Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/nslcd.c
Commit message (Collapse)AuthorAgeFilesLines
* Add an option to test the configuration fileArthur de Jong2024-02-241-1/+15
|
* Make configuration file to use configurableArthur de Jong2024-02-241-9/+22
|
* Get files ready for 0.9.11 release0.9.11Arthur de Jong2019-10-061-2/+2
|
* Avoid logging unknown socket peer informationArthur de Jong2018-09-081-3/+15
| | | | | This avoids logging the client PID when the underlying socker layer cannot provide the relevant information.
* Create /var/run/nslcd/socket after dropping privilegesArthur de Jong2018-07-211-3/+3
| | | | | | | | | | This is needed to avoid a problem where a call to initgroups() can result in NSS lookups. If nscd is configured the mechanism to avoid loopback lookups using nss_ldap_enablelookups will not work and cause for delays on start-up. Note that this changes ownership of the socket to the user running nslcd.
* Get files ready for 0.9.8 release0.9.8Arthur de Jong2017-06-261-2/+2
|
* Exit with 0 when stopping nslcdArthur de Jong2017-02-071-1/+1
| | | | | | | When receiving a signal this will result in nslcd returning with a success exit code. Thanks Stanislav Moravec for pointing this out.
* Remove duplicate break statementArthur de Jong2016-09-041-1/+1
|
* Get files ready for 0.9.7 release0.9.7Arthur de Jong2016-08-141-2/+2
|
* Implement disable_enumerationAndrew Elble2015-05-011-3/+9
| | | | | | | | | | If this option is present, functions which cause all user/group entries to be loaded (getpwent(), getgrent()) from the directory will not succeed in doing so. This can dramatically reduce ldap server load in situations where there are a great number of users and/or groups. Applications that depend on being able to sequentially read all users and/or groups may fail to operate correctly. This option is not recommended for most configurations.
* Avoid signal race condition on start-upArthur de Jong2015-04-161-2/+3
| | | | | | | This only restores the signal mask after signal handlers are in place and the daemon has completely daemonised to avoid a race condition in the start-up phase of nslcd where a signal could be sent to nslcd causing it to quit or fail to write information to the parent process.
* Various small fixes when using --with-module-nameArthur de Jong2015-03-221-1/+1
| | | | | | | This updates the test framework to support --with-module-name, ensures that exports.map is rebuilt when configure is re-ran, fixes parsing of nsswitch.conf (to determine what to return for passwd lookups) and fixes the check for _nss_ldap_version.
* Don't let the oom killer kill nslcdPatrick McLean2015-03-111-0/+23
| | | | | Adjust the Linux OOM (Out-Of-Memory) killer score by -1000 for nslcd so that it should not be killed.
* Allow configuration of NSS and PAM namesArthur de Jong2015-01-191-3/+3
| | | | This introduces the --with-module-name configure option to allow building of NSS and PAM modules with different namespaces than ldap.
* Fix format stringArthur de Jong2014-10-101-3/+3
| | | Thanks Jianhai Luan.
* Block signals sooner to avoid race conditionsArthur de Jong2014-10-041-11/+11
|
* uid_t/gid_t should be formatted as unsigned longJason Luan2014-09-301-13/+13
| | | | | | | | | mmkfilter_passwd_byuid()/mkfilter_group_bygid() get wrong filter string because "%d" will return negative when uid/gid larger than 2^31, and result to "Authentiction failure". This also changes the other places where uid_t or gid_t values are formatted.
* Log daemonising failuresArthur de Jong2014-05-041-0/+1
| | | | | This also clears errno in the main function to ensure that no incorrect errno value is logged on errors.
* Properly daemonise nslcd and only exit when readyArthur de Jong2014-01-021-14/+27
| | | | | | | | | | | This introduces a new daemonize module that provides functions for closing all file descriptors, redirecting stdin/stdout/stderr to /dev/null and a function for backgrounding an application while only exiting the original process after the daemon process has indicated readiness. This is used to exit the original process only after the listening socket has been set up and the worker threads have been started.
* Fix a number of compiler warningsArthur de Jong2013-10-291-1/+1
| | | | | This includes a number of small fixes for issues that were formerly masked by the incorrect AC_LANG_PROGRAM check.
* Start invalidator after locking pidfileArthur de Jong2013-10-291-7/+9
| | | | | | This causes the pidfile to be written as the first thing after daemonising nslcd to minimise the race between service script completion and pidfile being locked.
* Use larger nslcd send buffersArthur de Jong2013-09-081-1/+1
| | | | | | | | | | | | | | By using bigger write buffers in nslcd we reduce the number of writes in nslcd and consequently the number of reads in the NSS and PAM modules for bigger responses. This reduces the number of system calls that are made during a request and brings a small performance improvement that is mainly measurable in the NSS module. A measurement showed 30-80% reduction in the number of system calls in the NSS module and around 10% reduction in CPU usage (CPU time, only small reduction in wallclock time). Thanks John Sullivan for pointing this out.
