Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd
Commit message (Collapse)AuthorAgeFilesLines
* close the nslcd connection to signal LDAP server ↵Arthur de Jong2011-04-301-16/+8
| | | | | | unavailable to PAM module git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1449 ef36b2f9-881f-0410-afb5-c4e39611909c
* improve password change failed error messageArthur de Jong2011-04-301-10/+12
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1447 ef36b2f9-881f-0410-afb5-c4e39611909c
* check shadow properties (similarly to what pam_unix ↵Arthur de Jong2011-04-303-10/+172
| | | | | | does) in the PAM handling code git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1446 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix return value of try_autzsearch() when no match foundArthur de Jong2011-04-301-0/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1444 ef36b2f9-881f-0410-afb5-c4e39611909c
* use the right DN in the pam_authz_search optionArthur de Jong2011-04-301-5/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1443 ef36b2f9-881f-0410-afb5-c4e39611909c
* move code for getting shadow expiry properties to a ↵Arthur de Jong2011-04-301-36/+37
| | | | | | separate function git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1442 ef36b2f9-881f-0410-afb5-c4e39611909c
* move most of the code for building the authorisation ↵Arthur de Jong2011-04-291-32/+39
| | | | | | search into the try_autzsearch() function git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1441 ef36b2f9-881f-0410-afb5-c4e39611909c
* set maxdays to -1 to indicate no expiry (instead of a ↵Arthur de Jong2011-04-291-1/+1
| | | | | | long time) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1439 ef36b2f9-881f-0410-afb5-c4e39611909c
* make request indicator shorterArthur de Jong2011-04-241-5/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1436 ef36b2f9-881f-0410-afb5-c4e39611909c
* no longer use the userdn parameter passed along with ↵Arthur de Jong2011-04-241-101/+116
| | | | | | each request (this may mean one or two more lookups when doing authentication but simplifies things) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1434 ef36b2f9-881f-0410-afb5-c4e39611909c
* report correct reported error from ldap_abandon()Arthur de Jong2011-04-221-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1431 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix r1429 to properly handle absence of RTLD_NODELETEArthur de Jong2011-04-181-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1430 ef36b2f9-881f-0410-afb5-c4e39611909c
* support systems without RTLD_NODELETEArthur de Jong2011-04-181-1/+7
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1429 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide replacement implementation for strndup() for ↵Arthur de Jong2011-04-152-0/+2
| | | | | | systems that don't have it git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1427 ef36b2f9-881f-0410-afb5-c4e39611909c
* support using the objectSid attribute to provide numeric ↵Arthur de Jong2011-04-154-34/+181
| | | | | | user and group ids, based on a patch by Wesley Mason git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1425 ef36b2f9-881f-0410-afb5-c4e39611909c
* make user and group name validation errors a little more ↵Arthur de Jong2011-04-033-7/+8
| | | | | | informative git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1423 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow usernames of only two charactersArthur de Jong2011-03-311-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1419 ef36b2f9-881f-0410-afb5-c4e39611909c
* no longer indefinitely wait for all worker threads to ↵Arthur de Jong2011-03-251-33/+30
| | | | | | finish before exiting (but wait a few seconds on platforms with pthread_timedjoin_np()) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1414 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a validnames option that can be used to ↵Arthur de Jong2011-03-253-42/+66
| | | | | | fine-tune the test for valid user and group names using a regular expression git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1411 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix descriptions of filesArthur de Jong2011-03-232-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1405 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide a definition of daemon() for systems that lack itArthur de Jong2011-03-231-2/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1403 ef36b2f9-881f-0410-afb5-c4e39611909c
* small code improvementsArthur de Jong2011-03-192-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1400 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove logging functionality that isn't usedArthur de Jong2011-03-192-159/+20
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1399 ef36b2f9-881f-0410-afb5-c4e39611909c
* put all HOST_NAME_MAX fallbacks in common.h and fall ↵Arthur de Jong2011-03-122-4/+4
| | | | | | back to _POSIX_HOST_NAME_MAX (thanks Peter Bray) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1390 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix problem with endless loop on incorrect passwordArthur de Jong2011-03-111-4/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1388 ef36b2f9-881f-0410-afb5-c4e39611909c
* move HOST_NAME_MAX fallback definition to header fileArthur de Jong2011-03-112-4/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1387 ef36b2f9-881f-0410-afb5-c4e39611909c
