Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Get files ready for 0.9.11 release0.9.11Arthur de Jong2019-10-0612-25/+150
|
* Fix Python interpreter detection in testsArthur de Jong2019-10-061-1/+1
| | | | Fixes 644bc62
* Portability improvements to test suiteArthur de Jong2019-10-061-11/+13
| | | | | Some test systems have more local users and some systems prefer IPv4 addresses over IPv6 addresses.
* Various spelling fixesArthur de Jong2019-09-1730-68/+68
|
* Fix Python interpreter detectionArthur de Jong2019-09-112-2/+3
| | | | | Apparently some environments provide certain Python executables which are not working Python interpreters.
* Remove confinc.out which is left behind by aclocal.m4Arthur de Jong2019-09-082-0/+3
|
* Correctly validate shadow requests and responsesArthur de Jong2019-09-081-3/+10
|
* Update Python interpreter in installed scriptsArthur de Jong2019-09-082-3/+5
| | | | | | | | Ensure that the Python interpreter that is passed to configure ends up in the shebang of the Python scripts. This allows one to pass PYTHON=python3 to configure to install the scripts using the Python 3 interpreter.
* Improve Python code styleArthur de Jong2019-09-0831-513/+828
| | | | | | This also adds a flake8 test that checks code style. Note that this test is not run by default because it requires network access to create the virtualenv with the test software.
* Add Python 3 supportArthur de Jong2019-09-0823-118/+222
| | | | | | | | | This ensures that both pynslcd and the command-line utilities work with Python3 as interpreter and runs some tests with all installed Python interpreters. This drops support for Python 2.6 and extends 5a84be2 to perform more testing with Python 3.
* Avoid logging unknown socket peer informationArthur de Jong2018-09-081-3/+15
| | | | | This avoids logging the client PID when the underlying socker layer cannot provide the relevant information.
* Fix crash in chsh.ldapMizunashi Mana2018-09-051-1/+3
| | | | | | Specify result type of getusershell. Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/31
* Get files ready for 0.9.10 release0.9.10Arthur de Jong2018-09-0110-14/+96
|
* Update files from latest automakeArthur de Jong2018-09-0110-405/+386
|
* Add FreeBSD netgroup supportHWLin2018-08-292-1/+107
| | | | Closes: https://github.com/arthurdejong/nss-pam-ldapd/pull/29
* Make password expiry messages correct and consistentArthur de Jong2018-08-062-14/+14
| | | | | Thanks to Têko Mihinto. See https://bugzilla.redhat.com/show_bug.cgi?id=1612543
* Add domain variable for use in pam_authz_searchArthur de Jong2018-07-213-2/+8
| | | | | | | | | This adds a domain variable (if it can be determined on the system) that can be used in pam_authz_search and pam_authc_search filters to build search filters that search on the domain name (the FQDN without the starting host name). Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/8
* Add a Travis configuration fileArthur de Jong2018-07-213-5/+83
| | | | | | This ensures that the integration tests can be successfully run. It configures a slapd instance with the test database, configures the system to use LDAP authentication and runs the tests.
* Allow logging longer linesArthur de Jong2018-07-211-1/+1
| | | | | | | This increases the buffer that holds log messages so longer messages can be logged. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/26
* Create /var/run/nslcd/socket after dropping privilegesArthur de Jong2018-07-211-3/+3
| | | | | | | | | | This is needed to avoid a problem where a call to initgroups() can result in NSS lookups. If nscd is configured the mechanism to avoid loopback lookups using nss_ldap_enablelookups will not work and cause for delays on start-up. Note that this changes ownership of the socket to the user running nslcd.
* Get files ready for 0.9.9 release0.9.9Arthur de Jong2018-02-1810-26/+89
|
* Update files from latest automakeArthur de Jong2018-02-186-258/+298
|
* Fix running pylint on distcheckArthur de Jong2018-02-171-4/+9
| | | | | This sets PYTHONPATH so that both the source and build directories are used to find constants.py.
* Mark case blocks without break statementArthur de Jong2018-02-172-1/+9
| | | | | This avoids a gcc warning in non-empty case blocks without a break statement by explicitly marking those blocks.
* Increase size of hostname bufferArthur de Jong2018-02-172-13/+4
| | | | | | | | This increases the host name buffer to support host names (that include FQDNs) to 255 characters and removes the reliance on HOST_NAME_MAX and _POSIX_HOST_NAME_MAX which may be smaller in some situations. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/22
* Increase size of config file tokenArthur de Jong2017-12-231-1/+1
| | | | | | | | This increases the maximum size of tokens that are read from the nslcd.conf configuration file to 256 characters. This was a problem for some very long uri values. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/21
* Support spaces in attribute mapping expressionsArthur de Jong2017-10-132-6/+8
|
* Get files ready for 0.9.8 release0.9.8Arthur de Jong2017-06-2613-24/+313
|
* Ignore password hashes in consistent mannerArthur de Jong2017-06-252-7/+13
| | | | | | | This changes the getent and getent.ldap tests to ignore password hashes that may be present in shadow lookups in a consistent manner. This also adds minor compatibility improvements.