* Ignore SIGUSR2 for future compatibilityArthur de Jong2013-08-231-1/+1
|
* Handle SIGUSR1 by resetting the retry timerArthur de Jong2013-08-211-14/+21
| | | | | | This implements and documents handling of the SIGUSR1 signal in nslcd to reset the reconnect_sleeptime and reconnect_retrytime timers to re-check availability of the LDAP server.
* Return partial shadow information to non-root usersArthur de Jong2013-08-211-4/+2
| | | | | | | | | | | | | | This also returns everything except the password hash from the shadow database to non-root users (nothing was returned before). This allows non-root users to do PAM authentication in some configurations. On some systems there is a setgid executable that is allowed to read /etc/shadow for authentication by e.g. screensavers. Returning no shadow information will cause pam_unix to deny authorisation in common configurations. See: http://bugs.debian.org/706913
* -n switch for nslcd (prevents process from forking)Caleb Callaway2013-08-181-2/+10
|
* Rename nscd_invalidate option to reconnect_invalidateArthur de Jong2013-07-261-3/+3
| | | | | This also renames the internal nscd module to invalidator for both nslcd and pynslcd. The new invalidator module is now no longer nscd-specific.
* Fix commentArthur de Jong2013-04-031-1/+1
|
* Handle user modification requests in nslcdArthur de Jong2013-03-301-0/+1
| | | | | | | This is currently limited to supporting modification of the homeDirectory and loginShell attributes. Modifications as root currently use the rootpwmoddn and rootpwmodpw options.
* start the nscd invalidator and invalidate the nscd cache ↵Arthur de Jong2013-03-091-0/+6
| | | | after reconnecting to the LDAP server after failure
* move signame() function to common.c to make it available ↵Arthur de Jong2013-03-091-55/+0
| | | | to all modules
* log version information from the NSS moduleArthur de Jong2013-02-231-1/+11
|
* extra sanity check to ensure not too many file ↵Arthur de Jong2013-02-231-0/+5
| | | | descriptors are open
* handle the log configuration option in nslcdArthur de Jong2013-02-231-8/+8
|
* implement a netgroup_all requestArthur de Jong2013-02-081-0/+1
|
* make checking dlsym() result a little saferArthur de Jong2013-01-181-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1925 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove the ldc_ prefix from struct ldap_config fieldsArthur de Jong2012-12-301-19/+19
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
* update C coding style to a more commonly used styleArthur de Jong2012-12-221-318/+331
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
* make nslcd actions hexadecimal values with some ↵Arthur de Jong2012-12-161-2/+2
| | | | | | structure to make debugging easier git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1866 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch protocol from host byte order to network byte ↵Arthur de Jong2012-12-161-5/+6
| | | | | | order and switch use of uid_t and gid_t in the protocol to int32 git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1864 ef36b2f9-881f-0410-afb5-c4e39611909c
* if nslcd creates the state directory, try to set the ↵Arthur de Jong2012-10-141-2/+8
| | | | | | right ownership git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1795 ef36b2f9-881f-0410-afb5-c4e39611909c
* use poll() instead of select() for checking file ↵Arthur de Jong2012-10-121-7/+7
| | | | | | descriptor activity to also correctly work if more than FD_SETSIZE files are already open git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1783 ef36b2f9-881f-0410-afb5-c4e39611909c
* include an explicit cast to int when printing gid_t ↵Arthur de Jong2012-09-011-2/+2
| | | | | | (fixes r1723) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1744 ef36b2f9-881f-0410-afb5-c4e39611909c
* on startup have the gid option default to the primary ↵Arthur de Jong2012-07-201-9/+20
| | | | | | group of the specified user and load the user's supplementary groups git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1723 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a pam_password_prohibit_message nslcd.conf ↵Arthur de Jong2012-07-081-0/+1
| | | | | | option to deny password change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted Cheng git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1715 ef36b2f9-881f-0410-afb5-c4e39611909c
* get rid of a few compiler warnings on FreeBSDArthur de Jong2012-05-181-0/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1693 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide a compatibility definition of SUN_LEN() for ↵Arthur de Jong2012-05-091-0/+1
| | | | | | systems that lack it git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1686 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove duplicate debug from log messageArthur de Jong2012-05-091-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1685 ef36b2f9-881f-0410-afb5-c4e39611909c
* don't try to close _SC_OPEN_MAX file descriptorArthur de Jong2012-05-041-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1678 ef36b2f9-881f-0410-afb5-c4e39611909c
* update copyright yearsArthur de Jong2012-02-291-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1624 ef36b2f9-881f-0410-afb5-c4e39611909c