* update copyright headers to add missing yearsArthur de Jong2011-03-104-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1384 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix compiler warningArthur de Jong2011-03-091-1/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1383 ef36b2f9-881f-0410-afb5-c4e39611909c
* properly handle user-not-found errors when doing ↵Arthur de Jong2011-03-092-3/+15
| | | | | | authentication (CVE-2011-0438) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1382 ef36b2f9-881f-0410-afb5-c4e39611909c
* ensure that session id is only logged while handling a ↵Arthur de Jong2011-03-063-7/+26
| | | | | | connection git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1375 ef36b2f9-881f-0410-afb5-c4e39611909c
* create the directory for the socket and pidfileArthur de Jong2011-02-111-11/+24
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1369 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a fqdn variable that can be used inside ↵Arthur de Jong2011-01-294-52/+86
| | | | | | pam_authz_search filters git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1367 ef36b2f9-881f-0410-afb5-c4e39611909c
* include definition of rc in all code paths because it's ↵Arthur de Jong2011-01-011-3/+1
| | | | | | used most of the time git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1362 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow attribute mapping with an expression for the ↵Arthur de Jong2010-12-286-29/+36
| | | | | | userPassword attribute for passwd, group and shadow entries and by default map it to the unmatchable password ("*") to avoid accidentally leaking password information git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1346 ef36b2f9-881f-0410-afb5-c4e39611909c
* try to update the shadowLastChange attribute of a user ↵Arthur de Jong2010-12-265-1/+90
| | | | | | on password change (the update is only tried if the attribute is present to begin with) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1345 ef36b2f9-881f-0410-afb5-c4e39611909c
* also support the tls_cacert option as an alias for ↵Arthur de Jong2010-12-261-1/+2
| | | | | | tls_cacertfile git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1342 ef36b2f9-881f-0410-afb5-c4e39611909c
* also support tilde (~) in user and group names, except ↵Arthur de Jong2010-12-241-1/+1
| | | | | | as first character git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1340 ef36b2f9-881f-0410-afb5-c4e39611909c
* make logic of character tests easier to readArthur de Jong2010-12-241-7/+14
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1339 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a nss_min_uid option to filter user entries ↵Arthur de Jong2010-12-204-21/+77
| | | | | | returned by LDAP git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1338 ef36b2f9-881f-0410-afb5-c4e39611909c
* pass the ld to do_bind() instead of the session to use ↵Arthur de Jong2010-12-121-14/+18
| | | | | | the correct ld from do_rebind() git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1328 ef36b2f9-881f-0410-afb5-c4e39611909c
* always return a positive authorisation result during ↵Arthur de Jong2010-12-121-6/+6
| | | | | | authentication because we don't do any authorisation checks during authentication and this may confuse the PAM module if it's only used for authorisation git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1327 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix commentArthur de Jong2010-12-121-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1325 ef36b2f9-881f-0410-afb5-c4e39611909c
* in each worker wake up once in a while to check whether ↵Arthur de Jong2010-12-083-12/+54
| | | | | | any existing LDAP connections should be closed git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1319 ef36b2f9-881f-0410-afb5-c4e39611909c
* in try_bind(), perform the search ourselves instead of ↵Arthur de Jong2010-12-031-3/+22
| | | | | | using lookup_dn2uid() to also be able to match administrator DNs (thanks to Thaddeus J. Kollar for spotting this) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1318 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix handling of try_bind() result code in ↵Arthur de Jong2010-12-031-3/+3
| | | | | | nslcd_pam_authc() (patch by Thaddeus J. Kollar) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1317 ef36b2f9-881f-0410-afb5-c4e39611909c
* close all open file descriptors on startArthur de Jong2010-11-261-0/+8
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1316 ef36b2f9-881f-0410-afb5-c4e39611909c
* return correct PAM status code for when LDAP server is ↵Arthur de Jong2010-11-173-9/+19
| | | | | | unavailable (based on a patch by Pierre Gambarotto) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1315 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch all internal functions to return an LDAP status codeArthur de Jong2010-11-171-27/+31
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1314 ef36b2f9-881f-0410-afb5-c4e39611909c
* return correct kind of error code from try_pwmod() (bug)Arthur de Jong2010-11-171-1/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1313 ef36b2f9-881f-0410-afb5-c4e39611909c
* log the request with any logged messagesArthur de Jong2010-11-0715-73/+111
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1301 ef36b2f9-881f-0410-afb5-c4e39611909c