Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/pam.c
Commit message (Collapse)AuthorAgeFilesLines
* Various spelling fixesArthur de Jong2019-09-171-1/+1
|
* Make password expiry messages correct and consistentArthur de Jong2018-08-061-6/+6
| | | | | Thanks to Têko Mihinto. See https://bugzilla.redhat.com/show_bug.cgi?id=1612543
* Add domain variable for use in pam_authz_searchArthur de Jong2018-07-211-2/+6
| | | | | | | | | This adds a domain variable (if it can be determined on the system) that can be used in pam_authz_search and pam_authc_search filters to build search filters that search on the domain name (the FQDN without the starting host name). Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/8
* Allow skipping post-authentication search altogetherArthur de Jong2017-06-151-1/+1
|
* Implement myldap_bind() functionArthur de Jong2017-06-151-63/+44
| | | | | | | | | | | | | This function integrates the myldap_set_credentials() and myldap_get_policy_response() and performs the bind operation witout actually performing a search. The function performs a "fake" search that returns after performing the LDAP BIND operation. This replaces a number of dummy search operations that were there to ensure that the connection was open. This allows us to skip the search operation after authentication.
* Implement handling of pam_authc_search optionArthur de Jong2017-06-151-13/+42
| | | | | This allows performing a different, configurable search from the default BASE search after the BIND operation.
* Add pam_authc_search option parsingArthur de Jong2017-06-151-1/+1
|
* Reorganise PAM search var building functionsArthur de Jong2017-06-141-118/+133
| | | | | | | | | | This moves the autzsearch_var_add(), autzsearch_vars_free(), autzsearch_var_get() and do_autzsearches() functions to the top of the file using more generic names and introduces search_vars_new() in prepartion of other similar searches. This also renames the remaining authzsearch functions to authz_search to be consistent with the pam_authz_search option.
* Also honor ignorecase in PAMArthur de Jong2016-06-031-1/+1
| | | | | | | This avoids changing the cannonical username to the value as specified in LDAP when ignorecase is used. See https://github.com/arthurdejong/nss-pam-ldapd/issues/12
* Fix error handling on credential changeArthur de Jong2016-01-061-2/+4
| | | | | This fixes setting the correct LDAP error code and also fixes formatting in 027df03.
* Fix updating of 'shadowLastChange' attribute when ↵Vasilis Tsiligiannis2015-12-231-0/+9
| | | | | | | | | | chasing referrals This fixes a bug where 'shadowLastChange' attribute cannot be updated when chasing a referral. After a password is succesfully changed, the credentials for binding should also be updated with the new password for the session. Signed-off-by: Vasilis Tsiligiannis <vasilis.tsiligiannis@nokia.com>
* Fix password modification by rootArthur de Jong2014-06-061-1/+1
| | | | This fixes 15fc13c.
* Clear buffers before free-ingArthur de Jong2014-05-171-0/+16
| | | | | This clears most buffers that may hold credentials at one point before free()ing the memory.
* Improve error logging of user login failuresArthur de Jong2014-05-041-2/+2
|
* Make buffer size error logging consistentArthur de Jong2014-05-041-1/+1
| | | | | This adds logging of most cases where a defined buffer is not large enough to hold provided data on error log level.
* Warn when binddn buffer is too smallArthur de Jong2014-05-041-3/+11
|
* Centralise buffer sizesArthur de Jong2013-12-181-14/+14
| | | | | | Common buffer sizes are now stored centrally so it can be easily and consistently updated if required. Some buffers remain with locally defined sizes that do not match a global buffer size.
* Fix a number of compiler warningsArthur de Jong2013-10-291-3/+3
| | | | | This includes a number of small fixes for issues that were formerly masked by the incorrect AC_LANG_PROGRAM check.
