Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/passwd.c
Commit message (Collapse)AuthorAgeFilesLines
* Various spelling fixesArthur de Jong2019-09-171-1/+1
|
* Add the ability to offset UID and GID numbersSeth Wright2017-06-201-0/+3
|
* Fix and clarify a few commentsArthur de Jong2017-06-181-2/+2
|
* Log entries and lookups failing nss_min_uidArthur de Jong2017-06-071-2/+15
| | | | | | This logs (at debug level) any LDAP uidNumber attribute values (or translated objectSid attribute values) that are lower than nss_min_uid. It also logs getpwuid() requests for such uids.
* uid_t/gid_t should be formatted as unsigned longJason Luan2014-09-301-2/+2
| | | | | | | | | mmkfilter_passwd_byuid()/mkfilter_group_bygid() get wrong filter string because "%d" will return negative when uid/gid larger than 2^31, and result to "Authentiction failure". This also changes the other places where uid_t or gid_t values are formatted.
* Make buffer size error logging consistentArthur de Jong2014-05-041-1/+4
| | | | | This adds logging of most cases where a defined buffer is not large enough to hold provided data on error log level.
* Use dn2uid cache optionsArthur de Jong2013-12-211-4/+7
| | | | | The configuration values are used in the cache to determine positive and negative hit TTLs. This also allows completely disabling the cache.
* Have positive and negative cache timeoutsArthur de Jong2013-12-211-9/+18
| | | | | The positive value determines the time a found entry is valid, the negative timeout determines the lifetime of not found entries.
* Centralise buffer sizesArthur de Jong2013-12-181-6/+6
| | | | | | Common buffer sizes are now stored centrally so it can be easily and consistently updated if required. Some buffers remain with locally defined sizes that do not match a global buffer size.
* Increase password buffer sizeBersl2013-08-281-1/+1
| | | | With the smaller buffers some password hashes would be truncated.
* check result of set_tolist() to ensure that memory ↵Arthur de Jong2013-01-121-1/+6
| | | | | | allocation problems are logged git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1911 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove the ldc_ prefix from struct ldap_config fieldsArthur de Jong2012-12-301-6/+6
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
* move the action argument to NSLCD_HANDLE to the frontArthur de Jong2012-12-231-6/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1877 ef36b2f9-881f-0410-afb5-c4e39611909c
* update C coding style to a more commonly used styleArthur de Jong2012-12-221-218/+214
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
* don't process the passwd_byuid request at all for uids < ↵Arthur de Jong2012-12-201-0/+1
| | | | | | nss_min_uid git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1870 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch protocol from host byte order to network byte ↵Arthur de Jong2012-12-161-3/+3
| | | | | | order and switch use of uid_t and gid_t in the protocol to int32 git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1864 ef36b2f9-881f-0410-afb5-c4e39611909c
* move all nsswitch-parsing related functions to nsswitch.cArthur de Jong2012-11-251-55/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1840 ef36b2f9-881f-0410-afb5-c4e39611909c
* ensure that values are logged as unsigned numbersArthur de Jong2012-11-221-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1838 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix problem storing negative hit to dn2uid cache (thanks ↵Arthur de Jong2012-09-161-1/+1
| | | | | | scan-build) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1771 ef36b2f9-881f-0410-afb5-c4e39611909c
* only check nsswitch.conf for shadow mapping on glibc ↵Arthur de Jong2012-09-151-0/+10
| | | | | | (Solaris shadow map follows passwd's mapping and FreeBSD doesn't have shadow at all) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1768 ef36b2f9-881f-0410-afb5-c4e39611909c
* grow all search filter buffers to 4096 bytes (thanks flavio)Arthur de Jong2012-09-141-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1763 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement extra range checking of all numeric valuesArthur de Jong2012-05-201-7/+7
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1694 ef36b2f9-881f-0410-afb5-c4e39611909c
* make whether or not to do case-sensitive filtering ↵Arthur de Jong2012-03-131-1/+1
| | | | | | configurable (patch by Matthew L. Dailey) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1634 ef36b2f9-881f-0410-afb5-c4e39611909c
* ensure that /etc/nsswitch.conf is only loaded once after ↵Arthur de Jong2011-11-301-1/+2
| | | | | | start-up git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1557 ef36b2f9-881f-0410-afb5-c4e39611909c
* Use an explicit base of 10 for ↵Jakub Hrozek2011-09-301-3/+3
| | | | | | strtouid()/strtogid()/strtol() calls git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1547 ef36b2f9-881f-0410-afb5-c4e39611909c
* make validation log messages consistentArthur de Jong2011-09-091-17/+20
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1542 ef36b2f9-881f-0410-afb5-c4e39611909c
* grow gecos buffer size and consistency improvements to ↵Arthur de Jong2011-09-081-3/+3
| | | | | | other buffers git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1540 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide strtouid() and strtogid() functions that use ↵Arthur de Jong2011-08-271-3/+3
