Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Get files ready for 0.9.9 release0.9.9Arthur de Jong2018-02-1810-26/+89
|
* Update files from latest automakeArthur de Jong2018-02-186-258/+298
|
* Fix running pylint on distcheckArthur de Jong2018-02-171-4/+9
| | | | | This sets PYTHONPATH so that both the source and build directories are used to find constants.py.
* Mark case blocks without break statementArthur de Jong2018-02-172-1/+9
| | | | | This avoids a gcc warning in non-empty case blocks without a break statement by explicitly marking those blocks.
* Increase size of hostname bufferArthur de Jong2018-02-172-13/+4
| | | | | | | | This increases the host name buffer to support host names (that include FQDNs) to 255 characters and removes the reliance on HOST_NAME_MAX and _POSIX_HOST_NAME_MAX which may be smaller in some situations. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/22
* Increase size of config file tokenArthur de Jong2017-12-231-1/+1
| | | | | | | | This increases the maximum size of tokens that are read from the nslcd.conf configuration file to 256 characters. This was a problem for some very long uri values. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/21
* Support spaces in attribute mapping expressionsArthur de Jong2017-10-132-6/+8
|
* Get files ready for 0.9.8 release0.9.8Arthur de Jong2017-06-2613-24/+313
|
* Ignore password hashes in consistent mannerArthur de Jong2017-06-252-7/+13
| | | | | | | This changes the getent and getent.ldap tests to ignore password hashes that may be present in shadow lookups in a consistent manner. This also adds minor compatibility improvements.
* Create pidfile directory in pynslcdArthur de Jong2017-06-253-9/+23
| | | | | This ensures that /var/run/nslcd is created (when it does not exist) when starting pynslcd.
* Add nss_uid_offset and nss_gid_offset to pynslcdArthur de Jong2017-06-253-9/+18
|
* Add the ability to offset UID and GID numbersSeth Wright2017-06-205-0/+51
|
* Portability improvements to test_ldapcmds.shArthur de Jong2017-06-182-6/+10
| | | | | | | | | This fixes an issue with the export statement in POSIX shell scripts, ensures that the commands in the output match those in the script, strips password hashes for shadow lookups (for systems without PAM where these are exposed) and only runs the tests if we enabled the utils. Fixes 246a1f3.
* Use uint8_t instead of u_int8_tArthur de Jong2017-06-181-4/+4
| | | | | | The former seems to be available on more platforms than the latter. Fixes be26510.
* Fix HAVE_DECL_PAM_ERROR usageArthur de Jong2017-06-181-2/+2
| | | | | | | The macro is supposed to be defined to 0 (instead of undefined) if pam_info() and pam_error() are not found. Fixes 3d5ab89.
* Also filter shadow entries by validnamesArthur de Jong2017-06-181-11/+24
|
* Fix and clarify a few commentsArthur de Jong2017-06-182-3/+3
|
* Fix pam_info() and pam_error() replacementArthur de Jong2017-06-162-5/+20
| | | | | | On FreeBSD these are functions while on Linux they are macros causing them to be incorrectly replaced on FreeBSD. This resulted in a crash of the PAM module when e.g. presenting messages about password expiry.
* Clean log from test_pamcmds.expectArthur de Jong2017-06-161-1/+1
| | | | | | This removes test_pamcmds.log that is generated by test_pamcmds.expect when running the test suite. This avoids an error in the distcheck target.
* Fix running test_ldapcmds.sh during distcheckArthur de Jong2017-06-161-85/+86
| | | | | | | | | | This ensures that Python can find both getent.py (from source directory) and constants.py (from build directory) when running the tests from the distcheck target. This also makes the script more similar to test_nsscmds.sh. Fixes 9c803d7.
* Add pam_authc_search optionArthur de Jong2017-06-158-225/+307
|\ | | | | | | | | This option can be used to configure the search operation that should be performed after authentication.
| * Allow skipping post-authentication search altogetherArthur de Jong2017-06-152-1/+8
| |
| * Implement myldap_bind() functionArthur de Jong2017-06-154-103/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | This function integrates the myldap_set_credentials() and myldap_get_policy_response() and performs the bind operation witout actually performing a search. The function performs a "fake" search that returns after performing the LDAP BIND operation. This replaces a number of dummy search operations that were there to ensure that the connection was open. This allows us to skip the search operation after authentication.
| * Implement handling of pam_authc_search optionArthur de Jong2017-06-151-13/+42
| | | | | | | | | | This allows performing a different, configurable search from the default BASE search after the BIND operation.
| * Document pam_authc_search optionArthur de Jong2017-06-151-1/+24
| |
| * Add pam_authc_search option parsingArthur de Jong2017-06-153-21/+48
| |
| * Reorganise PAM search var building functionsArthur de Jong2017-06-142-120/+135
|/ | | | | | | | | | This moves the autzsearch_var_add(), autzsearch_vars_free(), autzsearch_var_get() and do_autzsearches() functions to the top of the file using more generic names and introduces search_vars_new() in prepartion of other similar searches. This also renames the remaining authzsearch functions to authz_search to be consistent with the pam_authz_search option.
