summaryrefslogtreecommitdiff
path: root/source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch
blob: 13b0ace7fde02fe5ebacc78610e4b6588a49cba4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
From fea0f5ed287b04406afca0835b1a333bd1fe617b Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun, 13 Oct 2019 17:24:36 +0200
Subject: [PATCH] Add pam_authc_ppolicy support in pynslcd

See https://bugs.debian.org/900253
---
 pynslcd/cfg.py | 3 ++-
 pynslcd/pam.py | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py
index 877d4427..b970b5a7 100644
--- a/pynslcd/cfg.py
+++ b/pynslcd/cfg.py
@@ -87,6 +87,7 @@
 nss_getgrent_skipmembers = False
 nss_disable_enumeration = False
 validnames = re.compile(r'^[a-z0-9._@$][a-z0-9._@$ \\~-]{0,98}[a-z0-9._@$~-]$', re.IGNORECASE)
+pam_authc_ppolicy = True
 pam_authz_searches = []
 pam_password_prohibit_message = None
 reconnect_invalidate = set()
@@ -184,7 +185,7 @@ def read(filename):  # noqa: C901 (many simple branches)
         # parse options with a single boolean argument
         m = re.match(
             r'(?P<keyword>referrals|nss_nested_groups|nss_getgrent_skipmembers|'
-            r'nss_disable_enumeration)\s+(?P<value>%s)' % (
+            r'nss_disable_enumeration|pam_authc_ppolicy)\s+(?P<value>%s)' % (
                 '|'.join(_boolean_options.keys())),
             line, re.IGNORECASE)
         if m:
diff --git a/pynslcd/pam.py b/pynslcd/pam.py
index b372cdda..5f5486b3 100644
--- a/pynslcd/pam.py
+++ b/pynslcd/pam.py
@@ -42,8 +42,10 @@ def authenticate(binddn, password):
     # open a new connection
     conn = search.Connection()
     # bind using the specified credentials
-    pwctrl = PasswordPolicyControl()
-    res, data, msgid, ctrls = conn.simple_bind_s(binddn, password, serverctrls=[pwctrl])
+    serverctrls = []
+    if cfg.pam_authc_ppolicy:
+        serverctrls.append(PasswordPolicyControl())
+    res, data, msgid, ctrls = conn.simple_bind_s(binddn, password, serverctrls=serverctrls)
     # go over bind result server controls
     for ctrl in ctrls:
         if ctrl.controlType == PasswordPolicyControl.controlType: