Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Omit an unnecessary switch case | Nalin Dahyabhai | 2013-08-27 | 1 | -2/+0 | |
| | ||||||
* | Don't make an unnecessary check | Nalin Dahyabhai | 2013-08-27 | 1 | -1/+1 | |
| | ||||||
* | Skip values that are going to come up empty | Nalin Dahyabhai | 2013-08-27 | 1 | -0/+3 | |
| | ||||||
* | Handle fopen() failures | Nalin Dahyabhai | 2013-08-27 | 1 | -1/+1 | |
| | ||||||
* | Sanity check the request size correctly | Nalin Dahyabhai | 2013-08-27 | 1 | -3/+4 | |
| | | | | | Use the amount of data that we could have read as the upper bound on reasonable-looking request lengths. | |||||
* | Make sure that length is always initialized | Nalin Dahyabhai | 2013-08-27 | 1 | -0/+1 | |
| | ||||||
* | Fix a missing xdr_free() | Nalin Dahyabhai | 2013-08-27 | 1 | -1/+1 | |
| | ||||||
* | Directly return lists when making single queries | Nalin Dahyabhai | 2013-08-27 | 1 | -35/+42 | |
| | ||||||
* | Don't leak "buf" if its contents are unused | Nalin Dahyabhai | 2013-08-27 | 1 | -0/+2 | |
| | ||||||
* | Break out passwd-to-slapi_entry conversion | Nalin Dahyabhai | 2013-08-27 | 1 | -55/+70 | |
| | | | | | | Break out a backend_make_user_entry_from_nsswitch_passwd function for converting a passwd structure to an entry, and rename the helper for groups to match it. | |||||
* | Free staged data correctly when locking fails | Nalin Dahyabhai | 2013-08-27 | 1 | -0/+2 | |
| | ||||||
* | Don't leak ret if fopen() fails (static analysis) | Nalin Dahyabhai | 2013-08-27 | 1 | -0/+1 | |
| | ||||||
* | Don't use pamh before or after it's valid | Nalin Dahyabhai | 2013-08-27 | 1 | -9/+23 | |
| | | | | | Don't use the PAM handle before it's initialized or after it's freed (static analysis). | |||||
* | Log successful authentication at PLUGIN, not FATAL | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+1 | |
| | | | | | | The server's mainline code doesn't appear to log successful authentication beyond what already shows up in the access log, so we should probably behave ourselves. | |||||
* | tag 0.48 | Nalin Dahyabhai | 2013-08-12 | 3 | -2/+11 | |
| | ||||||
* | Add nsswitch and PAM tests | Nalin Dahyabhai | 2013-08-12 | 6 | -0/+577 | |
| | ||||||
* | Finish PAM->LDAP mapping logging code | Nalin Dahyabhai | 2013-08-12 | 1 | -15/+40 | |
| | ||||||
* | Add support logic for wrappers.so | Nalin Dahyabhai | 2013-08-12 | 2 | -4/+30 | |
| | | | | | If a test includes "plugin-need-wrappers.txt", LD_PRELOAD wrappers.so if we built it, and set any variables which are listed in the text file. | |||||
* | Add a function for attempting a simple-bind search | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+4 | |
| | ||||||
* | Handle binds to compat entries without "uid"s | Nalin Dahyabhai | 2013-08-12 | 1 | -11/+35 | |
| | | | | | | | Use a dummy user name if the one we get passed is NULL, which happens when the bind target entry doesn't contain a "uid" attribute. Try to avoid a timing attack by calling into PAM anyway. Switch to just logging the detailed error information, and telling the client nothing. | |||||
* | Always use normalized RDNs as map keys | Nalin Dahyabhai | 2013-08-12 | 1 | -2/+3 | |
| | | | | | | Always use normalized RDNs as map keys, so that we can be sure that a lookup using part of the DN will find the entry, even if it needed to be escaped and/or normalized to something else at some point. | |||||
* | Shoehorn in some nsswitch wrappers | Nalin Dahyabhai | 2013-08-12 | 3 | -0/+584 | |
| | ||||||
* | Only add extensibleObject if we have an SID | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+1 | |
| | | | | | | Make the addition of extensibleObject to the list of objectclasses conditional on there being a ipaNTSecurityIdentifier value in the source entry. | |||||
* | Properly escape DNs of nsswitch-based entries | Nalin Dahyabhai | 2013-08-12 | 1 | -15/+59 | |
| | ||||||
* | Suppress some compiler warnings | Nalin Dahyabhai | 2013-08-12 | 1 | -0/+1 | |
| | ||||||
* | Remove some unused variables | Nalin Dahyabhai | 2013-08-12 | 2 | -6/+1 | |
| | ||||||
* | Handle locking failures | Nalin Dahyabhai | 2013-08-12 | 1 | -37/+64 | |
| | | | | Handle cases where we fail to acquire locks. | |||||
* | Make notes of our staged nsswitch lookups | Nalin Dahyabhai | 2013-08-12 | 1 | -0/+23 | |
