Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Coverity#11940: do not leak memory in the pam wrapper testcoverity | Alexander Bokovoy | 2013-09-02 | 1 | -3/+5 |
| | |||||
* | Coverity#11937: use proper structure to pass to map_data_set_entry() | Alexander Bokovoy | 2013-09-02 | 1 | -6/+8 |
| | | | | | map_data_set_entry() passes pointers to the lengths of the key and the value to map_data_save_list() which interpretes them as arrays of integers. | ||||
* | Remove a pair of unused variables | Nalin Dahyabhai | 2013-08-28 | 1 | -2/+0 |
| | |||||
* | Warn if we fail to set SO_LINGER for TCP clients | Nalin Dahyabhai | 2013-08-27 | 1 | -1/+7 |
| | |||||
* | Warn if non-blocking-ifying a client socket fails | Nalin Dahyabhai | 2013-08-27 | 1 | -1/+7 |
| | |||||
* | Error out if the listener can't be non-blocking | Nalin Dahyabhai | 2013-08-27 | 1 | -2/+9 |
| | |||||
* | Omit an unnecessary switch case | Nalin Dahyabhai | 2013-08-27 | 1 | -2/+0 |
| | |||||
* | Don't make an unnecessary check | Nalin Dahyabhai | 2013-08-27 | 1 | -1/+1 |
| | |||||
* | Skip values that are going to come up empty | Nalin Dahyabhai | 2013-08-27 | 1 | -0/+3 |
| | |||||
* | Handle fopen() failures | Nalin Dahyabhai | 2013-08-27 | 1 | -1/+1 |
| | |||||
* | Sanity check the request size correctly | Nalin Dahyabhai | 2013-08-27 | 1 | -3/+4 |
| | | | | | Use the amount of data that we could have read as the upper bound on reasonable-looking request lengths. | ||||
* | Make sure that length is always initialized | Nalin Dahyabhai | 2013-08-27 | 1 | -0/+1 |
| | |||||
* | Fix a missing xdr_free() | Nalin Dahyabhai | 2013-08-27 | 1 | -1/+1 |
| | |||||
* | Directly return lists when making single queries | Nalin Dahyabhai | 2013-08-27 | 1 | -35/+42 |
| | |||||
* | Don't leak "buf" if its contents are unused | Nalin Dahyabhai | 2013-08-27 | 1 | -0/+2 |
| | |||||
* | Break out passwd-to-slapi_entry conversion | Nalin Dahyabhai | 2013-08-27 | 1 | -55/+70 |
| | | | | | | Break out a backend_make_user_entry_from_nsswitch_passwd function for converting a passwd structure to an entry, and rename the helper for groups to match it. | ||||
* | Free staged data correctly when locking fails | Nalin Dahyabhai | 2013-08-27 | 1 | -0/+2 |
| | |||||
* | Don't leak ret if fopen() fails (static analysis) | Nalin Dahyabhai | 2013-08-27 | 1 | -0/+1 |
| | |||||
* | Don't use pamh before or after it's valid | Nalin Dahyabhai | 2013-08-27 | 1 | -9/+23 |
| | | | | | Don't use the PAM handle before it's initialized or after it's freed (static analysis). | ||||
* | Log successful authentication at PLUGIN, not FATAL | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+1 |
| | | | | | | The server's mainline code doesn't appear to log successful authentication beyond what already shows up in the access log, so we should probably behave ourselves. | ||||
* | tag 0.48 | Nalin Dahyabhai | 2013-08-12 | 3 | -2/+11 |
| | |||||
* | Add nsswitch and PAM tests | Nalin Dahyabhai | 2013-08-12 | 6 | -0/+577 |
| | |||||
* | Finish PAM->LDAP mapping logging code | Nalin Dahyabhai | 2013-08-12 | 1 | -15/+40 |
| | |||||
* | Add support logic for wrappers.so | Nalin Dahyabhai | 2013-08-12 | 2 | -4/+30 |
| | | | | | If a test includes "plugin-need-wrappers.txt", LD_PRELOAD wrappers.so if we built it, and set any variables which are listed in the text file. | ||||
* | Add a function for attempting a simple-bind search | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+4 |
| | |||||
* | Handle binds to compat entries without "uid"s | Nalin Dahyabhai | 2013-08-12 | 1 | -11/+35 |
| | | | | | | | Use a dummy user name if the one we get passed is NULL, which happens when the bind target entry doesn't contain a "uid" attribute. Try to avoid a timing attack by calling into PAM anyway. Switch to just logging the detailed error information, and telling the client nothing. | ||||
* | Always use normalized RDNs as map keys | Nalin Dahyabhai | 2013-08-12 | 1 | -2/+3 |