* Switch to HTTPS URLsArthur de Jong2017-06-133-4/+4
|
* Query ethernet addresses in compact and long formatArthur de Jong2017-06-135-43/+32
| | | | | | | | | | | This ensures that when querying the address 0:18:8a:54:1a:8b both that format and 00:18:8a:54:1a:8b is searched for in LDAP. This was triggerred by the fact that ether_ntoa() on FreeBSD returns the long format while glibc uses the compact format. Since we are no longer using the libc version of ether_ntoa() we can also drop the compatibility implementation of ether_ntoa_r().
* Log entries and lookups failing nss_min_uidArthur de Jong2017-06-071-2/+15
| | | | | | This logs (at debug level) any LDAP uidNumber attribute values (or translated objectSid attribute values) that are lower than nss_min_uid. It also logs getpwuid() requests for such uids.
* Make nslcd-utils Python 3 compatibleArthur de Jong2017-06-046-36/+53
| | | | | | | | This changes the getent.ldap and chsh.ldap commands to be compatible with Python 2 and Python 3 with the same code. This does switch to raw I/O because Python 3 does not support bufferred I/O on sockets.
* Add tests for getent.ldap commandArthur de Jong2017-06-044-11/+527
| | | | | | | | This more or less duplicates the tests from test_nsscmds.sh to test_ldapcmds.sh with some modifications for the differences in output. This also extends the test_nsscmds.sh tests to handle the case where shadow lookups do not go through LDAP.
* Fix output of getent.ldap networksArthur de Jong2017-06-041-1/+1
| | | | Contrary to the hosts output the network name is listed first.
* Fix IPv6 lookups in getent.ldapArthur de Jong2017-06-041-2/+2
|
* Accept multiple key arguments to getent.ldapArthur de Jong2017-06-042-118/+183
| | | | | This allows supplying multiple arguments to getent.ldap that will each act as a search key for lookups, similar to what normal getent allows.
* Exit with 0 when stopping nslcdArthur de Jong2017-02-071-1/+1
| | | | | | | When receiving a signal this will result in nslcd returning with a success exit code. Thanks Stanislav Moravec for pointing this out.
* Remove duplicate break statementArthur de Jong2016-09-041-1/+1
|
* Do not try all LDAP servers on failed authenticationArthur de Jong2016-09-041-0/+7
| | | | See https://bugs.launchpad.net/bugs/1618190
* Replace Python assertions with exceptionsArthur de Jong2016-08-301-3/+7
| | | | | | | | | The assertions can be optimised out when compiling the modules with -O which would break the protocol handling. This ensures that errors are properly handled even if optimisation is enabled. Thanks Yu-Chun Huang for reporting this. https://github.com/arthurdejong/nss-pam-ldapd/issues/14
* Get files ready for 0.9.7 release0.9.7Arthur de Jong2016-08-1414-29/+314
|
* Only run doctests when building pynslcdArthur de Jong2016-08-141-2/+2
|
* Avoid some warnings on FreeBSDArthur de Jong2016-08-141-33/+36
| | | | | This adds casts to and from void * for the function pointers that are passed around.
* Archive 2013 ChangeLog entriesArthur de Jong2016-07-273-1692/+1275
|
* Update files from latest automakeArthur de Jong2016-07-273-83/+140
|
* Also use module-name in utilities and man pagesArthur de Jong2016-07-273-5/+8
| | | | | | | | | This ensures that getent.ldap, chsh.ldap and manual pages with ldap in the name will be installed with the name as specified with --with-module-name. Note that the manual page content still describes the working within nss-pam-ldapd and still mention the ldap name.
* Ensure doctest also run in distcheckArthur de Jong2016-06-041-3/+5
| | | | | | This fixes test_doctest.sh to also work when the build directory is different from the source directory. This is needed because constants.py is only available in the build directory.
* Also honor ignorecase in PAMArthur de Jong2016-06-031-1/+1
| | | | | | | This avoids changing the cannonical username to the value as specified in LDAP when ignorecase is used. See https://github.com/arthurdejong/nss-pam-ldapd/issues/12
* Support ${var:offset:length} in pynslcdArthur de Jong2016-06-031-1/+29
|
* Fix pynslcd expression representationArthur de Jong2016-06-031-2/+2
| | | | | | The problem was that the ExpressionMapping string value did not include the quotes which will cause problems when printing the expression (e.g. when logging or dumping config, etc.).
* Add test for running doctestsArthur de Jong2016-06-032-2/+44
|