* Create pidfile directory in pynslcdArthur de Jong2017-06-253-9/+23
| | | | | This ensures that /var/run/nslcd is created (when it does not exist) when starting pynslcd.
* Add nss_uid_offset and nss_gid_offset to pynslcdArthur de Jong2017-06-253-9/+18
|
* Add the ability to offset UID and GID numbersSeth Wright2017-06-205-0/+51
|
* Portability improvements to test_ldapcmds.shArthur de Jong2017-06-182-6/+10
| | | | | | | | | This fixes an issue with the export statement in POSIX shell scripts, ensures that the commands in the output match those in the script, strips password hashes for shadow lookups (for systems without PAM where these are exposed) and only runs the tests if we enabled the utils. Fixes 246a1f3.
* Use uint8_t instead of u_int8_tArthur de Jong2017-06-181-4/+4
| | | | | | The former seems to be available on more platforms than the latter. Fixes be26510.
* Fix HAVE_DECL_PAM_ERROR usageArthur de Jong2017-06-181-2/+2
| | | | | | | The macro is supposed to be defined to 0 (instead of undefined) if pam_info() and pam_error() are not found. Fixes 3d5ab89.
* Also filter shadow entries by validnamesArthur de Jong2017-06-181-11/+24
|
* Fix and clarify a few commentsArthur de Jong2017-06-182-3/+3
|
* Fix pam_info() and pam_error() replacementArthur de Jong2017-06-162-5/+20
| | | | | | On FreeBSD these are functions while on Linux they are macros causing them to be incorrectly replaced on FreeBSD. This resulted in a crash of the PAM module when e.g. presenting messages about password expiry.
* Clean log from test_pamcmds.expectArthur de Jong2017-06-161-1/+1
| | | | | | This removes test_pamcmds.log that is generated by test_pamcmds.expect when running the test suite. This avoids an error in the distcheck target.
* Fix running test_ldapcmds.sh during distcheckArthur de Jong2017-06-161-85/+86
| | | | | | | | | | This ensures that Python can find both getent.py (from source directory) and constants.py (from build directory) when running the tests from the distcheck target. This also makes the script more similar to test_nsscmds.sh. Fixes 9c803d7.
* Add pam_authc_search optionArthur de Jong2017-06-158-225/+307
|\ | | | | | | | | This option can be used to configure the search operation that should be performed after authentication.
| * Allow skipping post-authentication search altogetherArthur de Jong2017-06-152-1/+8
| |
| * Implement myldap_bind() functionArthur de Jong2017-06-154-103/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | This function integrates the myldap_set_credentials() and myldap_get_policy_response() and performs the bind operation witout actually performing a search. The function performs a "fake" search that returns after performing the LDAP BIND operation. This replaces a number of dummy search operations that were there to ensure that the connection was open. This allows us to skip the search operation after authentication.
| * Implement handling of pam_authc_search optionArthur de Jong2017-06-151-13/+42
| | | | | | | | | | This allows performing a different, configurable search from the default BASE search after the BIND operation.
| * Document pam_authc_search optionArthur de Jong2017-06-151-1/+24
| |
| * Add pam_authc_search option parsingArthur de Jong2017-06-153-21/+48
| |
| * Reorganise PAM search var building functionsArthur de Jong2017-06-142-120/+135
|/ | | | | | | | | | This moves the autzsearch_var_add(), autzsearch_vars_free(), autzsearch_var_get() and do_autzsearches() functions to the top of the file using more generic names and introduces search_vars_new() in prepartion of other similar searches. This also renames the remaining authzsearch functions to authz_search to be consistent with the pam_authz_search option.
* Switch to HTTPS URLsArthur de Jong2017-06-133-4/+4
|
* Query ethernet addresses in compact and long formatArthur de Jong2017-06-135-43/+32
| | | | | | | | | | | This ensures that when querying the address 0:18:8a:54:1a:8b both that format and 00:18:8a:54:1a:8b is searched for in LDAP. This was triggerred by the fact that ether_ntoa() on FreeBSD returns the long format while glibc uses the compact format. Since we are no longer using the libc version of ether_ntoa() we can also drop the compatibility implementation of ether_ntoa_r().
* Log entries and lookups failing nss_min_uidArthur de Jong2017-06-071-2/+15
| | | | | | This logs (at debug level) any LDAP uidNumber attribute values (or translated objectSid attribute values) that are lower than nss_min_uid. It also logs getpwuid() requests for such uids.