| | | | | | strtoul() or strtoull() (thanks Jakub Hrozek) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1524 ef36b2f9-881f-0410-afb5-c4e39611909c
* check errno after calls to strtol() to ensure that ↵Arthur de Jong2011-08-271-0/+21
| | | | | | numbers that are too large for type will be reported (thanks Jakub Hrozek) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1523 ef36b2f9-881f-0410-afb5-c4e39611909c
* check nsswitch.conf mtime to see whether file should be ↵Arthur de Jong2011-08-091-6/+41
| | | | | | reloaded git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1495 ef36b2f9-881f-0410-afb5-c4e39611909c
* check whether the NSS shadow map queries LDAP before ↵Arthur de Jong2011-08-051-3/+14
| | | | | | returning x as a password has for shadow users git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1487 ef36b2f9-881f-0410-afb5-c4e39611909c
* implementation of myldap_get_values_len() to use ↵Arthur de Jong2011-08-051-3/+3
| | | | | | ldap_get_values_len() instead of ldap_get_values() to fix some problems with binary data in returned attribute values (patch by Wesley Mason) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1485 ef36b2f9-881f-0410-afb5-c4e39611909c
* make buffer sizes consistent, grow gidNumber buffer to ↵Arthur de Jong2011-07-021-2/+2
| | | | | | hold larger numbers and small consistency improvements git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1476 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide replacement implementation for strndup() for ↵Arthur de Jong2011-04-151-0/+1
| | | | | | systems that don't have it git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1427 ef36b2f9-881f-0410-afb5-c4e39611909c
* support using the objectSid attribute to provide numeric ↵Arthur de Jong2011-04-151-24/+79
| | | | | | user and group ids, based on a patch by Wesley Mason git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1425 ef36b2f9-881f-0410-afb5-c4e39611909c
* make user and group name validation errors a little more ↵Arthur de Jong2011-04-031-2/+2
| | | | | | informative git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1423 ef36b2f9-881f-0410-afb5-c4e39611909c
* properly handle user-not-found errors when doing ↵Arthur de Jong2011-03-091-2/+12
| | | | | | authentication (CVE-2011-0438) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1382 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow attribute mapping with an expression for the ↵Arthur de Jong2010-12-281-2/+3
| | | | | | userPassword attribute for passwd, group and shadow entries and by default map it to the unmatchable password ("*") to avoid accidentally leaking password information git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1346 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a nss_min_uid option to filter user entries ↵Arthur de Jong2010-12-201-20/+69
| | | | | | returned by LDAP git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1338 ef36b2f9-881f-0410-afb5-c4e39611909c
* return correct PAM status code for when LDAP server is ↵Arthur de Jong2010-11-171-3/+3
| | | | | | unavailable (based on a patch by Pierre Gambarotto) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1315 ef36b2f9-881f-0410-afb5-c4e39611909c
* log the request with any logged messagesArthur de Jong2010-11-071-6/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1301 ef36b2f9-881f-0410-afb5-c4e39611909c
* avoid unneeded strdup()s by using a passed buffer to ↵Arthur de Jong2010-11-041-15/+21
| | | | | | lookup_dn2uid() and using strcmp() in dn2uid() to see if the existing cached value is ok git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1297 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix race condition that could cause a memory leakArthur de Jong2010-11-041-0/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1296 ef36b2f9-881f-0410-afb5-c4e39611909c
* tune some buffer sizes and small cleanupsArthur de Jong2010-05-071-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1087 ef36b2f9-881f-0410-afb5-c4e39611909c
* also have myldap_search() return an LDAP status codeArthur de Jong2010-04-131-16/+11
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1078 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement attribute mapping using shell-like expressionsArthur de Jong2009-12-281-76/+28
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1041 ef36b2f9-881f-0410-afb5-c4e39611909c
* give search filter escaping buffers more logical namesArthur de Jong2009-11-011-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1014 ef36b2f9-881f-0410-afb5-c4e39611909c
* rename software to nss-pam-ldapdArthur de Jong2009-08-311-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@978 ef36b2f9-881f-0410-afb5-c4e39611909c
* don't return password hashes at all for non-root users, ↵Arthur de Jong2009-08-121-8/+8
| | | | | | based on a patch by Alexander V. Chernikov <melifaro@ipfw.ru> git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@969 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix off by one error in the maximum number of uidNumber ↵Arthur de Jong2009-06-291-1/+1
| | | | | | attributes in an LDAP entry (thanks to David Binderman for finding this) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@956 ef36b2f9-881f-0410-afb5-c4e39611909c