Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Get files ready for 0.9.7 release0.9.7Arthur de Jong2016-08-1414-29/+314
|
* Only run doctests when building pynslcdArthur de Jong2016-08-141-2/+2
|
* Avoid some warnings on FreeBSDArthur de Jong2016-08-141-33/+36
| | | | | This adds casts to and from void * for the function pointers that are passed around.
* Archive 2013 ChangeLog entriesArthur de Jong2016-07-273-1692/+1275
|
* Update files from latest automakeArthur de Jong2016-07-273-83/+140
|
* Also use module-name in utilities and man pagesArthur de Jong2016-07-273-5/+8
| | | | | | | | | This ensures that getent.ldap, chsh.ldap and manual pages with ldap in the name will be installed with the name as specified with --with-module-name. Note that the manual page content still describes the working within nss-pam-ldapd and still mention the ldap name.
* Ensure doctest also run in distcheckArthur de Jong2016-06-041-3/+5
| | | | | | This fixes test_doctest.sh to also work when the build directory is different from the source directory. This is needed because constants.py is only available in the build directory.
* Also honor ignorecase in PAMArthur de Jong2016-06-031-1/+1
| | | | | | | This avoids changing the cannonical username to the value as specified in LDAP when ignorecase is used. See https://github.com/arthurdejong/nss-pam-ldapd/issues/12
* Support ${var:offset:length} in pynslcdArthur de Jong2016-06-031-1/+29
|
* Fix pynslcd expression representationArthur de Jong2016-06-031-2/+2
| | | | | | The problem was that the ExpressionMapping string value did not include the quotes which will cause problems when printing the expression (e.g. when logging or dumping config, etc.).
* Add test for running doctestsArthur de Jong2016-06-032-2/+44
|
* Support substituting expresions of type ${var:offset:length}Giovanni Mascellani2016-06-033-0/+78
|
* Fix small typoGiovanni Mascellani2016-05-301-1/+1
|
* Refactor out expression parsing to functionsArthur de Jong2016-05-241-68/+101
| | | | | This moves the parsing of the various ${var...} expressions to separate functions so they can be extended more easily.
* Fix logic errorArthur de Jong2016-02-221-1/+1
| | | | | | | | | This could result in a free(NULL) call. This code path can only be triggered if pam_ldap changes the logged-in username (introduced in 6a74d8d). Thanks 依云, see https://github.com/arthurdejong/nss-pam-ldapd/issues/11
* Display human readable expiry messageMathieu Baeumler2016-02-131-8/+59
| | | | | Display a human readable message (days+hours, or hours+minutes, or seconds) when the password expiring warning is issued.
* Fix nss_disable_enumeration configurationArthur de Jong2016-02-131-1/+1
| | | | | | | This fixes a copy-paste bug where nss_disable_enumeration was incorrectly handled. Fixes c0366d8. Thanks Andrew W Elble for pointing this out.
* Add a few IPv6 testsArthur de Jong2016-01-202-2/+52
| | | | | | | This adds a few test hosts that have IPv6 addresses. This ensures that we have an IPv6-only host and hosts which have address values in different order in the ipHostNumber attribute (although attribute order is probably not guaranteed).
* Add pam_authc_ppolicy optionMathieu Baeumler2016-01-064-19/+61
| | | | This option allows completely disabling ppolicy handling.
* Fix error handling on credential changeArthur de Jong2016-01-061-2/+4
| | | | | This fixes setting the correct LDAP error code and also fixes formatting in 027df03.
* Fix updating of 'shadowLastChange' attribute when ↵Vasilis Tsiligiannis2015-12-231-0/+9
| | | | | | | | | | chasing referrals This fixes a bug where 'shadowLastChange' attribute cannot be updated when chasing a referral. After a password is succesfully changed, the credentials for binding should also be updated with the new password for the session. Signed-off-by: Vasilis Tsiligiannis <vasilis.tsiligiannis@nokia.com>
* Correct file readability checkArthur de Jong2015-11-131-9/+2
| | | | | This uses access() instead of stat() to see if the file is readable by the current process. This fixes f089e01.
* Fail-over and retry on more errorsArthur de Jong2015-09-301-1/+4
| | | | | | Also try to fail over to another LDAP server on a larger number of errors. Specifically errors that point to problems connecting to the LDAP server.
* Open connection before do_try_search()Arthur de Jong2015-09-301-5/+5
| | | | | This is in preparation for splitting the BIND from the search phase for authentication.
* Loosen up file existence checkArthur de Jong2015-08-271-70/+65
| | | | | | | | | | | | | This changes the check (for configuration options that specify file names) to just check that the specified path is readable instead of ensisting that it points to a file. This allows tls_randfile to point to /dev/urandom (a character device) or a pipe. This fixes 6779a51. This also applies the same check to the krb5_ccname option. Thanks to Patrick McLean for pointing this out.
