Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd
Commit message (Collapse)AuthorAgeFilesLines
* no longer indefinitely wait for all worker threads to ↵Arthur de Jong2011-03-251-33/+30
| | | | | | finish before exiting (but wait a few seconds on platforms with pthread_timedjoin_np()) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1414 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a validnames option that can be used to ↵Arthur de Jong2011-03-253-42/+66
| | | | | | fine-tune the test for valid user and group names using a regular expression git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1411 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix descriptions of filesArthur de Jong2011-03-232-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1405 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide a definition of daemon() for systems that lack itArthur de Jong2011-03-231-2/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1403 ef36b2f9-881f-0410-afb5-c4e39611909c
* small code improvementsArthur de Jong2011-03-192-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1400 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove logging functionality that isn't usedArthur de Jong2011-03-192-159/+20
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1399 ef36b2f9-881f-0410-afb5-c4e39611909c
* put all HOST_NAME_MAX fallbacks in common.h and fall ↵Arthur de Jong2011-03-122-4/+4
| | | | | | back to _POSIX_HOST_NAME_MAX (thanks Peter Bray) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1390 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix problem with endless loop on incorrect passwordArthur de Jong2011-03-111-4/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1388 ef36b2f9-881f-0410-afb5-c4e39611909c
* move HOST_NAME_MAX fallback definition to header fileArthur de Jong2011-03-112-4/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1387 ef36b2f9-881f-0410-afb5-c4e39611909c
* update copyright headers to add missing yearsArthur de Jong2011-03-104-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1384 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix compiler warningArthur de Jong2011-03-091-1/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1383 ef36b2f9-881f-0410-afb5-c4e39611909c
* properly handle user-not-found errors when doing ↵Arthur de Jong2011-03-092-3/+15
| | | | | | authentication (CVE-2011-0438) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1382 ef36b2f9-881f-0410-afb5-c4e39611909c
* ensure that session id is only logged while handling a ↵Arthur de Jong2011-03-063-7/+26
| | | | | | connection git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1375 ef36b2f9-881f-0410-afb5-c4e39611909c
* create the directory for the socket and pidfileArthur de Jong2011-02-111-11/+24
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1369 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a fqdn variable that can be used inside ↵Arthur de Jong2011-01-294-52/+86
| | | | | | pam_authz_search filters git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1367 ef36b2f9-881f-0410-afb5-c4e39611909c
* include definition of rc in all code paths because it's ↵Arthur de Jong2011-01-011-3/+1
| | | | | | used most of the time git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1362 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow attribute mapping with an expression for the ↵Arthur de Jong2010-12-286-29/+36
| | | | | | userPassword attribute for passwd, group and shadow entries and by default map it to the unmatchable password ("*") to avoid accidentally leaking password information git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1346 ef36b2f9-881f-0410-afb5-c4e39611909c
* try to update the shadowLastChange attribute of a user ↵Arthur de Jong2010-12-265-1/+90
| | | | | | on password change (the update is only tried if the attribute is present to begin with) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1345 ef36b2f9-881f-0410-afb5-c4e39611909c
* also support the tls_cacert option as an alias for ↵Arthur de Jong2010-12-261-1/+2
| | | | | | tls_cacertfile git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1342 ef36b2f9-881f-0410-afb5-c4e39611909c
* also support tilde (~) in user and group names, except ↵Arthur de Jong2010-12-241-1/+1
| | | | | | as first character git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1340 ef36b2f9-881f-0410-afb5-c4e39611909c
* make logic of character tests easier to readArthur de Jong2010-12-241-7/+14
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1339 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a nss_min_uid option to filter user entries ↵Arthur de Jong2010-12-204-21/+77
| | | | | | returned by LDAP git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1338 ef36b2f9-881f-0410-afb5-c4e39611909c
* pass the ld to do_bind() instead of the session to use ↵Arthur de Jong2010-12-121-14/+18
| | | | | | the correct ld from do_rebind() git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1328 ef36b2f9-881f-0410-afb5-c4e39611909c
* always return a positive authorisation result during ↵Arthur de Jong2010-12-121-6/+6
| | | | | | authentication because we don't do any authorisation checks during authentication and this may confuse the PAM module if it's only used for authorisation git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1327 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix commentArthur de Jong2010-12-121-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1325 ef36b2f9-881f-0410-afb5-c4e39611909c
* in each worker wake up once in a while to check whether ↵Arthur de Jong2010-12-083-12/+54
