Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd
Commit message (Collapse)AuthorAgeFilesLines
...
* put external libraries at the end when linkingArthur de Jong2011-08-141-2/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1504 ef36b2f9-881f-0410-afb5-c4e39611909c
* check nsswitch.conf mtime to see whether file should be ↵Arthur de Jong2011-08-091-6/+41
| | | | | | reloaded git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1495 ef36b2f9-881f-0410-afb5-c4e39611909c
* set the socket timeout in a connection callback to avoid ↵Arthur de Jong2011-08-071-27/+75
| | | | | | timeout issues during the SSL handshake (based on a patch by Stefan Völkel) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1490 ef36b2f9-881f-0410-afb5-c4e39611909c
* check whether the NSS shadow map queries LDAP before ↵Arthur de Jong2011-08-054-4/+136
| | | | | | returning x as a password has for shadow users git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1487 ef36b2f9-881f-0410-afb5-c4e39611909c
* implementation of myldap_get_values_len() to use ↵Arthur de Jong2011-08-054-5/+112
| | | | | | ldap_get_values_len() instead of ldap_get_values() to fix some problems with binary data in returned attribute values (patch by Wesley Mason) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1485 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch to using the member attribute by default instead ↵Arthur de Jong2011-08-033-9/+9
| | | | | | of uniqueMember git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1484 ef36b2f9-881f-0410-afb5-c4e39611909c
* make buffer sizes consistent, grow gidNumber buffer to ↵Arthur de Jong2011-07-025-29/+29
| | | | | | hold larger numbers and small consistency improvements git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1476 ef36b2f9-881f-0410-afb5-c4e39611909c
* correctly only check password expiration when ↵Arthur de Jong2011-06-101-5/+5
| | | | | | authenticating, only check account expiration when doing authorisation check git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1475 ef36b2f9-881f-0410-afb5-c4e39611909c
* check all variables in pam_authz_search to see if they existArthur de Jong2011-06-052-7/+42
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1474 ef36b2f9-881f-0410-afb5-c4e39611909c
* mark more strings as const and don't free() data ↵Arthur de Jong2011-06-052-8/+7
| | | | | | returned by cfg_getdomainname() git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1473 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix r1468Arthur de Jong2011-06-051-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1470 ef36b2f9-881f-0410-afb5-c4e39611909c
* simplify and correct find_rdn_value() to handle ↵Arthur de Jong2011-06-051-4/+3
| | | | | | splitting attribute and value correctly git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1468 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix problem with partial attribute name matches in DN ↵Arthur de Jong2011-05-211-0/+1
| | | | | | (e.g. uid vs. uidNumber) (thanks to Timothy White for the fix) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1464 ef36b2f9-881f-0410-afb5-c4e39611909c
* close the nslcd connection to signal LDAP server ↵Arthur de Jong2011-04-301-16/+8
| | | | | | unavailable to PAM module git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1449 ef36b2f9-881f-0410-afb5-c4e39611909c
* improve password change failed error messageArthur de Jong2011-04-301-10/+12
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1447 ef36b2f9-881f-0410-afb5-c4e39611909c
* check shadow properties (similarly to what pam_unix ↵Arthur de Jong2011-04-303-10/+172
| | | | | | does) in the PAM handling code git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1446 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix return value of try_autzsearch() when no match foundArthur de Jong2011-04-301-0/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1444 ef36b2f9-881f-0410-afb5-c4e39611909c
* use the right DN in the pam_authz_search optionArthur de Jong2011-04-301-5/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1443 ef36b2f9-881f-0410-afb5-c4e39611909c
* move code for getting shadow expiry properties to a ↵Arthur de Jong2011-04-301-36/+37
| | | | | | separate function git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1442 ef36b2f9-881f-0410-afb5-c4e39611909c
* move most of the code for building the authorisation ↵Arthur de Jong2011-04-291-32/+39
| | | | | | search into the try_autzsearch() function git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1441 ef36b2f9-881f-0410-afb5-c4e39611909c
* set maxdays to -1 to indicate no expiry (instead of a ↵Arthur de Jong2011-04-291-1/+1
| | | | | | long time) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1439 ef36b2f9-881f-0410-afb5-c4e39611909c
* make request indicator shorterArthur de Jong2011-04-241-5/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1436 ef36b2f9-881f-0410-afb5-c4e39611909c
* no longer use the userdn parameter passed along with ↵Arthur de Jong2011-04-241-101/+116
| | | | | | each request (this may mean one or two more lookups when doing authentication but simplifies things) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1434 ef36b2f9-881f-0410-afb5-c4e39611909c
* report correct reported error from ldap_abandon()Arthur de Jong2011-04-221-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1431 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix r1429 to properly handle absence of RTLD_NODELETEArthur de Jong2011-04-181-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1430 ef36b2f9-881f-0410-afb5-c4e39611909c
