Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Improve portability of ldap testArthur de Jong2013-10-222-20/+33
| | | | | | | | | This supports old ldapsearch commands that don't support the -x and -H options and ldapsearch commands that don't exit with a failure code if nothing is found. This also switches the test_myldap test to use the testenv check for the LDAP server.
* Handle other responses in test_pamcmdsArthur de Jong2013-10-221-5/+11
| | | | | | | This extends test_pamcmds to handle other pam/su/passwd errors and responses (as seen on CentOS 5). Also switch to stronger password when changing the test user's password to avoid problems with password strength checks.
* Make script to check test environmentArthur de Jong2013-10-226-74/+196
| | | | | This changes the in_testenv.sh script into testenv.sh which has more checks and a few functions to configure the test environment.
* Remove unnecessary attributes from test.ldifArthur de Jong2013-10-221-14490/+3
|
* Update tests READMEArthur de Jong2013-10-221-22/+9
| | | | | This refreshes the documentation of the tests, especially the test environment.
* Provide a script for setting up slapdArthur de Jong2013-10-222-0/+310
| | | | | | The setup_slapd.sh script can be used to set up and start a slapd instance in a single (temporary) directory. The slapd instance is configured and loaded with test data for use in the test environment.
* Fix sortgroup functionArthur de Jong2013-10-221-3/+3
| | | | | | | | | This fixes an issue with the sortgroup function which failed to handle a group line with only two colons correctly. Such group entries have been seen in the wild on FreeBSD. Also, comment lines in group files are now ignored (also seen on FreeBSD).
* Use djb2 hash in dict moduleArthur de Jong2013-10-141-4/+5
| | | | | | This slightly modifies the string hashing function to use the djb2 hash. This hash is supposed to be reasonably fast and have reasonably few collisions.
* Increase NSS_LDAP_CONFIG_MAX_BASES to 31Arthur de Jong2013-10-071-1/+1
| | | | This allows more search bases which may be useful in some environments.
* Also support poll() returning EAGAINArthur de Jong2013-09-151-3/+3
|
* Add more python module checks to configureArthur de Jong2013-09-151-1/+8
|
* Make missing Python modules a waringArthur de Jong2013-09-151-2/+2
| | | | | This avoids having to have all modules installed in the build environment. A Python version is still required during build.
* Remove unneeded importsArthur de Jong2013-09-152-2/+0
|
* Cleanups and fixes related to automake upgradeArthur de Jong2013-09-153-14/+5
| | | | | | This removes a few legacy workarounds and fixes for older versions of automake. This also removes adding specific DEBUG flags for tests since subdir objects are handled differently now.
* Initialise msg to avoid potential NULL pointer dereferenceArthur de Jong2013-09-131-1/+1
| | | | | | The NULL pointer dereference in the PAM module should not occur due to the relationship with the rc value that is handled alongside it. This change mostly silences the compiler and protects from future changes.
* Add configure test for {set,get,end}usershell() availabilityArthur de Jong2013-09-131-0/+1
|
* Upgrade to automake 1.14Arthur de Jong2013-09-081-2/+2
|
* Use larger nslcd send buffersArthur de Jong2013-09-081-1/+1
| | | | | | | | | | | | | | By using bigger write buffers in nslcd we reduce the number of writes in nslcd and consequently the number of reads in the NSS and PAM modules for bigger responses. This reduces the number of system calls that are made during a request and brings a small performance improvement that is mainly measurable in the NSS module. A measurement showed 30-80% reduction in the number of system calls in the NSS module and around 10% reduction in CPU usage (CPU time, only small reduction in wallclock time). Thanks John Sullivan for pointing this out.
* Add configure check to see whether to install manual pagesArthur de Jong2013-09-082-3/+26
| | | | | | This also reworks the manual page generation check in the configure script and avoids build errors if no tool for generating manual pages is present when working on a Git checkout.
* Reformat LDIF file to follow OpenLDAP formatArthur de Jong2013-09-041-8/+12
| | | | | This fixes a wrapping problem. Thanks to Paul Boven for pointing this out.
* Fix permissions of test configurationArthur de Jong2013-09-021-0/+4
| | | | | | This sets the permissions on the nslcd-test.conf file while running the tests to ensure that the permission checks for the bindpwn and rootpwmodpw options do not fail the test.
* Add a test for tio timeout calculationsArthur de Jong2013-09-023-2/+55
| | | | | This test checks whether the proposed remaining time to sleep is reasonable.
* Add a test for clock_gettime() supported clocksArthur de Jong2013-09-023-2/+163
| | | | | | This probes the system for available clocks to see if they can be reliably used to get a monotonic-like timer (the test doesn't verify the monotonic part, just usability).
* Use clock_gettime() instead of gettimeofday()Arthur de Jong2013-09-023-12/+23
| | | | | | | | | | | This avoids problems with system clock changes (though there are some safeguards in place to avoid waiting too long on clock changes). Thanks to John Sullivan for pointing this out. We can't easily use CLOCK_MONOTONIC_RAW or CLOCK_MONOTONIC_COARSE even on platforms that define the clock because we can get runtime errors. CLOCK_MONOTONIC seems to work on all tested platforms that provide it.
