summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Omit an unnecessary switch caseNalin Dahyabhai2013-08-271-2/+0
|
* Don't make an unnecessary checkNalin Dahyabhai2013-08-271-1/+1
|
* Skip values that are going to come up emptyNalin Dahyabhai2013-08-271-0/+3
|
* Handle fopen() failuresNalin Dahyabhai2013-08-271-1/+1
|
* Sanity check the request size correctlyNalin Dahyabhai2013-08-271-3/+4
| | | | | Use the amount of data that we could have read as the upper bound on reasonable-looking request lengths.
* Make sure that length is always initializedNalin Dahyabhai2013-08-271-0/+1
|
* Fix a missing xdr_free()Nalin Dahyabhai2013-08-271-1/+1
|
* Directly return lists when making single queriesNalin Dahyabhai2013-08-271-35/+42
|
* Don't leak "buf" if its contents are unusedNalin Dahyabhai2013-08-271-0/+2
|
* Break out passwd-to-slapi_entry conversionNalin Dahyabhai2013-08-271-55/+70
| | | | | | Break out a backend_make_user_entry_from_nsswitch_passwd function for converting a passwd structure to an entry, and rename the helper for groups to match it.
* Free staged data correctly when locking failsNalin Dahyabhai2013-08-271-0/+2
|
* Don't leak ret if fopen() fails (static analysis)Nalin Dahyabhai2013-08-271-0/+1
|
* Don't use pamh before or after it's validNalin Dahyabhai2013-08-271-9/+23
| | | | | Don't use the PAM handle before it's initialized or after it's freed (static analysis).
* Log successful authentication at PLUGIN, not FATALNalin Dahyabhai2013-08-121-1/+1
| | | | | | The server's mainline code doesn't appear to log successful authentication beyond what already shows up in the access log, so we should probably behave ourselves.
* tag 0.48Nalin Dahyabhai2013-08-123-2/+11
|
* Add nsswitch and PAM testsNalin Dahyabhai2013-08-126-0/+577
|
* Finish PAM->LDAP mapping logging codeNalin Dahyabhai2013-08-121-15/+40
|
* Add support logic for wrappers.soNalin Dahyabhai2013-08-122-4/+30
| | | | | If a test includes "plugin-need-wrappers.txt", LD_PRELOAD wrappers.so if we built it, and set any variables which are listed in the text file.
* Add a function for attempting a simple-bind searchNalin Dahyabhai2013-08-121-1/+4
|
* Handle binds to compat entries without "uid"sNalin Dahyabhai2013-08-121-11/+35
| | | | | | | Use a dummy user name if the one we get passed is NULL, which happens when the bind target entry doesn't contain a "uid" attribute. Try to avoid a timing attack by calling into PAM anyway. Switch to just logging the detailed error information, and telling the client nothing.
* Always use normalized RDNs as map keysNalin Dahyabhai2013-08-121-2/+3
| | | | | | Always use normalized RDNs as map keys, so that we can be sure that a lookup using part of the DN will find the entry, even if it needed to be escaped and/or normalized to something else at some point.
* Shoehorn in some nsswitch wrappersNalin Dahyabhai2013-08-123-0/+584
|
* Only add extensibleObject if we have an SIDNalin Dahyabhai2013-08-121-1/+1
| | | | | | Make the addition of extensibleObject to the list of objectclasses conditional on there being a ipaNTSecurityIdentifier value in the source entry.
* Properly escape DNs of nsswitch-based entriesNalin Dahyabhai2013-08-121-15/+59
|
* Suppress some compiler warningsNalin Dahyabhai2013-08-121-0/+1
|
* Remove some unused variablesNalin Dahyabhai2013-08-122-6/+1
|
* Handle locking failuresNalin Dahyabhai2013-08-121-37/+64
| | | | Handle cases where we fail to acquire locks.