* support systems without RTLD_NODELETEArthur de Jong2011-04-181-1/+7
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1429 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide replacement implementation for strndup() for ↵Arthur de Jong2011-04-152-0/+2
| | | | | | systems that don't have it git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1427 ef36b2f9-881f-0410-afb5-c4e39611909c
* support using the objectSid attribute to provide numeric ↵Arthur de Jong2011-04-154-34/+181
| | | | | | user and group ids, based on a patch by Wesley Mason git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1425 ef36b2f9-881f-0410-afb5-c4e39611909c
* make user and group name validation errors a little more ↵Arthur de Jong2011-04-033-7/+8
| | | | | | informative git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1423 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow usernames of only two charactersArthur de Jong2011-03-311-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1419 ef36b2f9-881f-0410-afb5-c4e39611909c
* no longer indefinitely wait for all worker threads to ↵Arthur de Jong2011-03-251-33/+30
| | | | | | finish before exiting (but wait a few seconds on platforms with pthread_timedjoin_np()) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1414 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a validnames option that can be used to ↵Arthur de Jong2011-03-253-42/+66
| | | | | | fine-tune the test for valid user and group names using a regular expression git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1411 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix descriptions of filesArthur de Jong2011-03-232-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1405 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide a definition of daemon() for systems that lack itArthur de Jong2011-03-231-2/+0
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1403 ef36b2f9-881f-0410-afb5-c4e39611909c
* small code improvementsArthur de Jong2011-03-192-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1400 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove logging functionality that isn't usedArthur de Jong2011-03-192-159/+20
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1399 ef36b2f9-881f-0410-afb5-c4e39611909c
* put all HOST_NAME_MAX fallbacks in common.h and fall ↵Arthur de Jong2011-03-122-4/+4
| | | | | | back to _POSIX_HOST_NAME_MAX (thanks Peter Bray) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1390 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix problem with endless loop on incorrect passwordArthur de Jong2011-03-111-4/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1388 ef36b2f9-881f-0410-afb5-c4e39611909c
* move HOST_NAME_MAX fallback definition to header fileArthur de Jong2011-03-112-4/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1387 ef36b2f9-881f-0410-afb5-c4e39611909c
* update copyright headers to add missing yearsArthur de Jong2011-03-104-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1384 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix compiler warningArthur de Jong2011-03-091-1/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1383 ef36b2f9-881f-0410-afb5-c4e39611909c
* properly handle user-not-found errors when doing ↵Arthur de Jong2011-03-092-3/+15
| | | | | | authentication (CVE-2011-0438) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1382 ef36b2f9-881f-0410-afb5-c4e39611909c
* ensure that session id is only logged while handling a ↵Arthur de Jong2011-03-063-7/+26
| | | | | | connection git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1375 ef36b2f9-881f-0410-afb5-c4e39611909c
* create the directory for the socket and pidfileArthur de Jong2011-02-111-11/+24
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1369 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a fqdn variable that can be used inside ↵Arthur de Jong2011-01-294-52/+86
| | | | | | pam_authz_search filters git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1367 ef36b2f9-881f-0410-afb5-c4e39611909c
* include definition of rc in all code paths because it's ↵Arthur de Jong2011-01-011-3/+1
| | | | | | used most of the time git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1362 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow attribute mapping with an expression for the ↵Arthur de Jong2010-12-286-29/+36
| | | | | | userPassword attribute for passwd, group and shadow entries and by default map it to the unmatchable password ("*") to avoid accidentally leaking password information git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1346 ef36b2f9-881f-0410-afb5-c4e39611909c
* try to update the shadowLastChange attribute of a user ↵Arthur de Jong2010-12-265-1/+90
| | | | | | on password change (the update is only tried if the attribute is present to begin with) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1345 ef36b2f9-881f-0410-afb5-c4e39611909c
* also support the tls_cacert option as an alias for ↵Arthur de Jong2010-12-261-1/+2
| | | | | | tls_cacertfile git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1342 ef36b2f9-881f-0410-afb5-c4e39611909c
* also support tilde (~) in user and group names, except ↵Arthur de Jong2010-12-241-1/+1
| | | | | | as first character git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1340 ef36b2f9-881f-0410-afb5-c4e39611909c