Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Avoid logging unknown socket peer informationHEADmasterArthur de Jong2018-09-081-3/+15
| | | | | This avoids logging the client PID when the underlying socker layer cannot provide the relevant information.
* Fix crash in chsh.ldapMizunashi Mana2018-09-051-1/+3
| | | | | | Specify result type of getusershell. Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/31
* Get files ready for 0.9.10 release0.9.10Arthur de Jong2018-09-0110-14/+96
|
* Update files from latest automakeArthur de Jong2018-09-0110-405/+386
|
* Add FreeBSD netgroup supportHWLin2018-08-292-1/+107
| | | | Closes: https://github.com/arthurdejong/nss-pam-ldapd/pull/29
* Make password expiry messages correct and consistentArthur de Jong2018-08-062-14/+14
| | | | | Thanks to Têko Mihinto. See https://bugzilla.redhat.com/show_bug.cgi?id=1612543
* Add domain variable for use in pam_authz_searchArthur de Jong2018-07-213-2/+8
| | | | | | | | | This adds a domain variable (if it can be determined on the system) that can be used in pam_authz_search and pam_authc_search filters to build search filters that search on the domain name (the FQDN without the starting host name). Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/8
* Add a Travis configuration fileArthur de Jong2018-07-213-5/+83
| | | | | | This ensures that the integration tests can be successfully run. It configures a slapd instance with the test database, configures the system to use LDAP authentication and runs the tests.
* Allow logging longer linesArthur de Jong2018-07-211-1/+1
| | | | | | | This increases the buffer that holds log messages so longer messages can be logged. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/26
* Create /var/run/nslcd/socket after dropping privilegesArthur de Jong2018-07-211-3/+3
| | | | | | | | | | This is needed to avoid a problem where a call to initgroups() can result in NSS lookups. If nscd is configured the mechanism to avoid loopback lookups using nss_ldap_enablelookups will not work and cause for delays on start-up. Note that this changes ownership of the socket to the user running nslcd.
* Get files ready for 0.9.9 release0.9.9Arthur de Jong2018-02-1810-26/+89
|
* Update files from latest automakeArthur de Jong2018-02-186-258/+298
|
* Fix running pylint on distcheckArthur de Jong2018-02-171-4/+9
| | | | | This sets PYTHONPATH so that both the source and build directories are used to find constants.py.
* Mark case blocks without break statementArthur de Jong2018-02-172-1/+9
| | | | | This avoids a gcc warning in non-empty case blocks without a break statement by explicitly marking those blocks.
* Increase size of hostname bufferArthur de Jong2018-02-172-13/+4
| | | | | | | | This increases the host name buffer to support host names (that include FQDNs) to 255 characters and removes the reliance on HOST_NAME_MAX and _POSIX_HOST_NAME_MAX which may be smaller in some situations. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/22
* Increase size of config file tokenArthur de Jong2017-12-231-1/+1
| | | | | | | | This increases the maximum size of tokens that are read from the nslcd.conf configuration file to 256 characters. This was a problem for some very long uri values. Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/21
* Support spaces in attribute mapping expressionsArthur de Jong2017-10-132-6/+8
|
* Get files ready for 0.9.8 release0.9.8Arthur de Jong2017-06-2613-24/+313
|
* Ignore password hashes in consistent mannerArthur de Jong2017-06-252-7/+13
| | | | | | | This changes the getent and getent.ldap tests to ignore password hashes that may be present in shadow lookups in a consistent manner. This also adds minor compatibility improvements.
* Create pidfile directory in pynslcdArthur de Jong2017-06-253-9/+23
| | | | | This ensures that /var/run/nslcd is created (when it does not exist) when starting pynslcd.
* Add nss_uid_offset and nss_gid_offset to pynslcdArthur de Jong2017-06-253-9/+18
|
* Add the ability to offset UID and GID numbersSeth Wright2017-06-205-0/+51
|
* Portability improvements to test_ldapcmds.shArthur de Jong2017-06-182-6/+10
| | | | | | | | | This fixes an issue with the export statement in POSIX shell scripts, ensures that the commands in the output match those in the script, strips password hashes for shadow lookups (for systems without PAM where these are exposed) and only runs the tests if we enabled the utils. Fixes 246a1f3.
* Use uint8_t instead of u_int8_tArthur de Jong2017-06-181-4/+4
| | | | | | The former seems to be available on more platforms than the latter. Fixes be26510.
* Fix HAVE_DECL_PAM_ERROR usageArthur de Jong2017-06-181-2/+2
| | | | | | | The macro is supposed to be defined to 0 (instead of undefined) if pam_info() and pam_error() are not found. Fixes 3d5ab89.
* Also filter shadow entries by validnamesArthur de Jong2017-06-181-11/+24
|
* Fix and clarify a few commentsArthur de Jong2017-06-182-3/+3
|
* Fix pam_info() and pam_error() replacementArthur de Jong2017-06-162-5/+20
| | | | | | On FreeBSD these are functions while on Linux they are macros causing them to be incorrectly replaced on FreeBSD. This resulted in a crash of the PAM module when e.g. presenting messages about password expiry.