* Small protability fixArthur de Jong2013-09-021-1/+1
|
* Improve robustness of test_manpagesArthur de Jong2013-09-011-1/+4
|
* Use normal timeout handling in tio_skipall()Arthur de Jong2013-08-312-14/+6
| | | | | Use the same mechanism in tio_skipall() as in tio_read(), except use a different timeout value.
* Refactor tio_wait()Arthur de Jong2013-08-311-21/+11
| | | | | This changes the function to accept a file descriptor, an event and timeout parameter directly instead of a confusing flag.
* Fix buffer overflow on interupted readArthur de Jong2013-08-311-2/+2
| | | | | | | | | | | | | The tio_read() function will read past its buffer and return garbadge to the calling function if the call to read() was interrupted by a signal. The likelyhood of read() being interupted is low because previously a call to poll() has determined that data is available to be read. Thanks to John Sullivan for pointing this out. See: https://bugzilla.redhat.com/show_bug.cgi?id=1003011
* In nslcd, log EPIPE only on debug levelArthur de Jong2013-08-301-1/+4
| | | | | See: https://bugzilla.redhat.com/show_bug.cgi?id=1003011
* Use a timeout when skipping remaining result dataArthur de Jong2013-08-303-7/+11
| | | | | | | | When the NSS modules closes the connection and skips any remaining result data, wait for up to 500 msec to read any available data. See: https://bugzilla.redhat.com/show_bug.cgi?id=1003011
* Increase password buffer sizeBersl2013-08-284-3/+4
| | | | With the smaller buffers some password hashes would be truncated.
* Fix for common spelling mistakeArthur de Jong2013-08-287-9/+9
|
* Get files ready for 0.9.1 release0.9.1Arthur de Jong2013-08-2510-264/+931
|
* Have a nicer way of generating the ChangeLogArthur de Jong2013-08-251-2/+5
| | | | | This adds the commit id, improves the line wrapping and also gets rid of the external dependency.
* Handle failure of getpeercred more gracefullyArthur de Jong2013-08-251-9/+9
|
* Only run pynslcd tests if it is enabledArthur de Jong2013-08-251-1/+4
|
* Add configure test for Python modulesArthur de Jong2013-08-252-7/+87
| | | | | | | | This uses the AX_PYTHON_MODULE test to check for availability of used Python modules. All third-party modules and modules that are not a builtin for Python 2.5 are tested. This also splits the tests for the utils and pynslcd.
* Rearrange Python importsArthur de Jong2013-08-256-7/+8
|
* Ignore SIGUSR2 for future compatibilityArthur de Jong2013-08-231-1/+1
|
* Add a test for the manual pagesArthur de Jong2013-08-233-9/+54
| | | | | This replaces e0491d2 to run xmlto from the man directory. This handles the case more gracefully if xmlto is not available.
* Update files from latest automakeArthur de Jong2013-08-232-6/+15
|
* Have pynslcd handle mapped userPasswordArthur de Jong2013-08-213-4/+17
| | | | | | This fixes an error that could occur when the userPassword was retrieved from LDAP and insufficient privileges were available for reading the attribute.
* Retry LDAP servers quickly after receiving SIGUSR1Arthur de Jong2013-08-214-14/+67
|\ | | | | | | | | | | | | | | When nslcd receives the SIGUSR1 signal it will retry connecting to unavailable LDAP servers sooner. This signal can for example be sent when (re)stablishing a network connection.
| * Handle SIGUSR1 by resetting the retry timerArthur de Jong2013-08-212-14/+41
| | | | | | | | | | | | This implements and documents handling of the SIGUSR1 signal in nslcd to reset the reconnect_sleeptime and reconnect_retrytime timers to re-check availability of the LDAP server.
| * Implement function for resetting reconnect timesArthur de Jong2013-08-212-0/+26
|/ | | | | | | | | | This implemens a myldap_immediate_reconnect() function that resets the reconnect timer to retry failing connections to the LDAP server upon the next search. This can be used to cut the reconnect_sleeptime and reconnect_retrytime sleeping periodss short if we have some indication that the LDAP server is available again.
* Return partial shadow information to non-root usersArthur de Jong2013-08-213-12/+11
| | | | | | | | | | | | | | This also returns everything except the password hash from the shadow database to non-root users (nothing was returned before). This allows non-root users to do PAM authentication in some configurations. On some systems there is a setgid executable that is allowed to read /etc/shadow for authentication by e.g. screensavers. Returning no shadow information will cause pam_unix to deny authorisation in common configurations. See: http://bugs.debian.org/706913
* Add cast to int when logging configuration summaryArthur de Jong2013-08-201-3/+3
|
* Small fix in NEW_AUTHTOK_REQD handlingArthur de Jong2013-08-181-1/+1
| | | | | | | There is a potential memory leak if the old password is saved multiple times. Furthermore, PAM_NEW_AUTHTOK_REQD is only allowed as a result of the authorisation phase, not the authentication phase so there is no use in checking.
* Fix rootpwmodpw handling in pynslcdArthur de Jong2013-08-181-2/+2
|