Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/myldap.c
Commit message (Collapse)AuthorAgeFilesLines
* handle errors from ldap_result() better and disconnect ↵Arthur de Jong2010-09-241-32/+37
| | | | | | (and reconnect) in more cases (r1207 and r1208 from trunk) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.7@1211 ef36b2f9-881f-0410-afb5-c4e39611909c
* add logging to SASL interaction functionArthur de Jong2010-06-191-0/+12
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1154 ef36b2f9-881f-0410-afb5-c4e39611909c
* improve debug logging of SASL bind callsArthur de Jong2010-06-191-4/+14
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1153 ef36b2f9-881f-0410-afb5-c4e39611909c
* make SASL binding code a little earier to readArthur de Jong2010-06-181-16/+12
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1149 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove the use_sasl option and instead rely on sasl_mech ↵Arthur de Jong2010-06-181-1/+1
| | | | | | being specified git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1148 ef36b2f9-881f-0410-afb5-c4e39611909c
* only log "connected to LDAP server" if the previous ↵Arthur de Jong2010-05-091-2/+3
| | | | | | connect failed or we are failing over to a different server git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1095 ef36b2f9-881f-0410-afb5-c4e39611909c
* rename reconnect_maxsleeptime option to reconnect_retrytimeArthur de Jong2010-05-091-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1094 ef36b2f9-881f-0410-afb5-c4e39611909c
* don't log errno if it is not set (make error less confusing)Arthur de Jong2010-05-091-6/+9
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1093 ef36b2f9-881f-0410-afb5-c4e39611909c
* handle authentication searches a little differently ↵Arthur de Jong2010-05-091-6/+14
| | | | | | (only try once if an authentication error is returned) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1092 ef36b2f9-881f-0410-afb5-c4e39611909c
* refactor retry timing mechanism to use time between ↵Arthur de Jong2010-05-091-24/+37
| | | | | | first and last error to determin when to rerty and only try once (and don't sleep) when we have been failing for a long time git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1091 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix buffer overflowArthur de Jong2010-05-071-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1085 ef36b2f9-881f-0410-afb5-c4e39611909c
* don't have myldap_set_credentials() try to open a ↵Arthur de Jong2010-04-131-3/+1
| | | | | | connection but have the PAM code perform a search with the new credentials so we re-use the fail-over mechanism in myldap_search() git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1079 ef36b2f9-881f-0410-afb5-c4e39611909c
* also have myldap_search() return an LDAP status codeArthur de Jong2010-04-131-3/+14
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1078 ef36b2f9-881f-0410-afb5-c4e39611909c
* have less warnings when LDAP_OPT_X_TLS isn't definedArthur de Jong2010-02-281-0/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1074 ef36b2f9-881f-0410-afb5-c4e39611909c
* first try password modification without the old password ↵Arthur de Jong2010-02-171-4/+18
| | | | | | and if that fails with the old password git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1064 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix for type mismatch (thanks to Jan Schampera)Arthur de Jong2010-01-251-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1061 ef36b2f9-881f-0410-afb5-c4e39611909c
* make logging of passwords consistent and support a NULL ↵Arthur de Jong2010-01-241-10/+11
| | | | | | oldpassword value in myldap_passwd() git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1057 ef36b2f9-881f-0410-afb5-c4e39611909c
* free data returned from ldap_passwd_s() call if needed ↵Arthur de Jong2010-01-241-10/+8
| | | | | | and add missing casts git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1056 ef36b2f9-881f-0410-afb5-c4e39611909c
* some small simplifcations and clarificationsArthur de Jong2009-12-291-16/+7
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1046 ef36b2f9-881f-0410-afb5-c4e39611909c
* change dict and set API to perform loops with a list of ↵Arthur de Jong2009-12-131-56/+11
| | | | | | strings instead of loop_first() and loop_next() functions git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1028 ef36b2f9-881f-0410-afb5-c4e39611909c
* also log uri when ldap_start_tls_s() failsArthur de Jong2009-11-011-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1012 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide replacement functions for ldap_initialize() and ↵Arthur de Jong2009-10-171-9/+1
| | | | | | ldap_passwd_s() and centralise LDAP compatibility hacks into ldap_compat.h git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1007 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix some header checks in configure and fix ↵Arthur de Jong2009-10-081-3/+3
| | | | | | ldap_set_rebind_proc() return type check git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1003 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement password changing in the PAM module by ↵Arthur de Jong2009-10-071-0/+37
| | | | | | performing an LDAP password modify EXOP request git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1000 ef36b2f9-881f-0410-afb5-c4e39611909c
* some compatibility improvementsArthur de Jong2009-10-051-0/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@998 ef36b2f9-881f-0410-afb5-c4e39611909c
