer-size.patch +Patch30: 0030-unify-expire-password-message.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openldap-devel, krb5-devel @@ -155,6 +157,9 @@ nsswitch module. %patch26 -p1 -b .ppolicy_default %patch27 -p1 -b .ppolicy_default_man %patch28 -p1 -b .password_buffer_length +%patch29 -p1 -b .dnsname_buffer_length +%patch30 -p1 -b .password_expire_message + autoreconf -f -i %build @@ -391,9 +396,18 @@ exit 0 %endif %changelog -* Tue Mar 31 2020 Tomas Halman - 0.8.13-22.1 +* Tue Apr 7 2020 Tomas Halman - 0.8.13-24 +- Unify password expire message +- Resolves: rhbz#1771439 - Different password expiration message for LDAP users + with and without ObjectClass ShadowAccount + +* Tue Apr 7 2020 Tomas Halman - 0.8.13-24 +- Extend dns name buffers to allow long dns names +- Resolves: rhbz#1685610 - nslcd aborts when rhost is large and UseDNS is true + +* Tue Mar 31 2020 Tomas Halman - 0.8.13-23 - Extend password buffer length to allow modern hashes -- Resolves: rhbz#1819648 - Truncated shadowPasswords in nslcd 0.8.13 +- Resolves: rhbz#1773506 - Truncated shadowPasswords in nslcd 0.8.13 * Tue Sep 17 2019 Jakub Hrozek - 0.8.13-22 - Do not enable the password expiration controls by default