Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/pam/pam.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix logic errorArthur de Jong2016-02-221-1/+1
| | | | | | | | | This could result in a free(NULL) call. This code path can only be triggered if pam_ldap changes the logged-in username (introduced in 6a74d8d). Thanks 依云, see https://github.com/arthurdejong/nss-pam-ldapd/issues/11
* Have PAM module log messages to syslogArthur de Jong2015-08-151-0/+8
| | | | | | This logs informational messages that are presented to the user tot syslog. This normally includes password expiry and grace login information which may be useful to log.
* Avoid comparison of static array to null pointerPatrick McLean2015-03-111-2/+2
| | | | | | | There are several places where a static length array in a struct is compared to a null pointer. These comparisons will always be false, since an array in a struct is not actually a pointer, so they can be removed.
* Allow configuration of NSS and PAM namesArthur de Jong2015-01-191-3/+3
| | | | This introduces the --with-module-name configure option to allow building of NSS and PAM modules with different namespaces than ldap.
* Add a test for pam_get_item() argument typeArthur de Jong2013-11-251-5/+5
| | | | | | This checks whether pam_get_item() takes a const void ** or void ** item value argument and defines a PAM_ITEM_CONST macro that is const when it should. This avoids some compiler warnings.
* Fix a number of compiler warningsArthur de Jong2013-10-291-3/+3
| | | | | This includes a number of small fixes for issues that were formerly masked by the incorrect AC_LANG_PROGRAM check.
* Initialise msg to avoid potential NULL pointer dereferenceArthur de Jong2013-09-131-1/+1
| | | | | | The NULL pointer dereference in the PAM module should not occur due to the relationship with the rc value that is handled alongside it. This change mostly silences the compiler and protects from future changes.
* Small fix in NEW_AUTHTOK_REQD handlingArthur de Jong2013-08-181-1/+1
| | | | | | | There is a potential memory leak if the old password is saved multiple times. Furthermore, PAM_NEW_AUTHTOK_REQD is only allowed as a result of the authorisation phase, not the authentication phase so there is no use in checking.
* do not recheck the user password in first password phase ↵Arthur de Jong2013-01-061-9/+5
| | | | | | if it was stored in the authentication phase git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1904 ef36b2f9-881f-0410-afb5-c4e39611909c
* save the old password if either the authentication or ↵Arthur de Jong2013-01-051-2/+2
| | | | | | the authorisation response is NEW_AUTHTOK_REQD git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1899 ef36b2f9-881f-0410-afb5-c4e39611909c
* update C coding style to a more commonly used styleArthur de Jong2012-12-221-327/+371
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
* change PAM protocol to be more consistent and simplerArthur de Jong2012-12-161-160/+207
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1865 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch protocol from host byte order to network byte ↵Arthur de Jong2012-12-161-4/+2
| | | | | | order and switch use of uid_t and gid_t in the protocol to int32 git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1864 ef36b2f9-881f-0410-afb5-c4e39611909c
* use pam_modutil_getpwnam() instead of getpwnam() in PAM ↵Arthur de Jong2012-11-171-1/+1
| | | | | | module git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1832 ef36b2f9-881f-0410-afb5-c4e39611909c
* log the PAM error message along with the message from ↵Arthur de Jong2012-11-111-1/+5
| | | | | | nslcd if it is available git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1823 ef36b2f9-881f-0410-afb5-c4e39611909c
* also check pam_password_prohibit_message in ↵Arthur de Jong2012-07-111-0/+14
| | | | | | pam_sm_authenticate() because Solaris does authentication before pam_sm_chauthtok() (thanks Ted Cheng) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1716 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a pam_password_prohibit_message nslcd.conf ↵Arthur de Jong2012-07-081-0/+23
| | | | | | option to deny password change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted Cheng git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1715 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix problem with returning wrong error code when ↵Arthur de Jong2012-06-151-3/+7
| | | | | | changing password with wrong old password (thanks Anton Helwart) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1702 ef36b2f9-881f-0410-afb5-c4e39611909c
* split setting up of configuration into separate functionArthur de Jong2011-04-301-14/+22
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1448 ef36b2f9-881f-0410-afb5-c4e39611909c
* do not attempt to change password as root when changing ↵Arthur de Jong2011-04-301-1/+1
| | | | | | an expired password git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1445 ef36b2f9-881f-0410-afb5-c4e39611909c
* support more PAM status codes over the nslcd protocolArthur de Jong2011-04-291-0/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1440 ef36b2f9-881f-0410-afb5-c4e39611909c
* small code improvementsArthur de Jong2011-03-191-3/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1400 ef36b2f9-881f-0410-afb5-c4e39611909c
* check for user existence before trying password changeArthur de Jong2011-03-141-0/+29
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1394 ef36b2f9-881f-0410-afb5-c4e39611909c
* fallback to standard PAM error message if one wasn't ↵Arthur de Jong2010-12-121-0/+5
| | | | | | returned by nslcd git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1326 ef36b2f9-881f-0410-afb5-c4e39611909c
