Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd
Commit message (Collapse)AuthorAgeFilesLines
* Ignore SIGUSR2 for future compatibilityArthur de Jong2013-08-231-1/+1
|
* Handle SIGUSR1 by resetting the retry timerArthur de Jong2013-08-211-14/+21
| | | | | | This implements and documents handling of the SIGUSR1 signal in nslcd to reset the reconnect_sleeptime and reconnect_retrytime timers to re-check availability of the LDAP server.
* Implement function for resetting reconnect timesArthur de Jong2013-08-212-0/+26
| | | | | | | | | | This implemens a myldap_immediate_reconnect() function that resets the reconnect timer to retry failing connections to the LDAP server upon the next search. This can be used to cut the reconnect_sleeptime and reconnect_retrytime sleeping periodss short if we have some indication that the LDAP server is available again.
* Return partial shadow information to non-root usersArthur de Jong2013-08-213-12/+11
| | | | | | | | | | | | | | This also returns everything except the password hash from the shadow database to non-root users (nothing was returned before). This allows non-root users to do PAM authentication in some configurations. On some systems there is a setgid executable that is allowed to read /etc/shadow for authentication by e.g. screensavers. Returning no shadow information will cause pam_unix to deny authorisation in common configurations. See: http://bugs.debian.org/706913
* Add cast to int when logging configuration summaryArthur de Jong2013-08-201-3/+3
|
* -n switch for nslcd (prevents process from forking)Caleb Callaway2013-08-181-2/+10
|
* Fix errors in invalidator changesArthur de Jong2013-07-262-1/+3
| | | | | This fixes a few typos and an omission in the configuration file parsing code.
* Rename nscd_invalidate option to reconnect_invalidateArthur de Jong2013-07-267-62/+65
| | | | | This also renames the internal nscd module to invalidator for both nslcd and pynslcd. The new invalidator module is now no longer nscd-specific.
* Allow invalidating the nfsidmap cacheArthur de Jong2013-07-264-5/+24
| | | | This introduces an nfsidmap value for nscd_invalidate which will cause the nfsidmap -c command to be run.
* Make tests for system call failures a little more robustlyArthur de Jong2013-05-201-2/+2
|
* Fix commentArthur de Jong2013-04-031-1/+1
|
* Handle user modification requests in nslcdArthur de Jong2013-03-304-2/+301
| | | | | | | This is currently limited to supporting modification of the homeDirectory and loginShell attributes. Modifications as root currently use the rootpwmoddn and rootpwmodpw options.
* Fix comment for nss_nested_groups config optionArthur de Jong2013-03-281-1/+1
|
* Implement a nss_nested_groups configuration optionArthur de Jong2013-03-243-12/+26
| | | | | | This option can be used in both nslcd and pynslcd to enable recursive group member lookups. By default the functionality is disabled. This also updates the documentation.
* Implement support for nested groups in nslcdArthur de Jong2013-03-241-24/+162
| | | | | | | | | | | This differs from the code provided by Steve Hill in that it avoids (recursively) performing parallel LDAP searches by queueing groups and check for extra members per queued group (in the forward lookup) or check for extra parents (for the user to groups lookup). For the reverse lookup handling the NSLCD_HANDLE macro could no longer be used because extra care should be taken to free the sets before returning and two search phases are needed.