* rename software to nss-pam-ldapdArthur de Jong2009-08-311-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@978 ef36b2f9-881f-0410-afb5-c4e39611909c
* also compile correctly if ↵Arthur de Jong2009-06-041-1/+1
| | | | | | HAVE_LDAP_SASL_INTERACTIVE_BIND_S is not set git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@929 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement myldap_set_credentials() and myldap_cpy_dn() ↵Arthur de Jong2009-06-031-0/+42
| | | | | | which will be used in the PAM lookups (from nss-pam-ldapd branch) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@921 ef36b2f9-881f-0410-afb5-c4e39611909c
* set most SSL/TLS related options globally instead of per ↵Arthur de Jong2009-05-011-44/+0
| | | | | | connection git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@853 ef36b2f9-881f-0410-afb5-c4e39611909c
* move debugging initialisation to myldap_set_debuglevel() ↵Arthur de Jong2009-04-301-31/+43
| | | | | | function git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@852 ef36b2f9-881f-0410-afb5-c4e39611909c
* produce more logging and get OpenLDAP logging working by ↵Arthur de Jong2009-04-251-10/+55
| | | | | | logging to stderr (and implement temporary workaround for reqcert problems) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@850 ef36b2f9-881f-0410-afb5-c4e39611909c
* clear errno before ldap calls to get usable returned errnoArthur de Jong2009-04-251-0/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@848 ef36b2f9-881f-0410-afb5-c4e39611909c
* rename the tls_checkpeer option to tls_reqcert, ↵Arthur de Jong2008-12-061-4/+3
| | | | | | deprecating the old name and supporting all options that OpenLDAP supports for that value git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@805 ef36b2f9-881f-0410-afb5-c4e39611909c
* use tls_* options also for StartTLS connectionsArthur de Jong2008-11-291-36/+36
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@802 ef36b2f9-881f-0410-afb5-c4e39611909c
* also retry if ldap_result() failed and getting error ↵Arthur de Jong2008-09-241-1/+1
| | | | | | number returned LDAP_SUCCESS git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@787 ef36b2f9-881f-0410-afb5-c4e39611909c
* log option name instead of option value for ↵Arthur de Jong2008-09-241-1/+1
| | | | | | ldap_set_option() value git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@786 ef36b2f9-881f-0410-afb5-c4e39611909c
* LDAP_OPT_X_TLS_REQUIRE_CERT is not a booleanArthur de Jong2008-07-101-4/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@773 ef36b2f9-881f-0410-afb5-c4e39611909c
* replace https:// by ldaps:// (stupid typo)Arthur de Jong2008-06-171-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@770 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement SASL authentication based on a patch by Dan ↵Arthur de Jong2008-06-141-22/+47
| | | | | | White <dwhite@olp.net> git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@762 ef36b2f9-881f-0410-afb5-c4e39611909c
* also set TLS options if an ldaps:// URL is specifiedArthur de Jong2008-06-061-2/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@749 ef36b2f9-881f-0410-afb5-c4e39611909c
* miscellaneous portability improvementsArthur de Jong2008-06-061-1/+10
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@742 ef36b2f9-881f-0410-afb5-c4e39611909c
* add sanity checks to sleep calls to never sleep too long ↵Arthur de Jong2008-05-161-0/+2
| | | | | | (problems could occur when the clock moves backwards) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@738 ef36b2f9-881f-0410-afb5-c4e39611909c
* close the connection and retry the search (once) if the ↵Arthur de Jong2008-05-111-0/+24
| | | | | | search fails with the first call to myldap_get_entry() (starting a search doesn't always give an error when the connection has been broken) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@733 ef36b2f9-881f-0410-afb5-c4e39611909c
* split retry mechanism of myldap_search() into a new ↵Arthur de Jong2008-05-111-45/+58
| | | | | | do_retry_search() function git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@732 ef36b2f9-881f-0410-afb5-c4e39611909c
* allocate the search memory region in myldap_search() ↵Arthur de Jong2008-05-111-31/+27
| | | | | | instead of in do_try_search() and have the latter return an LDAP status code git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@731 ef36b2f9-881f-0410-afb5-c4e39611909c
* also allow closing of searches that no longer have a ↵Arthur de Jong2008-05-111-19/+13
| | | | | | valid connection and integrate myldap_search_free() into myldap_search_close() git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@730 ef36b2f9-881f-0410-afb5-c4e39611909c
* only support tls-related options if LDAP library ↵Arthur de Jong2008-05-021-0/+11
| | | | | | supports TLS, only add rebind code if ldap_set_rebind_proc() is found and only set LDAP_X_OPT_CONNECT_TIMEOUT if that option is supported git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@716 ef36b2f9-881f-0410-afb5-c4e39611909c
* support ranged attribute valuesArthur de Jong2008-05-011-1/+166
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@715 ef36b2f9-881f-0410-afb5-c4e39611909c
* also close the LDAP connection on LDAP_SERVER_DOWN ↵Arthur de Jong2008-04-261-4/+4
| | | | | | (besides LDAP_UNAVAILABLE) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@709 ef36b2f9-881f-0410-afb5-c4e39611909c
* ensure that the connection to the LDAP server is closed ↵Arthur de Jong2008-04-261-0/+15
| | | | | | whenever any of the ldap_*() functions return LDAP_UNAVAILABLE git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@702 ef36b2f9-881f-0410-afb5-c4e39611909c