Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/pam.c
Commit message (Collapse)AuthorAgeFilesLines
* various typo and other comment fixes (4b01125, b0785de, ↵Arthur de Jong2013-04-281-2/+2
| | | | | | bfdf7cd, 4689d5f, dba048b, ebe5705 and 122c38d from 0.9) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.8@1950 ef36b2f9-881f-0410-afb5-c4e39611909c
* retry updating the lastChange attribute with the normal ↵Arthur de Jong2013-04-281-3/+6
| | | | | | nslcd LDAP connection if the update with the user's connection failed (2f6f6a2 from 0.9) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd-0.8@1938 ef36b2f9-881f-0410-afb5-c4e39611909c
* rename filter_buffer to filter for consistencyArthur de Jong2012-09-141-6/+6
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1762 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a pam_password_prohibit_message nslcd.conf ↵Arthur de Jong2012-07-081-0/+12
| | | | | | option to deny password change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted Cheng git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1715 ef36b2f9-881f-0410-afb5-c4e39611909c
* log successful password change in nslcd and correctly ↵Arthur de Jong2012-06-151-0/+2
| | | | | | terminate protocol on password change failure git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1703 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow the pam_authz_search option to be specified ↵Arthur de Jong2012-05-041-50/+64
| | | | | | multiple times git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1679 ef36b2f9-881f-0410-afb5-c4e39611909c
* increase buffer for pam_authz_search as suggested by ↵Arthur de Jong2012-03-231-2/+2
| | | | | | Chris J Arges git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1643 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix log message for invalid pam_authz_search as reported ↵Arthur de Jong2012-03-101-1/+1
| | | | | | by Matt Rae git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1628 ef36b2f9-881f-0410-afb5-c4e39611909c
* Do not leak memory if myldap_escape() failsJakub Hrozek2012-01-091-0/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1590 ef36b2f9-881f-0410-afb5-c4e39611909c
* Return from update_username() if myldap_get_values() ↵Jakub Hrozek2012-01-091-0/+3
| | | | | | | | | | | returns invalid value If myldap_get_values() failed for the attmap_passwd_uid, nss-pam-ldapd would dereference a NULL pointer. git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1589 ef36b2f9-881f-0410-afb5-c4e39611909c
* reduce loglevel of user not found messages to avoid ↵Arthur de Jong2011-10-021-1/+1
| | | | | | spamming the logs with useless information (thanks Wakko Warner) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1551 ef36b2f9-881f-0410-afb5-c4e39611909c
* make validation log messages consistentArthur de Jong2011-09-091-14/+21
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1542 ef36b2f9-881f-0410-afb5-c4e39611909c
* correctly only check password expiration when ↵Arthur de Jong2011-06-101-5/+5
| | | | | | authenticating, only check account expiration when doing authorisation check git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1475 ef36b2f9-881f-0410-afb5-c4e39611909c
* check all variables in pam_authz_search to see if they existArthur de Jong2011-06-051-5/+7
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1474 ef36b2f9-881f-0410-afb5-c4e39611909c
* close the nslcd connection to signal LDAP server ↵Arthur de Jong2011-04-301-16/+8
| | | | | | unavailable to PAM module git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1449 ef36b2f9-881f-0410-afb5-c4e39611909c
* improve password change failed error messageArthur de Jong2011-04-301-10/+12
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1447 ef36b2f9-881f-0410-afb5-c4e39611909c
* check shadow properties (similarly to what pam_unix ↵Arthur de Jong2011-04-301-7/+126
| | | | | | does) in the PAM handling code git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1446 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix return value of try_autzsearch() when no match foundArthur de Jong2011-04-301-0/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1444 ef36b2f9-881f-0410-afb5-c4e39611909c
* use the right DN in the pam_authz_search optionArthur de Jong2011-04-301-5/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1443 ef36b2f9-881f-0410-afb5-c4e39611909c
* move most of the code for building the authorisation ↵Arthur de Jong2011-04-291-32/+39
| | | | | | search into the try_autzsearch() function git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1441 ef36b2f9-881f-0410-afb5-c4e39611909c
* make request indicator shorterArthur de Jong2011-04-241-5/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1436 ef36b2f9-881f-0410-afb5-c4e39611909c
* no longer use the userdn parameter passed along with ↵Arthur de Jong2011-04-241-101/+116
| | | | | | each request (this may mean one or two more lookups when doing authentication but simplifies things) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1434 ef36b2f9-881f-0410-afb5-c4e39611909c
* make user and group name validation errors a little more ↵Arthur de Jong2011-04-031-2/+3
| | | | | | informative git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1423 ef36b2f9-881f-0410-afb5-c4e39611909c
* put all HOST_NAME_MAX fallbacks in common.h and fall ↵Arthur de Jong2011-03-121-4/+0
| | | | | | back to _POSIX_HOST_NAME_MAX (thanks Peter Bray) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1390 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix compiler warningArthur de Jong2011-03-091-1/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1383 ef36b2f9-881f-0410-afb5-c4e39611909c