* Clean log from test_pamcmds.expectArthur de Jong2017-06-161-1/+1
| | | | | | This removes test_pamcmds.log that is generated by test_pamcmds.expect when running the test suite. This avoids an error in the distcheck target.
* Fix running test_ldapcmds.sh during distcheckArthur de Jong2017-06-161-85/+86
| | | | | | | | | | This ensures that Python can find both getent.py (from source directory) and constants.py (from build directory) when running the tests from the distcheck target. This also makes the script more similar to test_nsscmds.sh. Fixes 9c803d7.
* Add pam_authc_search optionArthur de Jong2017-06-158-225/+307
|\ | | | | | | | | This option can be used to configure the search operation that should be performed after authentication.
| * Allow skipping post-authentication search altogetherArthur de Jong2017-06-152-1/+8
| |
| * Implement myldap_bind() functionArthur de Jong2017-06-154-103/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | This function integrates the myldap_set_credentials() and myldap_get_policy_response() and performs the bind operation witout actually performing a search. The function performs a "fake" search that returns after performing the LDAP BIND operation. This replaces a number of dummy search operations that were there to ensure that the connection was open. This allows us to skip the search operation after authentication.
| * Implement handling of pam_authc_search optionArthur de Jong2017-06-151-13/+42
| | | | | | | | | | This allows performing a different, configurable search from the default BASE search after the BIND operation.
| * Document pam_authc_search optionArthur de Jong2017-06-151-1/+24
| |
| * Add pam_authc_search option parsingArthur de Jong2017-06-153-21/+48
| |
| * Reorganise PAM search var building functionsArthur de Jong2017-06-142-120/+135
|/ | | | | | | | | | This moves the autzsearch_var_add(), autzsearch_vars_free(), autzsearch_var_get() and do_autzsearches() functions to the top of the file using more generic names and introduces search_vars_new() in prepartion of other similar searches. This also renames the remaining authzsearch functions to authz_search to be consistent with the pam_authz_search option.
* Switch to HTTPS URLsArthur de Jong2017-06-133-4/+4
|
* Query ethernet addresses in compact and long formatArthur de Jong2017-06-135-43/+32
| | | | | | | | | | | This ensures that when querying the address 0:18:8a:54:1a:8b both that format and 00:18:8a:54:1a:8b is searched for in LDAP. This was triggerred by the fact that ether_ntoa() on FreeBSD returns the long format while glibc uses the compact format. Since we are no longer using the libc version of ether_ntoa() we can also drop the compatibility implementation of ether_ntoa_r().
* Log entries and lookups failing nss_min_uidArthur de Jong2017-06-071-2/+15
| | | | | | This logs (at debug level) any LDAP uidNumber attribute values (or translated objectSid attribute values) that are lower than nss_min_uid. It also logs getpwuid() requests for such uids.
* Make nslcd-utils Python 3 compatibleArthur de Jong2017-06-046-36/+53
| | | | | | | | This changes the getent.ldap and chsh.ldap commands to be compatible with Python 2 and Python 3 with the same code. This does switch to raw I/O because Python 3 does not support bufferred I/O on sockets.
* Add tests for getent.ldap commandArthur de Jong2017-06-044-11/+527
| | | | | | | | This more or less duplicates the tests from test_nsscmds.sh to test_ldapcmds.sh with some modifications for the differences in output. This also extends the test_nsscmds.sh tests to handle the case where shadow lookups do not go through LDAP.
* Fix output of getent.ldap networksArthur de Jong2017-06-041-1/+1
| | | | Contrary to the hosts output the network name is listed first.
* Fix IPv6 lookups in getent.ldapArthur de Jong2017-06-041-2/+2
|
* Accept multiple key arguments to getent.ldapArthur de Jong2017-06-042-118/+183
| | | | | This allows supplying multiple arguments to getent.ldap that will each act as a search key for lookups, similar to what normal getent allows.
* Exit with 0 when stopping nslcdArthur de Jong2017-02-071-1/+1
| | | | | | | When receiving a signal this will result in nslcd returning with a success exit code. Thanks Stanislav Moravec for pointing this out.
* Remove duplicate break statementArthur de Jong2016-09-041-1/+1
|
* Do not try all LDAP servers on failed authenticationArthur de Jong2016-09-041-0/+7
| | | | See https://bugs.launchpad.net/bugs/1618190
* Replace Python assertions with exceptionsArthur de Jong2016-08-301-3/+7
| | | | | | | | | The assertions can be optimised out when compiling the modules with -O which would break the protocol handling. This ensures that errors are properly handled even if optimisation is enabled. Thanks Yu-Chun Huang for reporting this. https://github.com/arthurdejong/nss-pam-ldapd/issues/14
* Get files ready for 0.9.7 release0.9.7Arthur de Jong2016-08-1414-29/+314
|