| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
| |
This supports old ldapsearch commands that don't support the -x and -H
options and ldapsearch commands that don't exit with a failure code if
nothing is found.
This also switches the test_myldap test to use the testenv check for the
LDAP server.
|
|
|
|
|
|
|
| |
This extends test_pamcmds to handle other pam/su/passwd errors and
responses (as seen on CentOS 5). Also switch to stronger password when
changing the test user's password to avoid problems with password
strength checks.
|
|
|
|
|
| |
This changes the in_testenv.sh script into testenv.sh which has more
checks and a few functions to configure the test environment.
|
| |
|
|
|
|
|
| |
This refreshes the documentation of the tests, especially the test
environment.
|
|
|
|
|
|
| |
The setup_slapd.sh script can be used to set up and start a slapd
instance in a single (temporary) directory. The slapd instance is
configured and loaded with test data for use in the test environment.
|
|
|
|
|
|
|
|
|
| |
This fixes an issue with the sortgroup function which failed to handle a
group line with only two colons correctly. Such group entries have been
seen in the wild on FreeBSD.
Also, comment lines in group files are now ignored (also seen on
FreeBSD).
|
|
|
|
|
|
| |
This slightly modifies the string hashing function to use the djb2 hash.
This hash is supposed to be reasonably fast and have reasonably few
collisions.
|
|
|
|
| |
This allows more search bases which may be useful in some environments.
|
| |
|
| |
|
|
|
|
|
| |
This avoids having to have all modules installed in the build
environment. A Python version is still required during build.
|
| |
|
|
|
|
|
|
| |
This removes a few legacy workarounds and fixes for older versions of
automake. This also removes adding specific DEBUG flags for tests since
subdir objects are handled differently now.
|
|
|
|
|
|
| |
The NULL pointer dereference in the PAM module should not occur due to
the relationship with the rc value that is handled alongside it. This
change mostly silences the compiler and protects from future changes.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By using bigger write buffers in nslcd we reduce the number of writes in
nslcd and consequently the number of reads in the NSS and PAM modules
for bigger responses.
This reduces the number of system calls that are made during a request
and brings a small performance improvement that is mainly measurable in
the NSS module. A measurement showed 30-80% reduction in the number of
system calls in the NSS module and around 10% reduction in CPU usage
(CPU time, only small reduction in wallclock time).
Thanks John Sullivan for pointing this out.
|
|
|
|
|
|
| |
This also reworks the manual page generation check in the configure
script and avoids build errors if no tool for generating manual pages is
present when working on a Git checkout.
|
|
|
|
|
| |
This fixes a wrapping problem. Thanks to Paul Boven for pointing this
out.
|
|
|
|
|
|
| |
This sets the permissions on the nslcd-test.conf file while running the
tests to ensure that the permission checks for the bindpwn and
rootpwmodpw options do not fail the test.
|
|
|
|
|
| |
This test checks whether the proposed remaining time to sleep is
reasonable.
|
|
|
|
|
|
| |
This probes the system for available clocks to see if they can be
reliably used to get a monotonic-like timer (the test doesn't verify the
monotonic part, just usability).
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids problems with system clock changes (though there are some
safeguards in place to avoid waiting too long on clock changes).
Thanks to John Sullivan for pointing this out.
We can't easily use CLOCK_MONOTONIC_RAW or CLOCK_MONOTONIC_COARSE even
on platforms that define the clock because we can get runtime errors.
CLOCK_MONOTONIC seems to work on all tested platforms that provide it.
|
| |
|
| |
|
|
|
|
|
| |
Use the same mechanism in tio_skipall() as in tio_read(), except use a
different timeout value.
|
|
|
|
|
| |
This changes the function to accept a file descriptor, an event and
timeout parameter directly instead of a confusing flag.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tio_read() function will read past its buffer and return garbadge to
the calling function if the call to read() was interrupted by a signal.
The likelyhood of read() being interupted is low because previously a
call to poll() has determined that data is available to be read.
Thanks to John Sullivan for pointing this out.
See:
https://bugzilla.redhat.com/show_bug.cgi?id=1003011
|
|
|
|
|
| |
See:
https://bugzilla.redhat.com/show_bug.cgi?id=1003011
|
|
|
|
|
|
|
|
| |
When the NSS modules closes the connection and skips any remaining
result data, wait for up to 500 msec to read any available data.
See:
https://bugzilla.redhat.com/show_bug.cgi?id=1003011
|
|
|
|
| |
With the smaller buffers some password hashes would be truncated.
|
| |
|
| |
|
|
|
|
|
| |
This adds the commit id, improves the line wrapping and also gets rid of
the external dependency.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This uses the AX_PYTHON_MODULE test to check for availability of used
Python modules. All third-party modules and modules that are not a
builtin for Python 2.5 are tested.
This also splits the tests for the utils and pynslcd.
|
| |
|
| |
|
|
|
|
|
| |
This replaces e0491d2 to run xmlto from the man directory. This handles
the case more gracefully if xmlto is not available.
|
| |
|
|
|
|
|
|
| |
This fixes an error that could occur when the userPassword was retrieved
from LDAP and insufficient privileges were available for reading the
attribute.
|
|\
| |
| |
| |
| |
| |
| |
| | |
When nslcd receives the SIGUSR1 signal it will retry connecting to
unavailable LDAP servers sooner.
This signal can for example be sent when (re)stablishing a network
connection.
|
| |
| |
| |
| |
| |
| | |
This implements and documents handling of the SIGUSR1 signal in nslcd to
reset the reconnect_sleeptime and reconnect_retrytime timers to re-check
availability of the LDAP server.
|
|/
|
|
|
|
|
|
|
|
| |
This implemens a myldap_immediate_reconnect() function that resets the
reconnect timer to retry failing connections to the LDAP server upon the
next search.
This can be used to cut the reconnect_sleeptime and reconnect_retrytime
sleeping periodss short if we have some indication that the LDAP server
is available again.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also returns everything except the password hash from the shadow
database to non-root users (nothing was returned before). This allows
non-root users to do PAM authentication in some configurations.
On some systems there is a setgid executable that is allowed to read
/etc/shadow for authentication by e.g. screensavers. Returning no shadow
information will cause pam_unix to deny authorisation in common
configurations.
See:
http://bugs.debian.org/706913
|
| |
|
|
|
|
|
|
|
| |
There is a potential memory leak if the old password is saved multiple
times. Furthermore, PAM_NEW_AUTHTOK_REQD is only allowed as a result of
the authorisation phase, not the authentication phase so there is no use
in checking.
|
| |
|