debian/0000755000000000000000000000000012134275540007171 5ustar debian/rules0000755000000000000000000000361312134272675010262 0ustar #!/usr/bin/make -f # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) CFLAGS += -g endif ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) INSTALL_PROGRAM += -s endif config.status: configure dh_testdir dh_autotools-dev_updateconfig # Add here commands to configure the package. ./configure --prefix=/usr --with-openvpn=/usr/include/openvpn --with-objc-runtime=GNU CC=gcc-4.6 OBJC=gcc-4.6 OBJCPP=cpp-4.6 build: build-stamp build-stamp: config.status dh_testdir # Add here commands to compile the package. $(MAKE) touch build-stamp clean: configure dh_testdir dh_testroot rm -f build-stamp rm -f config.log # Add here commands to clean up after the build process. [ ! -f Makefile ] || $(MAKE) distclean rm -f tests/Makefile dh_autotools-dev_restoreconfig dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs $(MAKE) install prefix=$(CURDIR)/debian/openvpn-auth-ldap/usr libdir=\$${prefix}/lib/openvpn # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installdebconf dh_installdocs dh_installexamples dh_installman dh_installinfo dh_installchangelogs dh_link dh_strip dh_compress dh_fixperms # dh_makeshlibs dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/control0000644000000000000000000000134412134271567010603 0ustar Source: openvpn-auth-ldap Section: net Priority: extra Maintainer: Alberto Gonzalez Iniesta Build-Depends: debhelper (>= 5), openvpn (>=2), re2c, libldap2-dev, gobjc-4.6, autotools-dev Standards-Version: 3.9.3 Homepage: http://code.google.com/p/openvpn-auth-ldap/ Package: openvpn-auth-ldap Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, openvpn (>=2) Description: OpenVPN LDAP authentication module A plugin that implements username/password authentication via LDAP for OpenVPN 2.x. It features: . * Simple Apache-style configuration file. * LDAP group-based access restrictions. * Will authenticate against any LDAP server that supports LDAP simple binds -- including Active Directory. debian/watch0000644000000000000000000000021311763366571010232 0ustar # Compulsory line, this is a version 3 file version=3 http://code.google.com/p/openvpn-auth-ldap/downloads/list .*auth-ldap-(.*)\.tar\.gz debian/copyright0000644000000000000000000001146411763366571011146 0ustar This package was debianized by Alberto Gonzalez Iniesta on Thu, 16 Oct 2008 12:52:16 +0200 It was downloaded from http://code.google.com/p/openvpn-auth-ldap/ Copyright: (c) 2006 Three Rings Design, Inc. Copyright: (c) 2005 - 2006 Landon Fuller *************************** * COPYRIGHTS AND LICENSES * *************************** The src/strlcpy.c and src/strlcpy.h files were taken from FreeBSD libc and are subject to the following copyright: Copyright (c) 1998 Todd C. Miller All rights reserved. Please refer to the strlcpy source files for a copy of their (BSD) license. The src/hash.c and src/hash.h files were taken from kazlib, and are subject to the following copyright and license: Copyright (C) 1997 Kaz Kylheku Free Software License: All rights are reserved by the author, with the following exceptions: Permission is granted to freely reproduce and distribute this software, possibly in exchange for a fee, provided that this copyright notice appears intact. Permission is also granted to adapt this software to produce derivative works, as long as the modified versions carry this copyright notice and additional notices stating that the work has been modified. This source code may be translated into executable form and incorporated into proprietary software; there is no requirement for such software to contain a copyright notice related to this source. Small portions of test/mockpf.c and test/mockpf.h were taken from the pf(4) kernel implementation. These files are used only for the unit tests, and thus