Re: LDAP / passwd

To: debian-user-german@lists.debian.org
Subject: Re: LDAP / passwd
From: Bjoern Schmidt <bj-schmidt@uni-paderborn.de>
Date: Wed, 01 Dec 2004 14:53:42 +0100
Message-id: <[🔎] 41ADCCE6.6040500@uni-paderborn.de>
In-reply-to: <[🔎] 41ADCA22.3050306@uni-paderborn.de>
References: <[🔎] E1CZUFy-0003Zr-00@www.strato-webmail.de> <[🔎] 41ADCA22.3050306@uni-paderborn.de>

Bjoern Schmidt wrote:

jerome_reinert@pc-kurios.de wrote:
Wie bei mir. Zwischen unseren configs bestehen keine interessanten
Unterschiede. Echt seltsam der Fehler. Ich gehe mal davon aus dass
es ein Konfigurationsproblem ist und mache keinen Bugreport auf.
Fürs Archiv hänge ich den patch an. Vielleicht Liegt es ja doch am
Modul...

Der patch ist gegen libpam-ldap-169-2 aus sarge


[...]

Da ist mit diff irgendwas falsch gelaufen. Hier nochmal der richtige Patch
(Frank, Deiner ist auch kaputt). Sorry an alle die den patch nicht brauchen
und jetzt unnötig 10kB. mehr herunterladen müssen ;)


--
Mit freundlichen Gruessen
Bjoern Schmidt

--- libpam-ldap-169/pam_ldap.c	2004-12-01 14:48:49.000000000 +0100
+++ /data/build/libpam-ldap-169/pam_ldap.c	2004-12-01 10:07:40.000000000 +0100
@@ -2604,9 +2604,10 @@
 #ifdef LDAP_EXOP_MODIFY_PASSWD
   /* for OpenLDAP password change extended operation */
   BerElement *ber;
-  struct berval *bv;
-  char *retoid;
-  struct berval *retdata;
+  struct berval bv = {0, NULL};
+  int id, code = LDAP_OTHER;
+  int rc_pr = 0;
+  LDAPMessage *res;
 #endif /* LDAP_EXOP_MODIFY_PASSWD */
 
   if (session->info == NULL)
@@ -2783,35 +2784,43 @@
       ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
 		  session->info->userdn);
       /* this doesn't appear to be necessary anymore */
-      ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, old_password);
+//    ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, old_password);
       ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, new_password);
       ber_printf (ber, "N}");
 
-      rc = ber_flatten (ber, &bv);
+      rc = ber_flatten2(ber, &bv, 0 );
       if (rc < 0)
 	{
 	  ber_free (ber, 1);
 	  return PAM_BUF_ERR;
 	}
 
-      ber_free (ber, 1);
+	if (ldap_bind_s( session->ld, session->info->userdn,  
+            session->info->userpw, LDAP_AUTH_SIMPLE ) != LDAP_SUCCESS )
+	{
+		ldap_perror(session->ld, "ldap_bind" );
+	}
 
-      rc =
-	ldap_extended_operation_s (session->ld, LDAP_EXOP_MODIFY_PASSWD, bv,
-				   NULL, NULL, &retoid, &retdata);
-      ber_bvfree (bv);
+	rc = ldap_extended_operation (session->ld, LDAP_EXOP_MODIFY_PASSWD,
+	                              &bv, NULL, NULL, &id);
 
-      if (rc != LDAP_SUCCESS)
+	rc_pr = ldap_result(session->ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res );
+        if ( rc_pr < 0 ) 
+        {
+                ldap_perror( session->ld, "ldap_result error" );
+        }
+
+	rc_pr = ldap_parse_result(session->ld, res, &code, NULL, NULL, NULL, NULL, 1 );
+	rc = code;
+
+	if( rc_pr != LDAP_SUCCESS ) 
 	{
-	  syslog (LOG_ERR, "pam_ldap: ldap_extended_operation_s %s",
-		  ldap_err2string (rc));
-	  rc = PAM_PERM_DENIED;
+		ldap_perror(session->ld, "ldap_parse_result error");
 	}
-      else
+
+	if( code != LDAP_SUCCESS ) 
 	{
-	  ber_bvfree (retdata);
-	  ber_memfree (retoid);
-	  rc = PAM_SUCCESS;
+		printf( "Result: %s (%d)\n", ldap_err2string( code ), code );
 	}
 #else
       rc = PAM_SERVICE_ERR;
@@ -3414,6 +3423,8 @@
   else
     {
       int errcode;
+      errcode = ldap_bind_s( session->ld, session->conf->binddn,
+      			     session->conf->bindpw, LDAP_AUTH_SIMPLE );
 
       /* update shadowLastChange; may fail if not shadowAccount */
       snprintf (buf, sizeof buf, "%ld", time (NULL) / (60 * 60 * 24));

Reply to:

References:
- Re: LDAP / passwd
  - From: jerome_reinert@pc-kurios.de
- Re: LDAP / passwd
  - From: Bjoern Schmidt <bj-schmidt@uni-paderborn.de>

Prev by Date: Re: LDAP / passwd
Next by Date: Re: Problem mit Spamassassin (Backport) auf Sarge
Previous by thread: Re: LDAP / passwd
Next by thread: Re: testing-proposed-updates nutzbar?
Index(es):
- Date
- Thread