Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/myldap.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix formatting of size_t valuesPatrick McLean2015-03-141-6/+6
| | | | | | | | In several places the code used a %d format to print a size_t variable. On amd64 at least size_t is an unsigned long, so use %lu instead. An alternative would be to use %ud for size_t and %zd fo ssize_t but not all platforms seem to support that formatter.
* Avoid comparison of static array to null pointerPatrick McLean2015-03-111-4/+4
| | | | | | | There are several places where a static length array in a struct is compared to a null pointer. These comparisons will always be false, since an array in a struct is not actually a pointer, so they can be removed.
* Avoid accessing searches outside arrayArthur de Jong2015-01-191-1/+1
| | | | | | | Thanks David Binderma for pointing this out. Note that in practical situations this should not result in any errors due to the position of searches within the ldap_session struct.
* Minor comment spelling fixTim Harder2014-07-021-1/+1
|
* Check a socket's connectivity before trying to use itTim Harder2014-07-021-11/+37
| | | | | | | | | This alleviates some cases where multi-second lag occurs before a query returns due to some or all connections having been closed by the peer, e.g. a load balancer timing out old connections, but they are all tried before opening new connections. Tested and working on Linux.
* Clear buffers before free-ingArthur de Jong2014-05-171-0/+2
| | | | | This clears most buffers that may hold credentials at one point before free()ing the memory.
* Also extract policy controls on BIND failureArthur de Jong2014-05-041-10/+9
| | | | | | | | | This ensures that controls returned by an LDAP server as part of a failed BIND operation are also returned. This makes it possible to distinguish between a wrong password and an expired password. This also only logs the BIND operation result on DEBUG level (the error is logged later on).
* Make buffer size error logging consistentArthur de Jong2014-05-041-0/+7
| | | | | This adds logging of most cases where a defined buffer is not large enough to hold provided data on error log level.
* Warn when binddn buffer is too smallArthur de Jong2014-05-041-1/+17
|
* Provide a myldap_get_deref_values() functionArthur de Jong2014-01-051-0/+148
| | | | | | | This function looks for deref response controls (LDAP_CONTROL_X_DEREF) in the entry and returns the information from the dereferenced attribute in two lists: dereferenced values and attribute values that could not be dereferenced.
* Request attribute deref via search controlArthur de Jong2014-01-051-1/+34
| | | | | | | | | | This uses the LDAP_CONTROL_X_DEREF control as descibed in draft-masarati-ldap-deref-00 to request the LDAP server to dereference member attribute values to uid attribute values in order to avoid doing extra searches. This control is currently only added for group search by looking for the member attribute in the search.
* Rename entry property to indicate storage typeArthur de Jong2014-01-051-20/+20
| | | | | | This changes entrye->rangedattributevalues to entry->buffers because the propery is not only used for ranged attribute values but for anything that can be freed with free().
* Ignore missing page controlsArthur de Jong2014-01-051-1/+2
| | | | | Since we could get arbitrray controls and are only interested in page controls we ignore failures to find page controls.
* Use do_try_search() also for paged searchesArthur de Jong2014-01-051-46/+24
| | | | | This also changes do_try_search() to support building continued paged controls and lays the groundwork for adding more search controls.
* Centralise buffer sizesArthur de Jong2013-12-181-4/+4
| | | | | | Common buffer sizes are now stored centrally so it can be easily and consistently updated if required. Some buffers remain with locally defined sizes that do not match a global buffer size.
* Also run invalidators on initial connectArthur de Jong2013-10-251-2/+13
| | | | | | This also invalidates the caches configured with reconnect_invalidate on the first successful search. This should handle the case more gracefully where caches were filled with negative hits before nslcd was running.
* Fix for common spelling mistakeArthur de Jong2013-08-281-1/+1
|
* Implement function for resetting reconnect timesArthur de Jong2013-08-211-0/+22
| | | | | | | | | | This implemens a myldap_immediate_reconnect() function that resets the reconnect timer to retry failing connections to the LDAP server upon the next search. This can be used to cut the reconnect_sleeptime and reconnect_retrytime sleeping periodss short if we have some indication that the LDAP server is available again.
* Rename nscd_invalidate option to reconnect_invalidateArthur de Jong2013-07-261-2/+2
| | | | | This also renames the internal nscd module to invalidator for both nslcd and pynslcd. The new invalidator module is now no longer nscd-specific.
