Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd
Commit message (Collapse)AuthorAgeFilesLines
...
* set maxdays to -1 to indicate no expiry (instead of a ↵Arthur de Jong2011-04-291-1/+1
| | | | | | long time) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1439 ef36b2f9-881f-0410-afb5-c4e39611909c
* make request indicator shorterArthur de Jong2011-04-241-5/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1436 ef36b2f9-881f-0410-afb5-c4e39611909c
* no longer use the userdn parameter passed along with ↵Arthur de Jong2011-04-241-101/+116
| | | | | | each request (this may mean one or two more lookups when doing authentication but simplifies things) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1434 ef36b2f9-881f-0410-afb5-c4e39611909c
* report correct reported error from ldap_abandon()Arthur de Jong2011-04-221-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1431 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix r1429 to properly handle absence of RTLD_NODELETEArthur de Jong2011-04-181-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1430 ef36b2f9-881f-0410-afb5-c4e39611909c
* support systems without RTLD_NODELETEArthur de Jong2011-04-181-1/+7
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1429 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide replacement implementation for strndup() for ↵Arthur de Jong2011-04-152-0/+2
| | | | | | systems that don't have it git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1427 ef36b2f9-881f-0410-afb5-c4e39611909c
* support using the objectSid attribute to provide numeric ↵Arthur de Jong2011-04-154-34/+181
| | | | | | user and group ids, based on a patch by Wesley Mason git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1425 ef36b2f9-881f-0410-afb5-c4e39611909c
* make user and group name validation errors a little more ↵Arthur de Jong2011-04-033-7/+8
| | | | | | informative git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1423 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow usernames of only two charactersArthur de Jong2011-03-311-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1419 ef36b2f9-881f-0410-afb5-c4e39611909c
* no longer indefinitely wait for all worker threads to ↵Arthur de Jong2011-03-251-33/+30
| | | | | | finish before exiting (but wait a few seconds on platforms with pthread_timedjoin_np()) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1414 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a validnames option that can be used to ↵Arthur de Jong2011-03-253-42/+66
| | | | | | fine-tune the test for valid user and group names using a regular expression git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1411 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix descriptions of filesArthur de Jong2011-03-232-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1405 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide a definition of daemon() for systems that lack itArthur de Jong2011-03-231-2/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1403 ef36b2f9-881f-0410-afb5-c4e39611909c
* small code improvementsArthur de Jong2011-03-192-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1400 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove logging functionality that isn't usedArthur de Jong2011-03-192-159/+20
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1399 ef36b2f9-881f-0410-afb5-c4e39611909c
* put all HOST_NAME_MAX fallbacks in common.h and fall ↵Arthur de Jong2011-03-122-4/+4
| | | | | | back to _POSIX_HOST_NAME_MAX (thanks Peter Bray) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1390 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix problem with endless loop on incorrect passwordArthur de Jong2011-03-111-4/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1388 ef36b2f9-881f-0410-afb5-c4e39611909c
* move HOST_NAME_MAX fallback definition to header fileArthur de Jong2011-03-112-4/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1387 ef36b2f9-881f-0410-afb5-c4e39611909c
* update copyright headers to add missing yearsArthur de Jong2011-03-104-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1384 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix compiler warningArthur de Jong2011-03-091-1/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1383 ef36b2f9-881f-0410-afb5-c4e39611909c
* properly handle user-not-found errors when doing ↵Arthur de Jong2011-03-092-3/+15
| | | | | | authentication (CVE-2011-0438) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1382 ef36b2f9-881f-0410-afb5-c4e39611909c
* ensure that session id is only logged while handling a ↵Arthur de Jong2011-03-063-7/+26
| | | | | | connection git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1375 ef36b2f9-881f-0410-afb5-c4e39611909c
* create the directory for the socket and pidfileArthur de Jong2011-02-111-11/+24
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1369 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a fqdn variable that can be used inside ↵Arthur de Jong2011-01-294-52/+86
| | | | | | pam_authz_search filters git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1367 ef36b2f9-881f-0410-afb5-c4e39611909c
* include definition of rc in all code paths because it's ↵Arthur de Jong2011-01-011-3/+1
| | | | | | used most of the time git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1362 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow attribute mapping with an expression for the ↵Arthur de Jong2010-12-286-29/+36