* Implement a mkfilter_group_bymemberdn() functionSteve Hill2013-03-241-0/+15
| | | | | | | | This was part of a bigger change to implement nested groups, however most of the other parts were re-implemented differently. For the original changes, see: http://lists.arthurdejong.org/nss-pam-ldapd-users/2013/msg00034.html
* spelling fixesArthur de Jong2013-03-242-2/+2
|
* fix service request loggingArthur de Jong2013-03-241-2/+2
|
* fix a few compiler warningsArthur de Jong2013-03-102-5/+7
|
* only log protocol name if it is presentArthur de Jong2013-03-101-2/+4
|
* start the nscd invalidator and invalidate the nscd cache ↵Arthur de Jong2013-03-093-0/+18
| | | | after reconnecting to the LDAP server after failure
* implement parsing of the nscd_invalidate optionArthur de Jong2013-03-092-22/+83
|
* implement functionality to send a cache invalidation ↵Arthur de Jong2013-03-093-2/+250
| | | | signal to nscd
* move signame() function to common.c to make it available ↵Arthur de Jong2013-03-093-56/+60
| | | | to all modules
* return the password policy bind information via PAMArthur de Jong2013-03-033-3/+28
|
* request and parse password policy controls when doing ↵Arthur de Jong2013-03-031-6/+206
| | | | user authentication in nslcd
* pass the session along to the do_bind() functionArthur de Jong2013-03-031-8/+8
|
* log a more meaningful error in nslcd when trying to ↵Arthur de Jong2013-03-011-1/+7
| | | | authenticate as administrator when rootpwmoddn is not set
* move update_lastchange() function from shadow to pam codeArthur de Jong2013-03-013-69/+68
|
* log version information from the NSS moduleArthur de Jong2013-02-231-1/+11
|
* extra sanity check to ensure not too many file ↵Arthur de Jong2013-02-231-0/+5
| | | | descriptors are open
* allow names with one character in default validnames ↵Arthur de Jong2013-02-231-1/+1
| | | | option and allow parentheses (taken from Fedora packages)
* handle the log configuration option in nslcdArthur de Jong2013-02-234-13/+104
|
* implement functions for configuring alternative loggingArthur de Jong2013-02-232-15/+105
|
* implement a netgroup_all requestArthur de Jong2013-02-083-2/+12
|
* make checking dlsym() result a little saferArthur de Jong2013-01-181-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1925 ef36b2f9-881f-0410-afb5-c4e39611909c
* use pthreads thread-local storage as fallback mechanism ↵Arthur de Jong2013-01-181-1/+48
| | | | | | if compiler doesn't provide a keyword for TLS git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1922 ef36b2f9-881f-0410-afb5-c4e39611909c
* use the AX_TLS macro to find correct thread-local ↵Arthur de Jong2013-01-181-3/+3
| | | | | | storage class compiler directive git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1921 ef36b2f9-881f-0410-afb5-c4e39611909c
* dump full nslcd configuration at debug level on start-upArthur de Jong2013-01-182-1/+265
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1920 ef36b2f9-881f-0410-afb5-c4e39611909c
* support children search scope for systems that have itArthur de Jong2013-01-141-0/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1917 ef36b2f9-881f-0410-afb5-c4e39611909c
* reorganise configuration file parsing codeArthur de Jong2013-01-121-561/+535
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1913 ef36b2f9-881f-0410-afb5-c4e39611909c
* have myldap_get_ranged_values() return a list of values ↵Arthur de Jong2013-01-121-19/+13
| | | | | | instead of a set git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1912 ef36b2f9-881f-0410-afb5-c4e39611909c
* check result of set_tolist() to ensure that memory ↵Arthur de Jong2013-01-124-3/+23
| | | | | | allocation problems are logged git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1911 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix memory leak in myldap_get_values_len() when using ↵Arthur de Jong2013-01-121-0/+6
| | | | | | ranged attributes (very unlikely to occur) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1910 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix a problem in memory handling in ↵Arthur de Jong2013-01-121-2/+4
| | | | | | myldap_get_values_len() if malloc() would fail git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1909 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix typo in commentArthur de Jong2013-01-101-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1906 ef36b2f9-881f-0410-afb5-c4e39611909c
* perform search for pam_authz_search on all search basesArthur de Jong2013-01-061-32/+44
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1903 ef36b2f9-881f-0410-afb5-c4e39611909c
* update FIXMEsArthur de Jong2013-01-051-1/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1901 ef36b2f9-881f-0410-afb5-c4e39611909c
* change ethernet address formatting from FIXME to noteArthur de Jong2013-01-051-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1900 ef36b2f9-881f-0410-afb5-c4e39611909c
* inline most is_valid_...() functionsArthur de Jong2013-01-051-27/+11
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1898 ef36b2f9-881f-0410-afb5-c4e39611909c