| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
|
|
|
| |
Closes: https://github.com/arthurdejong/nss-pam-ldapd/pull/29
|
|
|
|
|
| |
Thanks to Têko Mihinto.
See https://bugzilla.redhat.com/show_bug.cgi?id=1612543
|
|
|
|
|
|
|
|
|
| |
This adds a domain variable (if it can be determined on the system) that
can be used in pam_authz_search and pam_authc_search filters to build
search filters that search on the domain name (the FQDN without the
starting host name).
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/8
|
|
|
|
|
|
| |
This ensures that the integration tests can be successfully run. It
configures a slapd instance with the test database, configures the
system to use LDAP authentication and runs the tests.
|
|
|
|
|
|
|
| |
This increases the buffer that holds log messages so longer messages can
be logged.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/26
|
|
|
|
|
|
|
|
|
|
| |
This is needed to avoid a problem where a call to initgroups() can
result in NSS lookups. If nscd is configured the mechanism to avoid
loopback lookups using nss_ldap_enablelookups will not work and cause
for delays on start-up.
Note that this changes ownership of the socket to the user running
nslcd.
|
| |
|
| |
|
|
|
|
|
| |
This sets PYTHONPATH so that both the source and build directories are
used to find constants.py.
|
|
|
|
|
| |
This avoids a gcc warning in non-empty case blocks without a break
statement by explicitly marking those blocks.
|
|
|
|
|
|
|
|
| |
This increases the host name buffer to support host names (that include
FQDNs) to 255 characters and removes the reliance on HOST_NAME_MAX and
_POSIX_HOST_NAME_MAX which may be smaller in some situations.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/22
|
|
|
|
|
|
|
|
| |
This increases the maximum size of tokens that are read from the
nslcd.conf configuration file to 256 characters. This was a problem for
some very long uri values.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/21
|
| |
|
| |
|
|
|
|
|
|
|
| |
This changes the getent and getent.ldap tests to ignore password hashes
that may be present in shadow lookups in a consistent manner.
This also adds minor compatibility improvements.
|
|
|
|
|
| |
This ensures that /var/run/nslcd is created (when it does not exist)
when starting pynslcd.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes an issue with the export statement in POSIX shell scripts,
ensures that the commands in the output match those in the script,
strips password hashes for shadow lookups (for systems without PAM where
these are exposed) and only runs the tests if we enabled the utils.
Fixes 246a1f3.
|
|
|
|
|
|
| |
The former seems to be available on more platforms than the latter.
Fixes be26510.
|
|
|
|
|
|
|
| |
The macro is supposed to be defined to 0 (instead of undefined) if
pam_info() and pam_error() are not found.
Fixes 3d5ab89.
|
| |
|
| |
|
|
|
|
|
|
| |
On FreeBSD these are functions while on Linux they are macros causing
them to be incorrectly replaced on FreeBSD. This resulted in a crash of
the PAM module when e.g. presenting messages about password expiry.
|
|
|
|
|
|
| |
This removes test_pamcmds.log that is generated by test_pamcmds.expect
when running the test suite. This avoids an error in the distcheck
target.
|
|
|
|
|
|
|
|
|
|
| |
This ensures that Python can find both getent.py (from source directory)
and constants.py (from build directory) when running the tests from the
distcheck target.
This also makes the script more similar to test_nsscmds.sh.
Fixes 9c803d7.
|
|\
| |
| |
| |
| | |
This option can be used to configure the search operation that should be
performed after authentication.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This function integrates the myldap_set_credentials() and
myldap_get_policy_response() and performs the bind operation witout
actually performing a search.
The function performs a "fake" search that returns after performing the
LDAP BIND operation.
This replaces a number of dummy search operations that were there to
ensure that the connection was open. This allows us to skip the search
operation after authentication.
|
| |
| |
| |
| |
| | |
This allows performing a different, configurable search from the default
BASE search after the BIND operation.
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
| |
This moves the autzsearch_var_add(), autzsearch_vars_free(),
autzsearch_var_get() and do_autzsearches() functions to the top of the
file using more generic names and introduces search_vars_new() in
prepartion of other similar searches.
This also renames the remaining authzsearch functions to authz_search to
be consistent with the pam_authz_search option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures that when querying the address 0:18:8a:54:1a:8b both that
format and 00:18:8a:54:1a:8b is searched for in LDAP.
This was triggerred by the fact that ether_ntoa() on FreeBSD returns the
long format while glibc uses the compact format.
Since we are no longer using the libc version of ether_ntoa() we can
also drop the compatibility implementation of ether_ntoa_r().
|
|
|
|
|
|
| |
This logs (at debug level) any LDAP uidNumber attribute values (or
translated objectSid attribute values) that are lower than nss_min_uid.
It also logs getpwuid() requests for such uids.
|
|
|
|
|
|
|
|
| |
This changes the getent.ldap and chsh.ldap commands to be compatible
with Python 2 and Python 3 with the same code.
This does switch to raw I/O because Python 3 does not support bufferred
I/O on sockets.
|
|
|
|
|
|
|
|
| |
This more or less duplicates the tests from test_nsscmds.sh to
test_ldapcmds.sh with some modifications for the differences in output.
This also extends the test_nsscmds.sh tests to handle the case where
shadow lookups do not go through LDAP.
|
|
|
|
| |
Contrary to the hosts output the network name is listed first.
|
| |
|
|
|
|
|
| |
This allows supplying multiple arguments to getent.ldap that will each
act as a search key for lookups, similar to what normal getent allows.
|
|
|
|
|
|
|
| |
When receiving a signal this will result in nslcd returning with a
success exit code.
Thanks Stanislav Moravec for pointing this out.
|
| |
|
|
|
|
| |
See https://bugs.launchpad.net/bugs/1618190
|
|
|
|
|
|
|
|
|
| |
The assertions can be optimised out when compiling the modules with -O
which would break the protocol handling. This ensures that errors are
properly handled even if optimisation is enabled.
Thanks Yu-Chun Huang for reporting this.
https://github.com/arthurdejong/nss-pam-ldapd/issues/14
|
| |
|
| |
|
|
|
|
|
| |
This adds casts to and from void * for the function pointers that are
passed around.
|
| |
|