Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/nslcd.c
Commit message (Collapse)AuthorAgeFilesLines
* Various small fixes when using --with-module-nameArthur de Jong2015-03-221-1/+1
| | | | | | | This updates the test framework to support --with-module-name, ensures that exports.map is rebuilt when configure is re-ran, fixes parsing of nsswitch.conf (to determine what to return for passwd lookups) and fixes the check for _nss_ldap_version.
* Don't let the oom killer kill nslcdPatrick McLean2015-03-111-0/+23
| | | | | Adjust the Linux OOM (Out-Of-Memory) killer score by -1000 for nslcd so that it should not be killed.
* Allow configuration of NSS and PAM namesArthur de Jong2015-01-191-3/+3
| | | | This introduces the --with-module-name configure option to allow building of NSS and PAM modules with different namespaces than ldap.
* Fix format stringArthur de Jong2014-10-101-3/+3
| | | Thanks Jianhai Luan.
* Block signals sooner to avoid race conditionsArthur de Jong2014-10-041-11/+11
|
* uid_t/gid_t should be formatted as unsigned longJason Luan2014-09-301-13/+13
| | | | | | | | | mmkfilter_passwd_byuid()/mkfilter_group_bygid() get wrong filter string because "%d" will return negative when uid/gid larger than 2^31, and result to "Authentiction failure". This also changes the other places where uid_t or gid_t values are formatted.
* Log daemonising failuresArthur de Jong2014-05-041-0/+1
| | | | | This also clears errno in the main function to ensure that no incorrect errno value is logged on errors.
* Properly daemonise nslcd and only exit when readyArthur de Jong2014-01-021-14/+27
| | | | | | | | | | | This introduces a new daemonize module that provides functions for closing all file descriptors, redirecting stdin/stdout/stderr to /dev/null and a function for backgrounding an application while only exiting the original process after the daemon process has indicated readiness. This is used to exit the original process only after the listening socket has been set up and the worker threads have been started.
* Fix a number of compiler warningsArthur de Jong2013-10-291-1/+1
| | | | | This includes a number of small fixes for issues that were formerly masked by the incorrect AC_LANG_PROGRAM check.
* Start invalidator after locking pidfileArthur de Jong2013-10-291-7/+9
| | | | | | This causes the pidfile to be written as the first thing after daemonising nslcd to minimise the race between service script completion and pidfile being locked.
* Use larger nslcd send buffersArthur de Jong2013-09-081-1/+1
| | | | | | | | | | | | | | By using bigger write buffers in nslcd we reduce the number of writes in nslcd and consequently the number of reads in the NSS and PAM modules for bigger responses. This reduces the number of system calls that are made during a request and brings a small performance improvement that is mainly measurable in the NSS module. A measurement showed 30-80% reduction in the number of system calls in the NSS module and around 10% reduction in CPU usage (CPU time, only small reduction in wallclock time). Thanks John Sullivan for pointing this out.
* Ignore SIGUSR2 for future compatibilityArthur de Jong2013-08-231-1/+1
|
* Handle SIGUSR1 by resetting the retry timerArthur de Jong2013-08-211-14/+21
| | | | | | This implements and documents handling of the SIGUSR1 signal in nslcd to reset the reconnect_sleeptime and reconnect_retrytime timers to re-check availability of the LDAP server.
* Return partial shadow information to non-root usersArthur de Jong2013-08-211-4/+2
| | | | | | | | | | | | | | This also returns everything except the password hash from the shadow database to non-root users (nothing was returned before). This allows non-root users to do PAM authentication in some configurations. On some systems there is a setgid executable that is allowed to read /etc/shadow for authentication by e.g. screensavers. Returning no shadow information will cause pam_unix to deny authorisation in common configurations. See: http://bugs.debian.org/706913
* -n switch for nslcd (prevents process from forking)Caleb Callaway2013-08-181-2/+10
|
* Rename nscd_invalidate option to reconnect_invalidateArthur de Jong2013-07-261-3/+3
| | | | | This also renames the internal nscd module to invalidator for both nslcd and pynslcd. The new invalidator module is now no longer nscd-specific.
* Fix commentArthur de Jong2013-04-031-1/+1
|
* Handle user modification requests in nslcdArthur de Jong2013-03-301-0/+1
| | | | | | | This is currently limited to supporting modification of the homeDirectory and loginShell attributes. Modifications as root currently use the rootpwmoddn and rootpwmodpw options.