| | | | | | | Always use normalized RDNs as map keys, so that we can be sure that a lookup using part of the DN will find the entry, even if it needed to be escaped and/or normalized to something else at some point. | ||||
* | Shoehorn in some nsswitch wrappers | Nalin Dahyabhai | 2013-08-12 | 3 | -0/+584 |
| | |||||
* | Only add extensibleObject if we have an SID | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+1 |
| | | | | | | Make the addition of extensibleObject to the list of objectclasses conditional on there being a ipaNTSecurityIdentifier value in the source entry. | ||||
* | Properly escape DNs of nsswitch-based entries | Nalin Dahyabhai | 2013-08-12 | 1 | -15/+59 |
| | |||||
* | Suppress some compiler warnings | Nalin Dahyabhai | 2013-08-12 | 1 | -0/+1 |
| | |||||
* | Remove some unused variables | Nalin Dahyabhai | 2013-08-12 | 2 | -6/+1 |
| | |||||
* | Handle locking failures | Nalin Dahyabhai | 2013-08-12 | 1 | -37/+64 |
| | | | | Handle cases where we fail to acquire locks. | ||||
* | Make notes of our staged nsswitch lookups | Nalin Dahyabhai | 2013-08-12 | 1 | -0/+23 |
| | |||||
* | Switch to tracking entry sources explicitly | Nalin Dahyabhai | 2013-08-12 | 2 | -13/+2 |
| | | | | | | Don't depend on a text attribute in a synthetic entry to tell us where it came from; just record it in the entry's backend_data and consult it directly later. | ||||
* | Ensure that the grouplist entry array is inited | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+1 |
| | | | | | | When allocating the array for returning a list of group entries, use calloc() to ensure that the array is zero-filled, in case resizing it fails for some reason. | ||||
* | Don't log "with closest match (null)" | Nalin Dahyabhai | 2013-08-12 | 1 | -15/+14 |
| | | | | | If we're sending a result, don't log that we're sending a closest match, even if it's "(null)", if we're not sending a closest match. | ||||
* | Formatting, implicit NULL checks | Nalin Dahyabhai | 2013-08-12 | 1 | -4/+4 |
| | |||||
* | Fix a type safety error | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+1 |
| | |||||
* | Explicitly track the sources of cached entries | Nalin Dahyabhai | 2013-08-12 | 2 | -7/+20 |
| | |||||
* | Renames and fix a memory leak | Nalin Dahyabhai | 2013-08-12 | 3 | -55/+56 |
| | | | | | | | | Rename backend_staged_data to backend_staged_search. Fix some formatting. Change how we walk the list of entries retrieved using a staged search so that if the map's been removed since the search was staged, we still free the temporary entry structures. | ||||
* | Comment cleanup | Nalin Dahyabhai | 2013-08-12 | 1 | -7/+8 |
| | |||||
* | Consolidate PAM error checking/handling/reporting | Nalin Dahyabhai | 2013-08-12 | 1 | -144/+108 |
| | | | | | | | Don't bother to fetch the full set of request controls, since we don't do anything with them. Merge what's left of backend_sch_do_pam_auth() and do_pam_auth(). Separate the concoct-an-error-message logic out into a helper that we call after both pam_authenticate() and pam_acct_mgmt(). | ||||
* | Compare object class names in bervals correctly | Nalin Dahyabhai | 2013-08-12 | 1 | -3/+21 |
| | | | | | Avoid possibly getting thrown by searches where a specified object class is a prefix of one that we're looking for. | ||||
* | Collapse a pair of blank lines | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+0 |
| | |||||
* | Explicitly require the new features | Nalin Dahyabhai | 2013-08-12 | 1 | -3/+11 |
| | | | | Make Fedora builds hard-require the newly-added features. | ||||
* | Make --with-pam-service a build-time option | Nalin Dahyabhai | 2013-08-07 | 2 | -1/+9 |
| | |||||
* | Build using sss_nss_idmap/PAM CFLAGS, too | Nalin Dahyabhai | 2013-08-07 | 1 | -0/+3 |
| | |||||
* | Indentation tweak | Nalin Dahyabhai | 2013-08-07 | 1 | -3/+3 |
| | |||||
* | Notice when read locks fail | Nalin Dahyabhai | 2013-08-07 | 1 | -24/+50 |
| | | | | | When we fail to obtain a read lock on the data, attempt to fail the operation, so that it can be retried later. |