| | | | | | userPassword attribute for passwd, group and shadow entries and by default map it to the unmatchable password ("*") to avoid accidentally leaking password information git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1346 ef36b2f9-881f-0410-afb5-c4e39611909c
* try to update the shadowLastChange attribute of a user ↵Arthur de Jong2010-12-265-1/+90
| | | | | | on password change (the update is only tried if the attribute is present to begin with) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1345 ef36b2f9-881f-0410-afb5-c4e39611909c
* also support the tls_cacert option as an alias for ↵Arthur de Jong2010-12-261-1/+2
| | | | | | tls_cacertfile git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1342 ef36b2f9-881f-0410-afb5-c4e39611909c
* also support tilde (~) in user and group names, except ↵Arthur de Jong2010-12-241-1/+1
| | | | | | as first character git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1340 ef36b2f9-881f-0410-afb5-c4e39611909c
* make logic of character tests easier to readArthur de Jong2010-12-241-7/+14
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1339 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a nss_min_uid option to filter user entries ↵Arthur de Jong2010-12-204-21/+77
| | | | | | returned by LDAP git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1338 ef36b2f9-881f-0410-afb5-c4e39611909c
* pass the ld to do_bind() instead of the session to use ↵Arthur de Jong2010-12-121-14/+18
| | | | | | the correct ld from do_rebind() git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1328 ef36b2f9-881f-0410-afb5-c4e39611909c
* always return a positive authorisation result during ↵Arthur de Jong2010-12-121-6/+6
| | | | | | authentication because we don't do any authorisation checks during authentication and this may confuse the PAM module if it's only used for authorisation git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1327 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix commentArthur de Jong2010-12-121-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1325 ef36b2f9-881f-0410-afb5-c4e39611909c
* in each worker wake up once in a while to check whether ↵Arthur de Jong2010-12-083-12/+54
| | | | | | any existing LDAP connections should be closed git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1319 ef36b2f9-881f-0410-afb5-c4e39611909c
* in try_bind(), perform the search ourselves instead of ↵Arthur de Jong2010-12-031-3/+22
| | | | | | using lookup_dn2uid() to also be able to match administrator DNs (thanks to Thaddeus J. Kollar for spotting this) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1318 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix handling of try_bind() result code in ↵Arthur de Jong2010-12-031-3/+3
| | | | | | nslcd_pam_authc() (patch by Thaddeus J. Kollar) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1317 ef36b2f9-881f-0410-afb5-c4e39611909c
* close all open file descriptors on startArthur de Jong2010-11-261-0/+8
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1316 ef36b2f9-881f-0410-afb5-c4e39611909c
* return correct PAM status code for when LDAP server is ↵Arthur de Jong2010-11-173-9/+19
| | | | | | unavailable (based on a patch by Pierre Gambarotto) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1315 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch all internal functions to return an LDAP status codeArthur de Jong2010-11-171-27/+31
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1314 ef36b2f9-881f-0410-afb5-c4e39611909c
* return correct kind of error code from try_pwmod() (bug)Arthur de Jong2010-11-171-1/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1313 ef36b2f9-881f-0410-afb5-c4e39611909c
* log the request with any logged messagesArthur de Jong2010-11-0715-73/+111
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1301 ef36b2f9-881f-0410-afb5-c4e39611909c
* move acceptconnection() function body inside the ↵Arthur de Jong2010-11-041-51/+63
| | | | | | worker() so we can more easily break out of the connection handling thread, close the server socket inside the signal handler to cause all threads waiting on accept() to fail and ensure that signals are handled in the main thread by blocking them in the worker threads (r1290 from -solaris branch) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1298 ef36b2f9-881f-0410-afb5-c4e39611909c
* avoid unneeded strdup()s by using a passed buffer to ↵Arthur de Jong2010-11-043-26/+27
| | | | | | lookup_dn2uid() and using strcmp() in dn2uid() to see if the existing cached value is ok git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1297 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix race condition that could cause a memory leakArthur de Jong2010-11-041-0/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1296 ef36b2f9-881f-0410-afb5-c4e39611909c
* pass the actual size of the address family and the path ↵Arthur de Jong2010-11-041-1/+1
| | | | | | length to bind() and connect() for named sockets git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1295 ef36b2f9-881f-0410-afb5-c4e39611909c
* call myldap_session_check() before adding a new search ↵Arthur de Jong2010-11-031-2/+2
| | | | | | to the session so the connection actually gets closed on timeout (the connection isn't closed when there are active searches) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1294 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix log messageArthur de Jong2010-10-161-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1287 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove obsolete noteArthur de Jong2010-10-161-2/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1286 ef36b2f9-881f-0410-afb5-c4e39611909c