* return the password policy bind information via PAMArthur de Jong2013-03-031-3/+12
|
* log a more meaningful error in nslcd when trying to ↵Arthur de Jong2013-03-011-1/+7
| | | | authenticate as administrator when rootpwmoddn is not set
* move update_lastchange() function from shadow to pam codeArthur de Jong2013-03-011-0/+68
|
* perform search for pam_authz_search on all search basesArthur de Jong2013-01-061-32/+44
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1903 ef36b2f9-881f-0410-afb5-c4e39611909c
* log and return a diagnostic message instead of just the ↵Arthur de Jong2013-01-011-6/+17
| | | | | | LDAP error on password change failure git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1895 ef36b2f9-881f-0410-afb5-c4e39611909c
* retry updating the lastChange attribute with the normal ↵Arthur de Jong2013-01-011-3/+6
| | | | | | nslcd LDAP connection if the update with the user's connection failed git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1894 ef36b2f9-881f-0410-afb5-c4e39611909c
* reorganise and rename configuration options to be in ↵Arthur de Jong2012-12-301-3/+3
| | | | | | line with manual page git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1888 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove the ldc_ prefix from struct ldap_config fieldsArthur de Jong2012-12-301-15/+15
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix typo in commentArthur de Jong2012-12-241-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1878 ef36b2f9-881f-0410-afb5-c4e39611909c
* update C coding style to a more commonly used styleArthur de Jong2012-12-221-313/+328
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
* change PAM protocol to be more consistent and simplerArthur de Jong2012-12-161-58/+42
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1865 ef36b2f9-881f-0410-afb5-c4e39611909c
* rename filter_buffer to filter for consistencyArthur de Jong2012-09-141-6/+6
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1762 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a pam_password_prohibit_message nslcd.conf ↵Arthur de Jong2012-07-081-0/+12
| | | | | | option to deny password change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted Cheng git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1715 ef36b2f9-881f-0410-afb5-c4e39611909c
* log successful password change in nslcd and correctly ↵Arthur de Jong2012-06-151-0/+2
| | | | | | terminate protocol on password change failure git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1703 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow the pam_authz_search option to be specified ↵Arthur de Jong2012-05-041-50/+64
| | | | | | multiple times git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1679 ef36b2f9-881f-0410-afb5-c4e39611909c
* increase buffer for pam_authz_search as suggested by ↵Arthur de Jong2012-03-231-2/+2
| | | | | | Chris J Arges git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1643 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix log message for invalid pam_authz_search as reported ↵Arthur de Jong2012-03-101-1/+1
| | | | | | by Matt Rae git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1628 ef36b2f9-881f-0410-afb5-c4e39611909c
* Do not leak memory if myldap_escape() failsJakub Hrozek2012-01-091-0/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1590 ef36b2f9-881f-0410-afb5-c4e39611909c
* Return from update_username() if myldap_get_values() ↵Jakub Hrozek2012-01-091-0/+3
| | | | | | | | | | | returns invalid value If myldap_get_values() failed for the attmap_passwd_uid, nss-pam-ldapd would dereference a NULL pointer. git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1589 ef36b2f9-881f-0410-afb5-c4e39611909c
* reduce loglevel of user not found messages to avoid ↵Arthur de Jong2011-10-021-1/+1
| | | | | | spamming the logs with useless information (thanks Wakko Warner) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1551 ef36b2f9-881f-0410-afb5-c4e39611909c
* make validation log messages consistentArthur de Jong2011-09-091-14/+21
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1542 ef36b2f9-881f-0410-afb5-c4e39611909c
* correctly only check password expiration when ↵Arthur de Jong2011-06-101-5/+5
| | | | | | authenticating, only check account expiration when doing authorisation check git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1475 ef36b2f9-881f-0410-afb5-c4e39611909c
* check all variables in pam_authz_search to see if they existArthur de Jong2011-06-051-5/+7
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1474 ef36b2f9-881f-0410-afb5-c4e39611909c
* close the nslcd connection to signal LDAP server ↵Arthur de Jong2011-04-301-16/+8
| | | | | | unavailable to PAM module git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1449 ef36b2f9-881f-0410-afb5-c4e39611909c
* improve password change failed error messageArthur de Jong2011-04-301-10/+12
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1447 ef36b2f9-881f-0410-afb5-c4e39611909c
* check shadow properties (similarly to what pam_unix ↵Arthur de Jong2011-04-301-7/+126
| | | | | | does) in the PAM handling code git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1446 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix return value of try_autzsearch() when no match foundArthur de Jong2011-04-301-0/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1444 ef36b2f9-881f-0410-afb5-c4e39611909c
* use the right DN in the pam_authz_search optionArthur de Jong2011-04-301-5/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1443 ef36b2f9-881f-0410-afb5-c4e39611909c
* move most of the code for building the authorisation ↵Arthur de Jong2011-04-291-32/+39
| | | | | | search into the try_autzsearch() function git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1441 ef36b2f9-881f-0410-afb5-c4e39611909c
* make request indicator shorterArthur de Jong2011-04-241-5/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1436 ef36b2f9-881f-0410-afb5-c4e39611909c
* no longer use the userdn parameter passed along with ↵Arthur de Jong2011-04-241-101/+116
| | | | | | each request (this may mean one or two more lookups when doing authentication but simplifies things) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1434 ef36b2f9-881f-0410-afb5-c4e39611909c
* make user and group name validation errors a little more ↵Arthur de Jong2011-04-031-2/+3
| | | | | | informative git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1423 ef36b2f9-881f-0410-afb5-c4e39611909c