summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Coverity#11940: do not leak memory in the pam wrapper testcoverityAlexander Bokovoy2013-09-021-3/+5
|
* Coverity#11937: use proper structure to pass to map_data_set_entry()Alexander Bokovoy2013-09-021-6/+8
| | | | | map_data_set_entry() passes pointers to the lengths of the key and the value to map_data_save_list() which interpretes them as arrays of integers.
* Remove a pair of unused variablesNalin Dahyabhai2013-08-281-2/+0
|
* Warn if we fail to set SO_LINGER for TCP clientsNalin Dahyabhai2013-08-271-1/+7
|
* Warn if non-blocking-ifying a client socket failsNalin Dahyabhai2013-08-271-1/+7
|
* Error out if the listener can't be non-blockingNalin Dahyabhai2013-08-271-2/+9
|
* Omit an unnecessary switch caseNalin Dahyabhai2013-08-271-2/+0
|
* Don't make an unnecessary checkNalin Dahyabhai2013-08-271-1/+1
|
* Skip values that are going to come up emptyNalin Dahyabhai2013-08-271-0/+3
|
* Handle fopen() failuresNalin Dahyabhai2013-08-271-1/+1
|
* Sanity check the request size correctlyNalin Dahyabhai2013-08-271-3/+4
| | | | | Use the amount of data that we could have read as the upper bound on reasonable-looking request lengths.
* Make sure that length is always initializedNalin Dahyabhai2013-08-271-0/+1
|
* Fix a missing xdr_free()Nalin Dahyabhai2013-08-271-1/+1
|
* Directly return lists when making single queriesNalin Dahyabhai2013-08-271-35/+42
|
* Don't leak "buf" if its contents are unusedNalin Dahyabhai2013-08-271-0/+2
|
* Break out passwd-to-slapi_entry conversionNalin Dahyabhai2013-08-271-55/+70
| | | | | | Break out a backend_make_user_entry_from_nsswitch_passwd function for converting a passwd structure to an entry, and rename the helper for groups to match it.
* Free staged data correctly when locking failsNalin Dahyabhai2013-08-271-0/+2
|
* Don't leak ret if fopen() fails (static analysis)Nalin Dahyabhai2013-08-271-0/+1
|
* Don't use pamh before or after it's validNalin Dahyabhai2013-08-271-9/+23
| | | | | Don't use the PAM handle before it's initialized or after it's freed (static analysis).
* Log successful authentication at PLUGIN, not FATALNalin Dahyabhai2013-08-121-1/+1
| | | | | | The server's mainline code doesn't appear to log successful authentication beyond what already shows up in the access log, so we should probably behave ourselves.
* tag 0.48Nalin Dahyabhai2013-08-123-2/+11
|
* Add nsswitch and PAM testsNalin Dahyabhai2013-08-126-0/+577
|
* Finish PAM->LDAP mapping logging codeNalin Dahyabhai2013-08-121-15/+40
|
* Add support logic for wrappers.soNalin Dahyabhai2013-08-122-4/+30
| | | | | If a test includes "plugin-need-wrappers.txt", LD_PRELOAD wrappers.so if we built it, and set any variables which are listed in the text file.
* Add a function for attempting a simple-bind searchNalin Dahyabhai2013-08-121-1/+4
|
* Handle binds to compat entries without "uid"sNalin Dahyabhai2013-08-121-11/+35
| | | | | | | Use a dummy user name if the one we get passed is NULL, which happens when the bind target entry doesn't contain a "uid" attribute. Try to avoid a timing attack by calling into PAM anyway. Switch to just logging the detailed error information, and telling the client nothing.
* Always use normalized RDNs as map keysNalin Dahyabhai2013-08-121-2/+3
| | | | | | Always use normalized RDNs as map keys, so that we can be sure that a lookup using part of the DN will find the entry, even if it needed to be escaped and/or normalized to something else at some point.
* Shoehorn in some nsswitch wrappersNalin Dahyabhai2013-08-123-0/+584
|
* Only add extensibleObject if we have an SIDNalin Dahyabhai2013-08-121-1/+1
| | | | | | Make the addition of extensibleObject to the list of objectclasses conditional on there being a ipaNTSecurityIdentifier value in the source entry.
* Properly escape DNs of nsswitch-based entriesNalin Dahyabhai2013-08-121-15/+59
|
* Suppress some compiler warningsNalin Dahyabhai2013-08-121-0/+1
|
* Remove some unused variablesNalin Dahyabhai2013-08-122-6/+1
|
* Handle locking failuresNalin Dahyabhai2013-08-121-37/+64
| | | | Handle cases where we fail to acquire locks.
* Make notes of our staged nsswitch lookupsNalin Dahyabhai2013-08-121-0/+23
|
* Switch to tracking entry sources explicitlyNalin Dahyabhai2013-08-122-13/+2
| | | | | | Don't depend on a text attribute in a synthetic entry to tell us where it came from; just record it in the entry's backend_data and consult it directly later.
* Ensure that the grouplist entry array is initedNalin Dahyabhai2013-08-121-1/+1
| | | | | | When allocating the array for returning a list of group entries, use calloc() to ensure that the array is zero-filled, in case resizing it fails for some reason.
* Don't log "with closest match (null)"Nalin Dahyabhai2013-08-121-15/+14
| | | | | If we're sending a result, don't log that we're sending a closest match, even if it's "(null)", if we're not sending a closest match.
* Formatting, implicit NULL checksNalin Dahyabhai2013-08-121-4/+4
|
* Fix a type safety errorNalin Dahyabhai2013-08-121-1/+1
|
* Explicitly track the sources of cached entriesNalin Dahyabhai2013-08-122-7/+20
|
* Renames and fix a memory leakNalin Dahyabhai2013-08-123-55/+56
| | | | | | | | Rename backend_staged_data to backend_staged_search. Fix some formatting. Change how we walk the list of entries retrieved using a staged search so that if the map's been removed since the search was staged, we still free the temporary entry structures.
* Comment cleanupNalin Dahyabhai2013-08-121-7/+8
|
* Consolidate PAM error checking/handling/reportingNalin Dahyabhai2013-08-121-144/+108
| | | | | | | Don't bother to fetch the full set of request controls, since we don't do anything with them. Merge what's left of backend_sch_do_pam_auth() and do_pam_auth(). Separate the concoct-an-error-message logic out into a helper that we call after both pam_authenticate() and pam_acct_mgmt().
* Compare object class names in bervals correctlyNalin Dahyabhai2013-08-121-3/+21
| | | | | Avoid possibly getting thrown by searches where a specified object class is a prefix of one that we're looking for.
* Collapse a pair of blank linesNalin Dahyabhai2013-08-121-1/+0
|
* Explicitly require the new featuresNalin Dahyabhai2013-08-121-3/+11
| | | | Make Fedora builds hard-require the newly-added features.
* Make --with-pam-service a build-time optionNalin Dahyabhai2013-08-072-1/+9
|
* Build using sss_nss_idmap/PAM CFLAGS, tooNalin Dahyabhai2013-08-071-0/+3
|
* Indentation tweakNalin Dahyabhai2013-08-071-3/+3
|
* Notice when read locks failNalin Dahyabhai2013-08-071-24/+50
| | | | | When we fail to obtain a read lock on the data, attempt to fail the operation, so that it can be retried later.
generated by cgit (git 2.34.1) at 2024-05-03 00:29:22 +0000