* Make notes of our staged nsswitch lookupsNalin Dahyabhai2013-08-121-0/+23
|
* Switch to tracking entry sources explicitlyNalin Dahyabhai2013-08-122-13/+2
| | | | | | Don't depend on a text attribute in a synthetic entry to tell us where it came from; just record it in the entry's backend_data and consult it directly later.
* Ensure that the grouplist entry array is initedNalin Dahyabhai2013-08-121-1/+1
| | | | | | When allocating the array for returning a list of group entries, use calloc() to ensure that the array is zero-filled, in case resizing it fails for some reason.
* Don't log "with closest match (null)"Nalin Dahyabhai2013-08-121-15/+14
| | | | | If we're sending a result, don't log that we're sending a closest match, even if it's "(null)", if we're not sending a closest match.
* Formatting, implicit NULL checksNalin Dahyabhai2013-08-121-4/+4
|
* Fix a type safety errorNalin Dahyabhai2013-08-121-1/+1
|
* Explicitly track the sources of cached entriesNalin Dahyabhai2013-08-122-7/+20
|
* Renames and fix a memory leakNalin Dahyabhai2013-08-123-55/+56
| | | | | | | | Rename backend_staged_data to backend_staged_search. Fix some formatting. Change how we walk the list of entries retrieved using a staged search so that if the map's been removed since the search was staged, we still free the temporary entry structures.
* Comment cleanupNalin Dahyabhai2013-08-121-7/+8
|
* Consolidate PAM error checking/handling/reportingNalin Dahyabhai2013-08-121-144/+108
| | | | | | | Don't bother to fetch the full set of request controls, since we don't do anything with them. Merge what's left of backend_sch_do_pam_auth() and do_pam_auth(). Separate the concoct-an-error-message logic out into a helper that we call after both pam_authenticate() and pam_acct_mgmt().
* Compare object class names in bervals correctlyNalin Dahyabhai2013-08-121-3/+21
| | | | | Avoid possibly getting thrown by searches where a specified object class is a prefix of one that we're looking for.
* Collapse a pair of blank linesNalin Dahyabhai2013-08-121-1/+0
|
* Explicitly require the new featuresNalin Dahyabhai2013-08-121-3/+11
| | | | Make Fedora builds hard-require the newly-added features.
* Make --with-pam-service a build-time optionNalin Dahyabhai2013-08-072-1/+9
|
* Build using sss_nss_idmap/PAM CFLAGS, tooNalin Dahyabhai2013-08-071-0/+3
|
* Indentation tweakNalin Dahyabhai2013-08-071-3/+3
|
* Notice when read locks failNalin Dahyabhai2013-08-071-24/+50
| | | | | When we fail to obtain a read lock on the data, attempt to fail the operation, so that it can be retried later.
* Notice when we fail to write lockNalin Dahyabhai2013-08-071-6/+45
| | | | | | When we fail to write-lock our cache, cancel our update attempt. We'll fall out of sync with the real data, but for now at least, that's better than completely hosing the cache by updating it without the lock.
* Check if we fail to read-lockNalin Dahyabhai2013-08-071-8/+75
| | | | | If we fail to get a read lock on the data, fail to answer the client's NIS request.
* Remember that locking can failNalin Dahyabhai2013-08-074-21/+24
| | | | | The SLAPI and pthread rwlock functions, unlike the NSPR versions, return result codes which can indicate failure. So don't throw them away.
* Tag 0.47.7Nalin Dahyabhai2013-08-073-2/+9
|
* Avoid slapi_escape_filter_value(), which is freshNalin Dahyabhai2013-08-071-4/+4
| | | | | | | Avoid using slapi_escape_filter_value(), which is newer than the versions of directory server which we find in EL6, which leads to an unresolvable symbol error if/when we try to call it at run-time, taking down the server.
* Doc updates, tag 0.47.6.Nalin Dahyabhai2013-08-073-4/+16
|
generated by cgit (git 2.34.1) at 2024-05-18 09:00:54 +0000