projects / ipfire-3.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 6cf77d05 SS |
1 | Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. Updated from |
| 2 | original version filed as RT#5891. | |
| 3 | ||
| 4 | diff -up krb5-1.8/src/aclocal.m4.dirsrv-accountlock krb5-1.8/src/aclocal.m4 | |
| 5 | --- krb5-1.8/src/aclocal.m4.dirsrv-accountlock 2010-03-05 11:03:09.000000000 -0500 | |
| 6 | +++ krb5-1.8/src/aclocal.m4 2010-03-05 11:03:10.000000000 -0500 | |
| 7 | @@ -1678,6 +1678,12 @@ AC_ARG_WITH([edirectory], | |
| 8 | yes | no) ;; | |
| 9 | *) AC_MSG_ERROR(Invalid option value --with-edirectory="$withval") ;; | |
| 10 | esac], with_edirectory=no)dnl | |
| 11 | +AC_ARG_WITH([dirsrv], | |
| 12 | +[ --with-dirsrv compile 389/Red Hat/Fedora/Netscape Directory Server database backend module], | |
| 13 | +[case "$withval" in | |
| 14 | + yes | no) ;; | |
| 15 | + *) AC_MSG_ERROR(Invalid option value --with-dirsrv="$withval") ;; | |
| 16 | +esac], with_dirsrv=no)dnl | |
| 17 | ||
| 18 | if test $with_ldap = yes; then | |
| 19 | if test $with_edirectory = yes; then | |
| 20 | @@ -1689,6 +1695,10 @@ elif test $with_edirectory = yes; then | |
| 21 | AC_MSG_NOTICE(enabling eDirectory database backend module support) | |
| 22 | OPENLDAP_PLUGIN=yes | |
| 23 | AC_DEFINE(HAVE_EDIRECTORY,1,[Define if LDAP KDB interface should assume eDirectory.]) | |
| 24 | +elif test $with_dirsrv = yes; then | |
| 25 | + AC_MSG_NOTICE(enabling 389/Red Hat/Fedora/Netscape Directory Server database backend module support) | |
| 26 | + OPENLDAP_PLUGIN=yes | |
| 27 | + AC_DEFINE(HAVE_DIRSRV,1,[Define if LDAP KDB interface should assume RHDS/FDS/NDS.]) | |
| 28 | else | |
| 29 | : # neither enabled | |
| 30 | dnl AC_MSG_NOTICE(disabling ldap backend module support) | |
| 31 | diff -up krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c.dirsrv-accountlock krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | |
| 32 | --- krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c.dirsrv-accountlock 2009-11-24 18:52:25.000000000 -0500 | |
| 33 | +++ krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2010-03-05 11:03:10.000000000 -0500 | |
| 34 | @@ -2101,6 +2101,22 @@ populate_krb5_db_entry(krb5_context cont | |
| 35 | } | |
| 36 | } | |
| 37 | #endif | |
| 38 | +#ifdef HAVE_DIRSRV | |
| 39 | + { | |
| 40 | + krb5_timestamp expiretime=0; | |
| 41 | + char *is_login_disabled=NULL; | |
| 42 | + | |
| 43 | + /* LOGIN DISABLED */ | |
| 44 | + if ((st=krb5_ldap_get_string(ld, ent, "nsaccountlock", &is_login_disabled, | |
| 45 | + &attr_present)) != 0) | |
| 46 | + goto cleanup; | |
| 47 | + if (attr_present == TRUE) { | |
| 48 | + if (strcasecmp(is_login_disabled, "TRUE")== 0) | |
| 49 | + entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX; | |
| 50 | + free (is_login_disabled); | |
| 51 | + } | |
| 52 | + } | |
| 53 | +#endif | |
| 54 | ||
| 55 | if ((st=krb5_read_tkt_policy (context, ldap_context, entry, tktpolname)) !=0) | |
| 56 | goto cleanup; | |
| 57 | diff -up krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c.dirsrv-accountlock krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | |
| 58 | --- krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c.dirsrv-accountlock 2009-11-24 18:52:25.000000000 -0500 | |
| 59 | +++ krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c 2010-03-05 11:03:10.000000000 -0500 | |
| 60 | @@ -59,6 +59,9 @@ char *principal_attributes[] = { "kr | |
| 61 | "loginexpirationtime", | |
| 62 | "logindisabled", | |
| 63 | #endif | |
| 64 | +#ifdef HAVE_DIRSRV | |
| 65 | + "nsaccountlock", | |
| 66 | +#endif | |
| 67 | "krbLastPwdChange", | |
| 68 | "krbLastAdminUnlock", | |
| 69 | "krbExtraData", |