| | ||||||
* | Switch to tracking entry sources explicitly | Nalin Dahyabhai | 2013-08-12 | 2 | -13/+2 | |
| | | | | | | Don't depend on a text attribute in a synthetic entry to tell us where it came from; just record it in the entry's backend_data and consult it directly later. | |||||
* | Ensure that the grouplist entry array is inited | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+1 | |
| | | | | | | When allocating the array for returning a list of group entries, use calloc() to ensure that the array is zero-filled, in case resizing it fails for some reason. | |||||
* | Don't log "with closest match (null)" | Nalin Dahyabhai | 2013-08-12 | 1 | -15/+14 | |
| | | | | | If we're sending a result, don't log that we're sending a closest match, even if it's "(null)", if we're not sending a closest match. | |||||
* | Formatting, implicit NULL checks | Nalin Dahyabhai | 2013-08-12 | 1 | -4/+4 | |
| | ||||||
* | Fix a type safety error | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+1 | |
| | ||||||
* | Explicitly track the sources of cached entries | Nalin Dahyabhai | 2013-08-12 | 2 | -7/+20 | |
| | ||||||
* | Renames and fix a memory leak | Nalin Dahyabhai | 2013-08-12 | 3 | -55/+56 | |
| | | | | | | | | Rename backend_staged_data to backend_staged_search. Fix some formatting. Change how we walk the list of entries retrieved using a staged search so that if the map's been removed since the search was staged, we still free the temporary entry structures. | |||||
* | Comment cleanup | Nalin Dahyabhai | 2013-08-12 | 1 | -7/+8 | |
| | ||||||
* | Consolidate PAM error checking/handling/reporting | Nalin Dahyabhai | 2013-08-12 | 1 | -144/+108 | |
| | | | | | | | Don't bother to fetch the full set of request controls, since we don't do anything with them. Merge what's left of backend_sch_do_pam_auth() and do_pam_auth(). Separate the concoct-an-error-message logic out into a helper that we call after both pam_authenticate() and pam_acct_mgmt(). | |||||
* | Compare object class names in bervals correctly | Nalin Dahyabhai | 2013-08-12 | 1 | -3/+21 | |
| | | | | | Avoid possibly getting thrown by searches where a specified object class is a prefix of one that we're looking for. | |||||
* | Collapse a pair of blank lines | Nalin Dahyabhai | 2013-08-12 | 1 | -1/+0 | |
| | ||||||
* | Explicitly require the new features | Nalin Dahyabhai | 2013-08-12 | 1 | -3/+11 | |
| | | | | Make Fedora builds hard-require the newly-added features. | |||||
* | Make --with-pam-service a build-time option | Nalin Dahyabhai | 2013-08-07 | 2 | -1/+9 | |
| | ||||||
* | Build using sss_nss_idmap/PAM CFLAGS, too | Nalin Dahyabhai | 2013-08-07 | 1 | -0/+3 | |
| | ||||||
* | Indentation tweak | Nalin Dahyabhai | 2013-08-07 | 1 | -3/+3 | |
| | ||||||
* | Notice when read locks fail | Nalin Dahyabhai | 2013-08-07 | 1 | -24/+50 | |
| | | | | | When we fail to obtain a read lock on the data, attempt to fail the operation, so that it can be retried later. | |||||
* | Notice when we fail to write lock | Nalin Dahyabhai | 2013-08-07 | 1 | -6/+45 | |
| | | | | | | When we fail to write-lock our cache, cancel our update attempt. We'll fall out of sync with the real data, but for now at least, that's better than completely hosing the cache by updating it without the lock. | |||||
* | Check if we fail to read-lock | Nalin Dahyabhai | 2013-08-07 | 1 | -8/+75 | |
| | | | | | If we fail to get a read lock on the data, fail to answer the client's NIS request. | |||||
* | Remember that locking can fail | Nalin Dahyabhai | 2013-08-07 | 4 | -21/+24 | |
| | | | | | The SLAPI and pthread rwlock functions, unlike the NSPR versions, return result codes which can indicate failure. So don't throw them away. | |||||
* | Tag 0.47.7 | Nalin Dahyabhai | 2013-08-07 | 3 | -2/+9 | |
| | ||||||
* | Avoid slapi_escape_filter_value(), which is fresh | Nalin Dahyabhai | 2013-08-07 | 1 | -4/+4 | |
| | | | | | | | Avoid using slapi_escape_filter_value(), which is newer than the versions of directory server which we find in EL6, which leads to an unresolvable symbol error if/when we try to call it at run-time, taking down the server. | |||||
* | Doc updates, tag 0.47.6. | Nalin Dahyabhai | 2013-08-07 | 3 | -4/+16 | |
| |