not included in the final output. They are subject to the following copyright and license: Copyright (c) 2002 Cedric Berger All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. All other code is subject to the following copyright and license: Copyright (c) 2006 Three Rings Design, Inc. Copyright (c) 2005 - 2006 Landon Fuller All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holders nor the names of any contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. In addition, some public domain sources are included with this distribution and used as a part of the build process: - The lemon parser generator (http://www.hwaci.com/sw/lemon/) - Makeheaders (http://www.hwaci.com/sw/mkhdr/) debian/dirs0000644000000000000000000000002011763366571010061 0ustar usr/lib/openvpn debian/docs0000644000000000000000000000000711763366571010055 0ustar README debian/patches/0000755000000000000000000000000012134271556010623 5ustar debian/patches/STARTTLS_before_auth.patch0000644000000000000000000000324311763366571015502 0ustar Description: Run STARTTLS *before* sending auth data Avoid sending authentication data in clear if STARTTLS is available. Author: Andre Pawlowski Bug: http://code.google.com/p/openvpn-auth-ldap/issues/detail?id=28 Bug-Debian: http://bugs.debian.org/610339 Forwarded: http://code.google.com/p/openvpn-auth-ldap/issues/detail?id=28 Reviewed-By: Alberto Gonzalez Iniesta Last-Update: 2012-02-20 Index: auth-ldap-2.0.3/src/auth-ldap.m =================================================================== --- auth-ldap-2.0.3.orig/src/auth-ldap.m 2008-09-24 14:58:13.000000000 +0200 +++ auth-ldap-2.0.3/src/auth-ldap.m 2012-02-20 19:27:38.414394359 +0100 @@ -307,21 +307,13 @@ goto error; } - /* Bind if requested */ - if ([config bindDN]) { - if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) { - [TRLog error: "Unable to bind as %s", [[config bindDN] cString]]; - goto error; - } - } - /* Certificate file */ - if ((value = [config tlsCACertFile])) + if ((value = [config tlsCACertFile])) if (![ldap setTLSCACertFile: value]) goto error; /* Certificate directory */ - if ((value = [config tlsCACertDir])) + if ((value = [config tlsCACertDir])) if (![ldap setTLSCACertDir: value]) goto error; @@ -340,6 +332,14 @@ if (![ldap startTLS]) goto error; + /* Bind if requested */ + if ([config bindDN]) { + if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) { + [TRLog error: "Unable to bind as %s", [[config bindDN] cString]]; + goto error; + } + } + return ldap; error: debian/patches/openvpn_ldap_simpler_add_handler_40000644000000000000000000000406712052416126017516 0ustar Description: move address checks further down to avoid certain failures this tries to avoid certain failures with the LDAP plugin where it doesn't get passed the remoteAddress in certain cases. since we do may not care about this address, we fail only when really necessary. Author: Antoine Beaupr? Origin: vendor Bug: https://code.google.com/p/openvpn-auth-ldap/issues/detail?id=4 Bug-Debian: http://bugs.debian.org/692936 Forwarded: yes Last-Update: 2012-11-10 --- openvpn-auth-ldap-2.0.3.orig/src/auth-ldap.m +++ openvpn-auth-ldap-2.0.3/src/auth-ldap.m @@ -533,7 +533,10 @@ static int handle_client_connect_disconn } if (tableName) - if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting)) + if (!remoteAddress) { + [TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."]; + return OPENVPN_PLUGIN_FUNC_ERROR; + } else if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting)) return OPENVPN_PLUGIN_FUNC_ERROR; #endif /* HAVE_PF */ @@ -587,20 +590,10 @@ openvpn_plugin_func_v1(openvpn_plugin_ha break; /* New connection established */ case OPENVPN_PLUGIN_CLIENT_CONNECT: - if (!remoteAddress) { - [TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."]; - ret = OPENVPN_PLUGIN_FUNC_ERROR; - } else { - ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES); - } + ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES); break; case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - if (!remoteAddress) { - [TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_DISCONNECT)."]; - ret = OPENVPN_PLUGIN_FUNC_ERROR; - } else { - ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO); - } + ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO); break; default: [TRLog debug: "Unhandled plugin type in OpenVPN LDAP Plugin (type=%d)", type]; debian/patches/series0000644000000000000000000000012612050142300012014 0ustar STARTTLS_before_auth.patch gobjc_4.7_runtime.patch openvpn_ldap_simpler_add_handler_4 debian/patches/gobjc_4.7_runtime.patch0000644000000000000000000000250711763367025015073 0ustar Description: Fix build failure with GCC 4.7 - aclocal.m4 (OD_OBJC_RUNTIME): Check for modern GNU runtime (GCC 4.6+). Bug-Debian: http://bugs.debian.org/667316 Author: Matej Vela Last-Update: 2012-05-20 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -156,11 +156,20 @@ AC_LINK_IFELSE([ AC_LANG_PROGRAM([ #include + #ifdef __GNU_LIBOBJC__ + #include + #else #include + #endif ], [ + #ifdef __GNU_LIBOBJC__ + Class class = objc_lookUpClass("Object"); + puts(class_getName(class)); + #else id class = objc_lookup_class("Object"); id obj = @<:@class alloc@:>@; puts(@<:@obj name@:>@); + #endif ]) ], [ od_cv_objc_runtime_gnu="yes" --- a/configure +++ b/configure @@ -6459,15 +6459,24 @@ /* end confdefs.h. */ #include + #ifdef __GNU_LIBOBJC__ + #include + #else #include + #endif int main () { + #ifdef __GNU_LIBOBJC__ + Class class = objc_lookUpClass("Object"); + puts(class_getName(class)); + #else id class = objc_lookup_class("Object"); id obj = [class alloc]; puts([obj name]); + #endif ; return 0; debian/examples0000644000000000000000000000001711763366571010744 0ustar auth-ldap.conf debian/changelog0000644000000000000000000000364712134275532011056 0ustar openvpn-auth-ldap (2.0.3-5.1) unstable; urgency=high * Non-maintainer upload. * Build with gobjc-4.6 (closes: #641811) -- Julien Cristau Fri, 19 Apr 2013 19:14:00 +0200 openvpn-auth-ldap (2.0.3-5) unstable; urgency=low * Updated patch from Antoine Beaupré to fix FTBFS. -- Alberto Gonzalez Iniesta Mon, 19 Nov 2012 12:48:08 +0100 openvpn-auth-ldap (2.0.3-4) unstable; urgency=low * Add patch from Antoine Beaupré to fix "No remote address supplied" error. (Closes: #692936) -- Alberto Gonzalez Iniesta Mon, 12 Nov 2012 11:35:43 +0100 openvpn-auth-ldap (2.0.3-3) unstable; urgency=low * Acknowledge Matthias Klose's NMU. Thanks! (Closes: #667316) * Bumped Standards-Version to 3.9.3 -- Alberto Gonzalez Iniesta Tue, 05 Jun 2012 13:39:01 +0200 openvpn-auth-ldap (2.0.3-2.1) unstable; urgency=low * Non maintainer upload. * Fix build failure with GCC 4.7 (Matej Vela). Closes: #667316. -- Matthias Klose Tue, 29 May 2012 08:06:47 +0000 openvpn-auth-ldap (2.0.3-2) unstable; urgency=low * Acknowledge Matthias Klose's NMU for #625146. * patched/STARTTLS_before_auth.patch: Run STARTTLS before authenticatingi to the LDAP server. Thanks Andre Pawlowski for finding this and the fix. (Closes: #610339) * debian/control: added Homepage field, added autotools-dev Build-Dep * Added debian/source/format * Added debian/watch -- Alberto Gonzalez Iniesta Mon, 20 Feb 2012 19:28:31 +0100 openvpn-auth-ldap (2.0.3-1.1) unstable; urgency=low * Non maintainer upload. * Configure with --with-objc-runtime=GNU. Closes: #625146. LP: #771029. -- Matthias Klose Sun, 28 Aug 2011 13:19:32 +0200 openvpn-auth-ldap (2.0.3-1) unstable; urgency=low * Initial release (Closes: #471356) -- Alberto Gonzalez Iniesta Thu, 23 Jul 2009 18:25:27 +0200 debian/compat0000644000000000000000000000000211763366571010403 0ustar 5 debian/source/0000755000000000000000000000000011763366571010505 5ustar debian/source/format0000644000000000000000000000001411763366571011713 0ustar 3.0 (quilt)