diff --git a/SOURCES/0028-increase-password-buffer-size.patch b/SOURCES/0028-increase-password-buffer-size.patch new file mode 100644 index 0000000..0360559 --- /dev/null +++ b/SOURCES/0028-increase-password-buffer-size.patch @@ -0,0 +1,64 @@ +From 4c7656e6d140f199546347e87849a2d11cef4b60 Mon Sep 17 00:00:00 2001 +From: Arthur de Jong +Date: Sat, 7 Dec 2013 22:04:30 +0000 +Subject: increase password buffer size (thanks Bersl) (7140d21 from 0.9) + +git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.8@2056 ef36b2f9-881f-0410-afb5-c4e39611909c +--- + AUTHORS | 1 + + nslcd/group.c | 2 +- + nslcd/passwd.c | 2 +- + nslcd/shadow.c | 2 +- + 4 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/AUTHORS b/AUTHORS +index 65ee078..418c1a4 100644 +--- a/AUTHORS ++++ b/AUTHORS +@@ -120,3 +120,4 @@ Matthew L. Dailey + Chris Hiestand + Jon Severinsson + John Sullivan ++Bersl +diff --git a/nslcd/group.c b/nslcd/group.c +index ebf52dd..dd72d8a 100644 +--- a/nslcd/group.c ++++ b/nslcd/group.c +@@ -254,7 +254,7 @@ static int write_group(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname, + gid_t gids[MAXGIDS_PER_ENTRY]; + int numgids; + char *tmp; +- char passbuffer[64]; ++ char passbuffer[256]; + int rc; + /* get group name (cn) */ + names=myldap_get_values(entry,attmap_group_cn); +diff --git a/nslcd/passwd.c b/nslcd/passwd.c +index bf05fac..e940268 100644 +--- a/nslcd/passwd.c ++++ b/nslcd/passwd.c +@@ -464,7 +464,7 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser, + char gecos[1024]; + char homedir[256]; + char shell[64]; +- char passbuffer[64]; ++ char passbuffer[256]; + int i,j; + /* get the usernames for this entry */ + usernames=myldap_get_values(entry,attmap_passwd_uid); +diff --git a/nslcd/shadow.c b/nslcd/shadow.c +index f7dee7d..87ef1f2 100644 +--- a/nslcd/shadow.c ++++ b/nslcd/shadow.c +@@ -294,7 +294,7 @@ static int write_shadow(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser) + long expiredate; + unsigned long flag; + int i; +- char passbuffer[64]; ++ char passbuffer[256]; + /* get username */ + usernames=myldap_get_values(entry,attmap_shadow_uid); + if ((usernames==NULL)||(usernames[0]==NULL)) +-- +cgit v1.2.1 + diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec index 5f445d9..4983093 100644 --- a/SPECS/nss-pam-ldapd.spec +++ b/SPECS/nss-pam-ldapd.spec @@ -39,7 +39,7 @@ Name: nss-pam-ldapd Version: 0.8.13 -Release: 22%{?dist} +Release: 22%{?dist}.1 Summary: An nsswitch module which uses directory servers Group: System Environment/Base License: LGPLv2+ @@ -64,7 +64,7 @@ Patch12: nss-pam-ldapd-0.8.13-password-longer-than-64-chars.patch Patch13: nss-pam-ldapd-0.8.13-uri-man-fix.patch Patch14: nss-pam-ldapd-0.8.13-uid_formatting.patch Patch15: nss-pam-ldapd-bz1676861-Increase-size-of-config-file-token.patch -# rhbz#1612543 - Password expiration notification is not sent if the LDAP user doesn't have the objectClass shadowAccount. +# rhbz#1612543 - Password expiration notification is not sent if the LDAP user doesn't have the objectClass shadowAccount. Patch16: 0016-Backport-of-request-and-parse-password-policy-contro.patch Patch17: 0017-Backport-of-passing-expiration-controls-back-to-PAM-.patch Patch18: 0018-Also-extract-policy-controls-on-BIND-failure.patch @@ -76,9 +76,10 @@ Patch23: 0023-Backport-typo-fixes-in-password-expiration-warnings.patch Patch24: 0024-Allow-logging-longer-lines.patch # rhbz#1618558 - AD authentication on RHEL using nslcd fails with error "pwdLastSet: password changed in the future" Patch25: 0025-Backport-of-Update-shadow.c-to-resolve-pwdLastSet-is.patch -# rhbz#1612543 - Password expiration notification is not sent if the LDAP user doesn't have the objectClass shadowAccount. +# rhbz#1612543 - Password expiration notification is not sent if the LDAP user doesn't have the objectClass shadowAccount. Patch26: 0026-RHEL-specific-Disable-the-password-policies-unless-e.patch Patch27: 0027-RHEL-specific-document-the-ppolicy-option-default.patch +Patch28: 0028-increase-password-buffer-size.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openldap-devel, krb5-devel @@ -153,6 +154,7 @@ nsswitch module. %patch25 -p1 -b .pwd_last_set %patch26 -p1 -b .ppolicy_default %patch27 -p1 -b .ppolicy_default_man +%patch28 -p1 -b .password_buffer_length autoreconf -f -i %build @@ -389,6 +391,10 @@ exit 0 %endif %changelog +* Tue Mar 31 2020 Tomas Halman - 0.8.13-22.1 +- Extend password buffer length to allow modern hashes +- Resolves: rhbz#1819648 - Truncated shadowPasswords in nslcd 0.8.13 + * Tue Sep 17 2019 Jakub Hrozek - 0.8.13-22 - Do not enable the password expiration controls by default - Document the option and its default @@ -651,7 +657,7 @@ exit 0 * Thu Sep 24 2009 Nalin Dahyabhai 0.6.11-2 - rebuild -* Wed Sep 16 2009 Nalin Dahyabhai +* Wed Sep 16 2009 Nalin Dahyabhai - apply Mitchell Berger's patch to clean up the init script, use %%{_initddir}, and correct the %%post so that it only thinks about turning on nslcd when we're first being installed (#522947)