* spelling fixesArthur de Jong2013-03-241-1/+1
|
* start the nscd invalidator and invalidate the nscd cache ↵Arthur de Jong2013-03-091-0/+4
| | | | after reconnecting to the LDAP server after failure
* return the password policy bind information via PAMArthur de Jong2013-03-031-0/+11
|
* request and parse password policy controls when doing ↵Arthur de Jong2013-03-031-6/+206
| | | | user authentication in nslcd
* pass the session along to the do_bind() functionArthur de Jong2013-03-031-8/+8
|
* have myldap_get_ranged_values() return a list of values ↵Arthur de Jong2013-01-121-19/+13
| | | | | | instead of a set git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1912 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix memory leak in myldap_get_values_len() when using ↵Arthur de Jong2013-01-121-0/+6
| | | | | | ranged attributes (very unlikely to occur) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1910 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix a problem in memory handling in ↵Arthur de Jong2013-01-121-2/+4
| | | | | | myldap_get_values_len() if malloc() would fail git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1909 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix typo in commentArthur de Jong2013-01-101-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1906 ef36b2f9-881f-0410-afb5-c4e39611909c
* update FIXMEsArthur de Jong2013-01-051-1/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1901 ef36b2f9-881f-0410-afb5-c4e39611909c
* inline most is_valid_...() functionsArthur de Jong2013-01-051-27/+11
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1898 ef36b2f9-881f-0410-afb5-c4e39611909c
* log and return a diagnostic message instead of just the ↵Arthur de Jong2013-01-011-0/+26
| | | | | | LDAP error on password change failure git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1895 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix setting restart option log message (fixes r1889)Arthur de Jong2013-01-011-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1892 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove undocumented restart configuration optionArthur de Jong2012-12-301-4/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1889 ef36b2f9-881f-0410-afb5-c4e39611909c
* reorganise and rename configuration options to be in ↵Arthur de Jong2012-12-301-6/+6
| | | | | | line with manual page git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1888 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove the ldc_ prefix from struct ldap_config fieldsArthur de Jong2012-12-301-82/+82
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
* update C coding style to a more commonly used styleArthur de Jong2012-12-221-721/+756
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix logic error (use && instead of & for logical and)Arthur de Jong2012-12-201-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1868 ef36b2f9-881f-0410-afb5-c4e39611909c
* to only set LDAP_OPT_X_SASL_NOCANON if the ↵Arthur de Jong2012-11-131-2/+5
| | | | | | sasl_canonicalize option is explicitly set in the configuration file git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1824 ef36b2f9-881f-0410-afb5-c4e39611909c
* log connection message before clearing error indicators ↵Arthur de Jong2012-11-111-3/+3
| | | | | | to not hide these log messages in most configurations (fixes r1095) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1814 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix logic error when falling back to getting ranged ↵Arthur de Jong2012-09-161-1/+4
| | | | | | attribute values for possibly binary attributes (thanks scan-build) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1770 ef36b2f9-881f-0410-afb5-c4e39611909c
* swap values and buf assignment to avoid compiler ↵Arthur de Jong2012-09-161-3/+3
| | | | | | alignment warnings git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1769 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide an alternative do_rebind() for Netscape LDAPArthur de Jong2012-09-011-0/+29
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1745 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove variable definition that was introduced in r1626 ↵Arthur de Jong2012-08-141-1/+0
| | | | | | but should have been removed in r1714 git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1734 ef36b2f9-881f-0410-afb5-c4e39611909c
* introduce a sasl_canonicalize option that will now, by ↵Arthur de Jong2012-08-141-0/+4
| | | | | | default, disable reverse host name lookups in OpenLDAP git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1733 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove duplicate getting of LDAP_OPT_DIAGNOSTIC_MESSAGE ↵Arthur de Jong2012-07-081-5/+0
| | | | | | (should have been part of r1639) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1714 ef36b2f9-881f-0410-afb5-c4e39611909c
* get rid of a few compiler warnings on FreeBSDArthur de Jong2012-05-181-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1693 ef36b2f9-881f-0410-afb5-c4e39611909c
* always try to log the ldap error, the diagnostic message ↵Arthur de Jong2012-03-161-42/+68
| | | | | | and errno if available in a consistent format git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1639 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove extra newline from log messageArthur de Jong2012-03-051-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1627 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide more detailed logging information for ↵Arthur de Jong2012-03-051-3/+11
| | | | | | ldap_start_tls_s() failures (based on a patch by Mel Flynn) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1626 ef36b2f9-881f-0410-afb5-c4e39611909c
* log the first 10 search results in debug mode to make ↵Arthur de Jong2012-02-291-1/+16
| | | | | | debugging easier (patch by Matthijs Kooijman) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1625 ef36b2f9-881f-0410-afb5-c4e39611909c