| | | | | | any existing LDAP connections should be closed git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1319 ef36b2f9-881f-0410-afb5-c4e39611909c
* in try_bind(), perform the search ourselves instead of ↵Arthur de Jong2010-12-031-3/+22
| | | | | | using lookup_dn2uid() to also be able to match administrator DNs (thanks to Thaddeus J. Kollar for spotting this) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1318 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix handling of try_bind() result code in ↵Arthur de Jong2010-12-031-3/+3
| | | | | | nslcd_pam_authc() (patch by Thaddeus J. Kollar) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1317 ef36b2f9-881f-0410-afb5-c4e39611909c
* close all open file descriptors on startArthur de Jong2010-11-261-0/+8
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1316 ef36b2f9-881f-0410-afb5-c4e39611909c
* return correct PAM status code for when LDAP server is ↵Arthur de Jong2010-11-173-9/+19
| | | | | | unavailable (based on a patch by Pierre Gambarotto) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1315 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch all internal functions to return an LDAP status codeArthur de Jong2010-11-171-27/+31
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1314 ef36b2f9-881f-0410-afb5-c4e39611909c
* return correct kind of error code from try_pwmod() (bug)Arthur de Jong2010-11-171-1/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1313 ef36b2f9-881f-0410-afb5-c4e39611909c
* log the request with any logged messagesArthur de Jong2010-11-0715-73/+111
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1301 ef36b2f9-881f-0410-afb5-c4e39611909c
* move acceptconnection() function body inside the ↵Arthur de Jong2010-11-041-51/+63
| | | | | | worker() so we can more easily break out of the connection handling thread, close the server socket inside the signal handler to cause all threads waiting on accept() to fail and ensure that signals are handled in the main thread by blocking them in the worker threads (r1290 from -solaris branch) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1298 ef36b2f9-881f-0410-afb5-c4e39611909c
* avoid unneeded strdup()s by using a passed buffer to ↵Arthur de Jong2010-11-043-26/+27
| | | | | | lookup_dn2uid() and using strcmp() in dn2uid() to see if the existing cached value is ok git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1297 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix race condition that could cause a memory leakArthur de Jong2010-11-041-0/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1296 ef36b2f9-881f-0410-afb5-c4e39611909c
* pass the actual size of the address family and the path ↵Arthur de Jong2010-11-041-1/+1
| | | | | | length to bind() and connect() for named sockets git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1295 ef36b2f9-881f-0410-afb5-c4e39611909c
* call myldap_session_check() before adding a new search ↵Arthur de Jong2010-11-031-2/+2
| | | | | | to the session so the connection actually gets closed on timeout (the connection isn't closed when there are active searches) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1294 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix log messageArthur de Jong2010-10-161-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1287 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove obsolete noteArthur de Jong2010-10-161-2/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1286 ef36b2f9-881f-0410-afb5-c4e39611909c
* set a longer socket timout for the normal connection ↵Arthur de Jong2010-10-151-19/+23
| | | | | | (just in case mostly) and a short one to use when shutting down the connection (also see http://www.openldap.org/its/index.cgi?selectid=6673) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1276 ef36b2f9-881f-0410-afb5-c4e39611909c
* simplify SASL includesArthur de Jong2010-10-141-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1271 ef36b2f9-881f-0410-afb5-c4e39611909c
* make buffer sizes for PAM requests consistent (and large ↵Arthur de Jong2010-10-131-5/+3
| | | | | | enough for most situations) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1267 ef36b2f9-881f-0410-afb5-c4e39611909c
* set timeout options on LDAP socket to avoid problems ↵Arthur de Jong2010-10-121-0/+11
| | | | | | when the LDAP library hangs on a read() (e.g. at ldap_unbind()) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1264 ef36b2f9-881f-0410-afb5-c4e39611909c
* make use of UNUSED() consistent throughout the codeArthur de Jong2010-10-101-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1256 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove variables which are no longer necessary due to r1220Arthur de Jong2010-09-271-2/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1221 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove disabling keepalives since we handle SIGPIPE anywayArthur de Jong2010-09-271-6/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1220 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove ugly empty lineArthur de Jong2010-09-261-1/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1219 ef36b2f9-881f-0410-afb5-c4e39611909c
* update description of group schema supportedArthur de Jong2010-09-261-5/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1217 ef36b2f9-881f-0410-afb5-c4e39611909c
* add some more error cases which should trigger a disconnectArthur de Jong2010-09-231-1/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1208 ef36b2f9-881f-0410-afb5-c4e39611909c