* make use of UNUSED() consistent throughout the codeArthur de Jong2010-10-101-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1256 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a rootpwmodpw option that allows root users to ↵Arthur de Jong2010-09-051-1/+14
| | | | | | change user passwords without a password prompt git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1206 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix nullok test for password modificationArthur de Jong2010-06-041-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1134 ef36b2f9-881f-0410-afb5-c4e39611909c
* simplify PAM module splitting remapping for ignore_* ↵Arthur de Jong2010-06-021-95/+61
| | | | | | options to a separate function, parsing of try_first_pass and use_first_pass is done by pam_get_authtok(), don't report session errors to the user and make error handling consistent git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1131 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement an nullok PAM option and disable empty ↵Arthur de Jong2010-06-011-1/+18
| | | | | | passwords by default git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1129 ef36b2f9-881f-0410-afb5-c4e39611909c
* don't log failure to do nslcd request to user and log ↵Arthur de Jong2010-06-011-5/+5
| | | | | | authentication errors during password change git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1128 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix typoArthur de Jong2010-05-311-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1125 ef36b2f9-881f-0410-afb5-c4e39611909c
* make code more consistentArthur de Jong2010-05-241-9/+9
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1120 ef36b2f9-881f-0410-afb5-c4e39611909c
* don't store use_authtok because pam_get_authtok() looks ↵Arthur de Jong2010-05-241-3/+1
| | | | | | at the arguments itself git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1118 ef36b2f9-881f-0410-afb5-c4e39611909c
* print uid as a longArthur de Jong2010-05-141-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1107 ef36b2f9-881f-0410-afb5-c4e39611909c
* perform logging from PAM module to syslog and support ↵Arthur de Jong2010-05-141-23/+80
| | | | | | the debug option to log debugging information git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1106 ef36b2f9-881f-0410-afb5-c4e39611909c
* centralise initialising functions needed for every PAM ↵Arthur de Jong2010-05-131-116/+60
| | | | | | call into one function git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1105 ef36b2f9-881f-0410-afb5-c4e39611909c
* also use PAM username instead of one from context for ↵Arthur de Jong2010-05-131-3/+4
| | | | | | session open and close git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1103 ef36b2f9-881f-0410-afb5-c4e39611909c
* replace my_pam_get_authtok() with standard ↵Arthur de Jong2010-05-131-113/+16
| | | | | | pam_get_authtok() function, get rid of get_old_password() and general cleanups and simplifications git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1102 ef36b2f9-881f-0410-afb5-c4e39611909c
* make parsing configuration options global, reorganise a ↵Arthur de Jong2010-05-121-270/+231
| | | | | | bit and make code more consistent and easier to read git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1101 ef36b2f9-881f-0410-afb5-c4e39611909c
* only log "LDAP session failed" if we actually triedArthur de Jong2010-05-101-20/+12
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1099 ef36b2f9-881f-0410-afb5-c4e39611909c
* replace my_pam_warn() with pam_info() and pam_error() ↵Arthur de Jong2010-05-101-45/+12
| | | | | | and provide replacement for pam_prompt() also using it in our pam_get_authtok() replacement git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1098 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a minimum_uid option for the PAM module to ↵Arthur de Jong2010-05-061-9/+51
| | | | | | ignore users that have a lower numeric user id git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1082 ef36b2f9-881f-0410-afb5-c4e39611909c
* add admindn configuration file option that is used when ↵Arthur de Jong2010-01-241-6/+24
| | | | | | modifying another user's password git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1059 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide a replacement for the pam_get_authtok() ↵Arthur de Jong2009-10-171-1/+3
| | | | | | functions for systems without it git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1008 ef36b2f9-881f-0410-afb5-c4e39611909c
* only include security/pam_ext.h for systems that have itArthur de Jong2009-10-111-1/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1004 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement password changing in the PAM module by ↵Arthur de Jong2009-10-071-84/+85
| | | | | | performing an LDAP password modify EXOP request git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1000 ef36b2f9-881f-0410-afb5-c4e39611909c
* some compatibility improvementsArthur de Jong2009-10-051-1/+9
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@998 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix return of authorisation check (patch by Howard Chu ↵Arthur de Jong2009-09-291-0/+1
| | | | | | <hyc@symas.com>) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@997 ef36b2f9-881f-0410-afb5-c4e39611909c
* general code cleanup and add missing casts and includesArthur de Jong2009-09-241-40/+43
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@993 ef36b2f9-881f-0410-afb5-c4e39611909c
* change authorisation request to also include ruser, ↵Arthur de Jong2009-06-031-4/+20
| | | | | | rhost and tty (based on OpenLDAP cvs) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@916 ef36b2f9-881f-0410-afb5-c4e39611909c