diff options
| author | Robbie Harwood (frozencemetery) <rharwood@redhat.com> | 2015-09-23 19:43:55 +0000 |
|---|---|---|
| committer | Robbie Harwood (frozencemetery) <rharwood@redhat.com> | 2015-09-24 17:57:53 +0000 |
| commit | 11389918936e78505288c4f1164ea2be933150d5 (patch) | |
| tree | 3c79d519cb6e235292bd56d8af1db472b442688c /krb5-1.13-dirsrv-accountlock.patch | |
| parent | a328acab1bac263ca71b0399342fd4c79f294f87 (diff) | |
| download | krb5-11389918936e78505288c4f1164ea2be933150d5.tar.gz krb5-11389918936e78505288c4f1164ea2be933150d5.tar.xz krb5-11389918936e78505288c4f1164ea2be933150d5.zip | |
New upstream version: krb5-1.14-alpha1
Drop patches that have since been applied. Create new patches as
needed.
Diffstat (limited to 'krb5-1.13-dirsrv-accountlock.patch')
| -rw-r--r-- | krb5-1.13-dirsrv-accountlock.patch | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/krb5-1.13-dirsrv-accountlock.patch b/krb5-1.13-dirsrv-accountlock.patch deleted file mode 100644 index 0a6661c..0000000 --- a/krb5-1.13-dirsrv-accountlock.patch +++ /dev/null @@ -1,63 +0,0 @@ -Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. Updated from -original version filed as RT#5891. - -diff -up krb5-1.8/src/aclocal.m4.dirsrv-accountlock krb5-1.8/src/aclocal.m4 ---- krb5-1.8/src/aclocal.m4.dirsrv-accountlock 2010-03-05 11:03:09.000000000 -0500 -+++ krb5-1.8/src/aclocal.m4 2010-03-05 11:03:10.000000000 -0500 -@@ -1656,6 +1656,15 @@ if test $with_ldap = yes; then - AC_MSG_NOTICE(enabling OpenLDAP database backend module support) - OPENLDAP_PLUGIN=yes - fi -+AC_ARG_WITH([dirsrv-account-locking], -+[ --with-dirsrv-account-locking compile 389/Red Hat/Fedora/Netscape Directory Server database backend module], -+[case "$withval" in -+ yes | no) ;; -+ *) AC_MSG_ERROR(Invalid option value --with-dirsrv-account-locking="$withval") ;; -+esac], with_dirsrv_account_locking=no) -+if test $with_dirsrv_account_locking = yes; then -+ AC_DEFINE(HAVE_DIRSRV_ACCOUNT_LOCKING,1,[Define if LDAP KDB interface should heed 389 DS's nsAccountLock attribute.]) -+fi - ])dnl - dnl - dnl If libkeyutils exists (on Linux) include it and use keyring ccache -diff -up krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c.dirsrv-accountlock krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c ---- krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c.dirsrv-accountlock 2009-11-24 18:52:25.000000000 -0500 -+++ krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2010-03-05 11:03:10.000000000 -0500 -@@ -1546,6 +1546,23 @@ populate_krb5_db_entry(krb5_context cont - ret = krb5_dbe_update_tl_data(context, entry, &userinfo_tl_data); - if (ret) - goto cleanup; -+#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING -+ { -+ krb5_timestamp expiretime=0; -+ char *is_login_disabled=NULL; -+ -+ /* LOGIN DISABLED */ -+ ret = krb5_ldap_get_string(ld, ent, "nsAccountLock", &is_login_disabled, -+ &attr_present); -+ if (ret) -+ goto cleanup; -+ if (attr_present == TRUE) { -+ if (strcasecmp(is_login_disabled, "TRUE")== 0) -+ entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX; -+ free (is_login_disabled); -+ } -+ } -+#endif - - ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname); - if (ret) - goto cleanup; -diff -up krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c.dirsrv-accountlock krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c ---- krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c.dirsrv-accountlock 2009-11-24 18:52:25.000000000 -0500 -+++ krb5-1.8/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c 2010-03-05 11:03:10.000000000 -0500 -@@ -59,6 +59,9 @@ char *principal_attributes[] = { "kr - "krbLastFailedAuth", - "krbLoginFailedCount", - "krbLastSuccessfulAuth", -+#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING -+ "nsAccountLock", -+#endif - "krbLastPwdChange", - "krbLastAdminUnlock", - "krbExtraData", |