* properly handle user-not-found errors when doing ↵Arthur de Jong2011-03-091-1/+3
| | | | | | authentication (CVE-2011-0438) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1382 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a fqdn variable that can be used inside ↵Arthur de Jong2011-01-291-2/+3
| | | | | | pam_authz_search filters git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1367 ef36b2f9-881f-0410-afb5-c4e39611909c
* try to update the shadowLastChange attribute of a user ↵Arthur de Jong2010-12-261-0/+5
| | | | | | on password change (the update is only tried if the attribute is present to begin with) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1345 ef36b2f9-881f-0410-afb5-c4e39611909c
* always return a positive authorisation result during ↵Arthur de Jong2010-12-121-6/+6
| | | | | | authentication because we don't do any authorisation checks during authentication and this may confuse the PAM module if it's only used for authorisation git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1327 ef36b2f9-881f-0410-afb5-c4e39611909c
* in try_bind(), perform the search ourselves instead of ↵Arthur de Jong2010-12-031-3/+22
| | | | | | using lookup_dn2uid() to also be able to match administrator DNs (thanks to Thaddeus J. Kollar for spotting this) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1318 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix handling of try_bind() result code in ↵Arthur de Jong2010-12-031-3/+3
| | | | | | nslcd_pam_authc() (patch by Thaddeus J. Kollar) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1317 ef36b2f9-881f-0410-afb5-c4e39611909c
* return correct PAM status code for when LDAP server is ↵Arthur de Jong2010-11-171-5/+15
| | | | | | unavailable (based on a patch by Pierre Gambarotto) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1315 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch all internal functions to return an LDAP status codeArthur de Jong2010-11-171-27/+31
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1314 ef36b2f9-881f-0410-afb5-c4e39611909c
* return correct kind of error code from try_pwmod() (bug)Arthur de Jong2010-11-171-1/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1313 ef36b2f9-881f-0410-afb5-c4e39611909c
* log the request with any logged messagesArthur de Jong2010-11-071-0/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1301 ef36b2f9-881f-0410-afb5-c4e39611909c
* avoid unneeded strdup()s by using a passed buffer to ↵Arthur de Jong2010-11-041-10/+5
| | | | | | lookup_dn2uid() and using strcmp() in dn2uid() to see if the existing cached value is ok git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1297 ef36b2f9-881f-0410-afb5-c4e39611909c
* make buffer sizes for PAM requests consistent (and large ↵Arthur de Jong2010-10-131-5/+3
| | | | | | enough for most situations) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1267 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a rootpwmodpw option that allows root users to ↵Arthur de Jong2010-09-051-2/+22
| | | | | | change user passwords without a password prompt git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1206 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix commentArthur de Jong2010-07-181-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1165 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix bug in test (r1127)Arthur de Jong2010-06-011-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1130 ef36b2f9-881f-0410-afb5-c4e39611909c
* add a debug log message when user authentication was ↵Arthur de Jong2010-06-011-0/+2
| | | | | | successful git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1127 ef36b2f9-881f-0410-afb5-c4e39611909c
* make debug logging for pam_authz_search option a little ↵Arthur de Jong2010-05-221-4/+5
| | | | | | more readable git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1113 ef36b2f9-881f-0410-afb5-c4e39611909c
* small compatibility improvementsArthur de Jong2010-05-121-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1100 ef36b2f9-881f-0410-afb5-c4e39611909c
* rename authz_search option to pam_authz_searchArthur de Jong2010-05-081-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1089 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement an authz_search option to test whether the ↵Arthur de Jong2010-05-071-1/+122
| | | | | | user is authorised git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1088 ef36b2f9-881f-0410-afb5-c4e39611909c
* don't have myldap_set_credentials() try to open a ↵Arthur de Jong2010-04-131-10/+12
| | | | | | connection but have the PAM code perform a search with the new credentials so we re-use the fail-over mechanism in myldap_search() git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1079 ef36b2f9-881f-0410-afb5-c4e39611909c
* rename admindn option to rootpwmoddnArthur de Jong2010-02-271-9/+9
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1067 ef36b2f9-881f-0410-afb5-c4e39611909c
* add admindn configuration file option that is used when ↵Arthur de Jong2010-01-241-7/+27
| | | | | | modifying another user's password git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1059 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement password changing in the PAM module by ↵Arthur de Jong2009-10-071-27/+63
| | | | | | performing an LDAP password modify EXOP request git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1000 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix for problem when authenticating to LDAP entries ↵Arthur de Jong2009-09-241-0/+11
| | | | | | without a uid attribute git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@992 ef36b2f9-881f-0410-afb5-c4e39611909c