* Have PAM module log messages to syslogArthur de Jong2015-08-151-0/+8
| | | | | | This logs informational messages that are presented to the user tot syslog. This normally includes password expiry and grace login information which may be useful to log.
* Simplify password policy message handlingArthur de Jong2015-08-151-14/+20
| | | | | | | | | | | This simplifies the check for overwriging pending password expiry and grace logins warnigns and updates handling of the LDAP_CONTROL_PWEXPIRING control to be consistent with that of the expire value of LDAP_CONTROL_PASSWORDPOLICYRESPONSE. This also corrects the function name, also logs empty password policy responses in debug mode and documents the meaning of the various password policy values.
* Fix password policy expiration warningsMathieu Baeumler2015-08-151-3/+1
| | | | | | | | | | If a password expiration warning (pwdExpireWarning) is set in slapd, and the password is about to expire, slapd sends the timeBeforeExpiration value as part of the passwordPolicyResponse. nslcd would incorrectly instruct the PAM module to require immediate password change. This has been fixed for both timeBeforeExpiration and graceLoginsRemaining.
* Update files from automake 1.15Arthur de Jong2015-07-199-208/+191
| | | | | This also includes the m4 directory when invoking aclocal because not all versions seem to handle AC_CONFIG_MACRO_DIR.
* Disable quoting in AX_TLS notfound caseArthur de Jong2015-07-191-1/+1
| | | | | This ensures that AS_IF does not generate an empty else clause which will result in an invalid configure script.
* Check file existence for configuration optionsArthur de Jong2015-07-191-5/+43
| | | | | | This adds addition checks to the tls_cacertdir, tls_cacertfile, tls_randfile, tls_cert and tls_key options to ensure that they point to an existing file when parsing nslcd.conf.
* Work around bug in python-daemonArthur de Jong2015-07-191-2/+2
| | | See https://bugs.debian.org/792871
* Update macros from autoconf-archiveArthur de Jong2015-07-082-41/+62
|
* Get files ready for 0.9.6 release0.9.6Arthur de Jong2015-06-1410-17/+120
|
* Correctly insert emtpy lines in ChangeLogArthur de Jong2015-06-141-1/+1
|
* Manual page improvementsArthur de Jong2015-06-131-11/+11
|
* Also fix signed integer bug in binsid2id()Arthur de Jong2015-06-132-2/+2
| | | This should have been part of d217632.
* Fixed signed 32bit overflow bug on 32bit systemsGeoffrey McRae2015-06-111-14/+18
|
* Allow configuration values longer than 63 charactersJed Liu2015-05-241-2/+2
|
* Provide innetgr function on SolarisArthur de Jong2015-05-091-6/+63
| | | | | | | | This implements a function in the Solaris version of the NSS module to check if a specifc netgroup triplet is part of a netgroup. This also avoids a compiler warning and includes improvements and testing by Mark R Bannister.
* Implement disable_enumerationAndrew Elble2015-05-018-4/+53
| | | | | | | | | | If this option is present, functions which cause all user/group entries to be loaded (getpwent(), getgrent()) from the directory will not succeed in doing so. This can dramatically reduce ldap server load in situations where there are a great number of users and/or groups. Applications that depend on being able to sequentially read all users and/or groups may fail to operate correctly. This option is not recommended for most configurations.
* Implement nss_getgrent_skipmembersArthur de Jong2015-04-206-10/+43
| | | | | | | This option allows skipping group member list retrieval to improve performance with very large groups. This option results in inconsistent group membership information being presented that may confuse some applications.
* Avoid signal race condition on start-upArthur de Jong2015-04-162-3/+4
| | | | | | | This only restores the signal mask after signal handlers are in place and the daemon has completely daemonised to avoid a race condition in the start-up phase of nslcd where a signal could be sent to nslcd causing it to quit or fail to write information to the parent process.
* Get files ready for 0.9.5 release0.9.5Arthur de Jong2015-03-2910-18/+244
|
* Use correct PIC arg for non-GCC compilersTim Rice2015-03-235-6/+17
|
* Update files from latest automakeArthur de Jong2015-03-231-2/+7
|
* Fix for networks lookup under SolarisArthur de Jong2015-03-221-1/+1
| | | | This fixes a byte order issue when nscd is running.
* Add checks to configureArthur de Jong2015-03-221-0/+2
| | | | This adds tests for a function and type used in the code.
* ENODATA is missing on FreeBSDArthur de Jong2015-03-221-1/+5
| | | | FreeBSD doesn't have ENODATA so we use ENOATTR instead.
* Remove use of irs-nss.hArthur de Jong2015-03-222-9/+0
| | | | This was a compatibility leftover from the nss_ldap days.