* start the nscd invalidator and invalidate the nscd cache ↵Arthur de Jong2013-03-091-0/+6
| | | | after reconnecting to the LDAP server after failure
* move signame() function to common.c to make it available ↵Arthur de Jong2013-03-091-55/+0
| | | | to all modules
* log version information from the NSS moduleArthur de Jong2013-02-231-1/+11
|
* extra sanity check to ensure not too many file ↵Arthur de Jong2013-02-231-0/+5
| | | | descriptors are open
* handle the log configuration option in nslcdArthur de Jong2013-02-231-8/+8
|
* implement a netgroup_all requestArthur de Jong2013-02-081-0/+1
|
* make checking dlsym() result a little saferArthur de Jong2013-01-181-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1925 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove the ldc_ prefix from struct ldap_config fieldsArthur de Jong2012-12-301-19/+19
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
* update C coding style to a more commonly used styleArthur de Jong2012-12-221-318/+331
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
* make nslcd actions hexadecimal values with some ↵Arthur de Jong2012-12-161-2/+2
| | | | | | structure to make debugging easier git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1866 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch protocol from host byte order to network byte ↵Arthur de Jong2012-12-161-5/+6
| | | | | | order and switch use of uid_t and gid_t in the protocol to int32 git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1864 ef36b2f9-881f-0410-afb5-c4e39611909c
* if nslcd creates the state directory, try to set the ↵Arthur de Jong2012-10-141-2/+8
| | | | | | right ownership git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1795 ef36b2f9-881f-0410-afb5-c4e39611909c
* use poll() instead of select() for checking file ↵Arthur de Jong2012-10-121-7/+7
| | | | | | descriptor activity to also correctly work if more than FD_SETSIZE files are already open git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1783 ef36b2f9-881f-0410-afb5-c4e39611909c
* include an explicit cast to int when printing gid_t ↵Arthur de Jong2012-09-011-2/+2
| | | | | | (fixes r1723) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1744 ef36b2f9-881f-0410-afb5-c4e39611909c
* on startup have the gid option default to the primary ↵Arthur de Jong2012-07-201-9/+20
| | | | | | group of the specified user and load the user's supplementary groups git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1723 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a pam_password_prohibit_message nslcd.conf ↵Arthur de Jong2012-07-081-0/+1
| | | | | | option to deny password change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted Cheng git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1715 ef36b2f9-881f-0410-afb5-c4e39611909c
* get rid of a few compiler warnings on FreeBSDArthur de Jong2012-05-181-0/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1693 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide a compatibility definition of SUN_LEN() for ↵Arthur de Jong2012-05-091-0/+1
| | | | | | systems that lack it git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1686 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove duplicate debug from log messageArthur de Jong2012-05-091-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1685 ef36b2f9-881f-0410-afb5-c4e39611909c
* don't try to close _SC_OPEN_MAX file descriptorArthur de Jong2012-05-041-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1678 ef36b2f9-881f-0410-afb5-c4e39611909c
* update copyright yearsArthur de Jong2012-02-291-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1624 ef36b2f9-881f-0410-afb5-c4e39611909c
* clarify error messages and fix typo in commentArthur de Jong2012-01-201-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1605 ef36b2f9-881f-0410-afb5-c4e39611909c
* pass the correct size of named socket address (fixes ↵Arthur de Jong2012-01-171-1/+1
| | | | | | FreeBSD issue, fixes r1295) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1596 ef36b2f9-881f-0410-afb5-c4e39611909c
* Warn if fd cannot be closed in is_locked()Jakub Hrozek2012-01-091-2/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1592 ef36b2f9-881f-0410-afb5-c4e39611909c
* typo fix in commentArthur de Jong2011-12-281-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1575 ef36b2f9-881f-0410-afb5-c4e39611909c
* properly handle failures to truncate the pid fileArthur de Jong2011-12-101-1/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1568 ef36b2f9-881f-0410-afb5-c4e39611909c
* ensure that uid, gid and pid vars are properly ↵Arthur de Jong2011-12-011-5/+7
| | | | | | initialised and log denied requests git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1558 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix r1429 to properly handle absence of RTLD_NODELETEArthur de Jong2011-04-181-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1430 ef36b2f9-881f-0410-afb5-c4e39611909c
* support systems without RTLD_NODELETEArthur de Jong2011-04-181-1/+7
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1429 ef36b2f9-881f-0410-afb5-c4e39611909c
* no longer indefinitely wait for all worker threads to ↵Arthur de Jong2011-03-251-33/+30
| | | | | | finish before exiting (but wait a few seconds on platforms with pthread_timedjoin_np()) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1414 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide a definition of daemon() for systems that lack itArthur de Jong2011-03-231-2/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1403 ef36b2f9-881f-0410-afb5-c4e39611909c
* small code improvementsArthur de Jong2011-03-191-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1400 ef36b2f9-881f-0410-afb5-c4e39611909c