make an object class filter configurable <charles@dyfis.net> (#963281)

openssh-6.2p1-ldap.patch

@@ -258,7 +258,7 @@ diff -up openssh-6.2p1/ldapbody.c.ldap openssh-6.2p1/ldapbody.c
 +#include <stdio.h>
 +#include <unistd.h>
 +
-+#define LDAPSEARCH_FORMAT "(&(objectclass=posixAccount)(objectclass=ldapPublicKey)(uid=%s)%s)"
++#define LDAPSEARCH_FORMAT "(&(objectclass=%s)(objectclass=ldapPublicKey)(uid=%s)%s)"
 +#define PUBKEYATTR "sshPublicKey"
 +#define LDAP_LOGFILE	"%s/ldap.%d"
 +
@@ -659,11 +659,11 @@ diff -up openssh-6.2p1/ldapbody.c.ldap openssh-6.2p1/ldapbody.c
 +	}
 +
 +	/* build  filter for LDAP request */
-+	bufflen = strlen (LDAPSEARCH_FORMAT) + strlen (user);
++	bufflen = strlen (LDAPSEARCH_FORMAT) + strlen(options.account_class) + strlen (user);
 +	if (options.ssh_filter != NULL)
 +	    bufflen += strlen (options.ssh_filter);
 +	buffer = xmalloc (bufflen);
-+	snprintf(buffer, bufflen, LDAPSEARCH_FORMAT, user, (options.ssh_filter != NULL) ? options.ssh_filter : NULL);
++	snprintf(buffer, bufflen, LDAPSEARCH_FORMAT, options.account_class, user, (options.ssh_filter != NULL) ? options.ssh_filter : NULL);
 +	buffer[bufflen - 1] = 0;
 +
 +	debug3 ("LDAP search scope = %d %s", options.scope, buffer);
@@ -759,10 +759,10 @@ diff -up openssh-6.2p1/ldapbody.h.ldap openssh-6.2p1/ldapbody.h
 +
 +#endif /* LDAPBODY_H */
 +
-diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
+diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
---- openssh-6.2p1/ldapconf.c.ldap	2013-03-25 21:27:15.890248084 +0100
+--- openssh-6.2p2/ldapconf.c.ldap	2013-06-07 15:10:05.601942693 +0200
-+++ openssh-6.2p1/ldapconf.c	2013-03-25 21:27:15.890248084 +0100
++++ openssh-6.2p2/ldapconf.c	2013-06-07 15:10:24.928857566 +0200
-@@ -0,0 +1,682 @@
+@@ -0,0 +1,691 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
 + * Copyright (c) 2009 Jan F. Chadima.  All rights reserved.
@@ -807,7 +807,7 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
 +	lRestart, lTLS_CheckPeer, lTLS_CaCertFile,
 +	lTLS_CaCertDir, lTLS_Ciphers, lTLS_Cert, lTLS_Key,
 +	lTLS_RandFile, lLogDir, lDebug, lSSH_Filter,
-+	lDeprecated, lUnsupported
++	lAccountClass, lDeprecated, lUnsupported
 +} OpCodes;
 +
 +/* Textual representations of the tokens. */
@@ -859,6 +859,7 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
 +	{ "LogDir", lLogDir },
 +	{ "Debug", lDebug },
 +	{ "SSH_Filter", lSSH_Filter },
++	{ "AccountClass", lAccountClass },
 +	{ NULL, lBadOption }
 +};
 +
@@ -1151,6 +1152,10 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
 +		xstringptr = &options.ssh_filter;
 +		goto parse_xstring;
 +
++	case lAccountClass:
++		charptr = &options.account_class;
++		goto parse_string;
++
 +	case lDeprecated:
 +		debug("%s line %d: Deprecated option \"%s\"",
 +		    filename, linenum, keyword);
@@ -1254,6 +1259,7 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
 +	options.logdir = NULL;
 +	options.debug = -1;
 +	options.ssh_filter = NULL;
++	options.account_class = NULL;
 +}
 +
 +/*
@@ -1324,6 +1330,8 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
 +	    options.debug = 0;
 +	if (options.ssh_filter == NULL)
 +	    options.ssh_filter = "";
++	if (options.account_class == NULL)
++	    options.account_class = "posixAccount";
 +}
 +
 +static const char *
@@ -1443,12 +1451,13 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
 +	dump_cfg_string(lLogDir, options.logdir);
 +	dump_cfg_int(lDebug, options.debug);
 +	dump_cfg_string(lSSH_Filter, options.ssh_filter);
++	dump_cfg_string(lAccountClass, options.logdir);
 +}
 +
-diff -up openssh-6.2p1/ldapconf.h.ldap openssh-6.2p1/ldapconf.h
+diff -up openssh-6.2p2/ldapconf.h.ldap openssh-6.2p2/ldapconf.h
---- openssh-6.2p1/ldapconf.h.ldap	2013-03-25 21:27:15.891248091 +0100
+--- openssh-6.2p2/ldapconf.h.ldap	2013-06-07 15:10:05.602942689 +0200
-+++ openssh-6.2p1/ldapconf.h	2013-03-25 21:27:15.891248091 +0100
++++ openssh-6.2p2/ldapconf.h	2013-06-07 15:10:24.928857566 +0200
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,72 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
 + * Copyright (c) 2009 Jan F. Chadima.  All rights reserved.
@@ -1510,6 +1519,7 @@ diff -up openssh-6.2p1/ldapconf.h.ldap openssh-6.2p1/ldapconf.h
 +	char *logdir;
 +	int debug;
 +	char *ssh_filter;
++	char *account_class;
 +}       Options;
 +
 +extern Options options;
@@ -2123,10 +2133,10 @@ diff -up openssh-6.2p1/openssh-lpk-sun.schema.ldap openssh-6.2p1/openssh-lpk-sun
 +	DESC 'MANDATORY: OpenSSH LPK objectclass'
 +	MUST ( sshPublicKey $ uid ) 
 +	)
-diff -up openssh-6.2p1/ssh-ldap.conf.5.ldap openssh-6.2p1/ssh-ldap.conf.5
+diff -up openssh-6.2p2/ssh-ldap.conf.5.ldap openssh-6.2p2/ssh-ldap.conf.5
---- openssh-6.2p1/ssh-ldap.conf.5.ldap	2013-03-25 21:27:15.895248117 +0100
+--- openssh-6.2p2/ssh-ldap.conf.5.ldap	2013-06-07 15:10:05.604942680 +0200
-+++ openssh-6.2p1/ssh-ldap.conf.5	2013-03-25 21:27:15.895248117 +0100
++++ openssh-6.2p2/ssh-ldap.conf.5	2013-06-07 15:10:24.928857566 +0200
-@@ -0,0 +1,376 @@
+@@ -0,0 +1,379 @@
 +.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
 +.\"
 +.\" Copyright (c) 2010 Jan F. Chadima.  All rights reserved.
@@ -2487,6 +2497,9 @@ diff -up openssh-6.2p1/ssh-ldap.conf.5.ldap openssh-6.2p1/ssh-ldap.conf.5
 +.It Cm SSH_Filter
 +Specifies the user filter applied on the LDAP serch.
 +The default is no filter.
++.It Cm AccountClass
++Specifies the LDAP class used to find user accounts.
++The default is posixAccount.
 +.El
 +.Sh FILES
 +.Bl -tag -width Ds