summaryrefslogtreecommitdiff
path: root/nslcd/pam.c
AgeCommit message (Collapse)Author
2014-10-04fooLuke Shumaker
2014-06-06Fix password modification by rootArthur de Jong
This fixes 15fc13c.
2014-05-17Clear buffers before free-ingArthur de Jong
This clears most buffers that may hold credentials at one point before free()ing the memory.
2014-05-04Improve error logging of user login failuresArthur de Jong
2014-05-04Make buffer size error logging consistentArthur de Jong
This adds logging of most cases where a defined buffer is not large enough to hold provided data on error log level.
2014-05-04Warn when binddn buffer is too smallArthur de Jong
2013-12-18Centralise buffer sizesArthur de Jong
Common buffer sizes are now stored centrally so it can be easily and consistently updated if required. Some buffers remain with locally defined sizes that do not match a global buffer size.
2013-10-29Fix a number of compiler warningsArthur de Jong
This includes a number of small fixes for issues that were formerly masked by the incorrect AC_LANG_PROGRAM check.
2013-03-03return the password policy bind information via PAMArthur de Jong
2013-03-01log a more meaningful error in nslcd when trying to authenticate as ↵Arthur de Jong
administrator when rootpwmoddn is not set
2013-03-01move update_lastchange() function from shadow to pam codeArthur de Jong
2013-01-06perform search for pam_authz_search on all search basesArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1903 ef36b2f9-881f-0410-afb5-c4e39611909c
2013-01-01log and return a diagnostic message instead of just the LDAP error on ↵Arthur de Jong
password change failure git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1895 ef36b2f9-881f-0410-afb5-c4e39611909c
2013-01-01retry updating the lastChange attribute with the normal nslcd LDAP ↵Arthur de Jong
connection if the update with the user's connection failed git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1894 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-12-30reorganise and rename configuration options to be in line with manual pageArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1888 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-12-30remove the ldc_ prefix from struct ldap_config fieldsArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-12-24fix typo in commentArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1878 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-12-22update C coding style to a more commonly used styleArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-12-16change PAM protocol to be more consistent and simplerArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1865 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-09-14rename filter_buffer to filter for consistencyArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1762 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-07-08implement a pam_password_prohibit_message nslcd.conf option to deny password ↵Arthur de Jong
change introducing a NSLCD_ACTION_CONFIG_GET request thanks to Ted Cheng git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1715 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-06-15log successful password change in nslcd and correctly terminate protocol on ↵Arthur de Jong
password change failure git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1703 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-05-04allow the pam_authz_search option to be specified multiple timesArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1679 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-03-23increase buffer for pam_authz_search as suggested by Chris J ArgesArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1643 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-03-10fix log message for invalid pam_authz_search as reported by Matt RaeArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1628 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-01-09Do not leak memory if myldap_escape() failsJakub Hrozek
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1590 ef36b2f9-881f-0410-afb5-c4e39611909c
2012-01-09Return from update_username() if myldap_get_values() returns invalid valueJakub Hrozek
If myldap_get_values() failed for the attmap_passwd_uid, nss-pam-ldapd would dereference a NULL pointer. git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1589 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-10-02reduce loglevel of user not found messages to avoid spamming the logs with ↵Arthur de Jong
useless information (thanks Wakko Warner) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1551 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-09-09make validation log messages consistentArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1542 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-06-10correctly only check password expiration when authenticating, only check ↵Arthur de Jong
account expiration when doing authorisation check git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1475 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-06-05check all variables in pam_authz_search to see if they existArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1474 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-04-30close the nslcd connection to signal LDAP server unavailable to PAM moduleArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1449 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-04-30improve password change failed error messageArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1447 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-04-30check shadow properties (similarly to what pam_unix does) in the PAM ↵Arthur de Jong
handling code git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1446 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-04-30fix return value of try_autzsearch() when no match foundArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1444 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-04-30use the right DN in the pam_authz_search optionArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1443 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-04-29move most of the code for building the authorisation search into the ↵Arthur de Jong
try_autzsearch() function git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1441 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-04-24make request indicator shorterArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1436 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-04-24no longer use the userdn parameter passed along with each request (this may ↵Arthur de Jong
mean one or two more lookups when doing authentication but simplifies things) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1434 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-04-03make user and group name validation errors a little more informativeArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1423 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-03-12put all HOST_NAME_MAX fallbacks in common.h and fall back to ↵Arthur de Jong
_POSIX_HOST_NAME_MAX (thanks Peter Bray) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1390 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-03-09fix compiler warningArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1383 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-03-09properly handle user-not-found errors when doing authentication (CVE-2011-0438)Arthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1382 ef36b2f9-881f-0410-afb5-c4e39611909c
2011-01-29implement a fqdn variable that can be used inside pam_authz_search filtersArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1367 ef36b2f9-881f-0410-afb5-c4e39611909c
2010-12-26try to update the shadowLastChange attribute of a user on password change ↵Arthur de Jong
(the update is only tried if the attribute is present to begin with) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1345 ef36b2f9-881f-0410-afb5-c4e39611909c
2010-12-12always return a positive authorisation result during authentication because ↵Arthur de Jong
we don't do any authorisation checks during authentication and this may confuse the PAM module if it's only used for authorisation git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1327 ef36b2f9-881f-0410-afb5-c4e39611909c
2010-12-03in try_bind(), perform the search ourselves instead of using lookup_dn2uid() ↵Arthur de Jong
to also be able to match administrator DNs (thanks to Thaddeus J. Kollar for spotting this) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1318 ef36b2f9-881f-0410-afb5-c4e39611909c
2010-12-03fix handling of try_bind() result code in nslcd_pam_authc() (patch by ↵Arthur de Jong
Thaddeus J. Kollar) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1317 ef36b2f9-881f-0410-afb5-c4e39611909c
2010-11-17return correct PAM status code for when LDAP server is unavailable (based on ↵Arthur de Jong
a patch by Pierre Gambarotto) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1315 ef36b2f9-881f-0410-afb5-c4e39611909c
2010-11-17switch all internal functions to return an LDAP status codeArthur de Jong
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1314 ef36b2f9-881f-0410-afb5-c4e39611909c
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-08-10 04:36:59 +0000