nss-pam-ldapd branch master updated. 0.9.0-48-g44a38eb

[Date Prev][Date Next] [Thread Prev][Thread Next]
From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd branch master updated. 0.9.0-48-g44a38eb
Date: Sun, 18 Aug 2013 19:22:54 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  44a38eba72a454530a0b42425c860b949a5615fa (commit)
       via  d8637bb0a3079746b98548886f52bebf30588453 (commit)
       via  13d31b77de7d1cb53529b475f1fe1eba51209054 (commit)
       via  7e90541014410ebf8fa67e1a71c0dab5229253c3 (commit)
       via  724a75ff167ccbafe11b879f05310cc525f88093 (commit)
      from  882f7be5360fa94db9c65607b0ee6925aa4f2f56 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=44a38eba72a454530a0b42425c860b949a5615fa

commit 44a38eba72a454530a0b42425c860b949a5615fa
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Aug 18 19:18:55 2013 +0200

    Small fix in NEW_AUTHTOK_REQD handling
    
    There is a potential memory leak if the old password is saved multiple
    times. Furthermore, PAM_NEW_AUTHTOK_REQD is only allowed as a result of
    the authorisation phase, not the authentication phase so there is no use
    in checking.

diff --git a/pam/pam.c b/pam/pam.c
index 5976e6a..5898ae1 100644
--- a/pam/pam.c
+++ b/pam/pam.c
@@ -503,7 +503,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
   if (cfg.debug)
     pam_syslog(pamh, LOG_DEBUG, "authentication succeeded");
   /* if password change is required, save old password in context */
-  if ((resp.res == PAM_NEW_AUTHTOK_REQD) || (ctx->saved_authz.res == 
PAM_NEW_AUTHTOK_REQD))
+  if ((ctx->saved_authz.res == PAM_NEW_AUTHTOK_REQD) && (ctx->oldpassword == 
NULL))
     ctx->oldpassword = strdup(passwd);
   /* update caller's idea of the user name */
   if ((resp.msg[0] != '\0') && (strcmp(resp.msg, username) != 0))

http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=d8637bb0a3079746b98548886f52bebf30588453

commit d8637bb0a3079746b98548886f52bebf30588453
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Aug 18 17:32:04 2013 +0200

    Fix rootpwmodpw handling in pynslcd

diff --git a/pynslcd/pam.py b/pynslcd/pam.py
index 3a3d55d..43d6a91 100644
--- a/pynslcd/pam.py
+++ b/pynslcd/pam.py
@@ -285,8 +285,8 @@ class PAMPasswordModificationRequest(PAMRequest):
         if parameters['asroot']:
             binddn = cfg.rootpwmoddn
             # check if rootpwmodpw should be used
-            if not parameters['oldpassword'] and self.calleruid == 0 and 
cfg.rootpwmoddn:
-                password = cfg.rootpwmoddn
+            if not parameters['oldpassword'] and self.calleruid == 0 and 
cfg.rootpwmodpw:
+                password = cfg.rootpwmodpw
             elif parameters['oldpassword']:
                 password = parameters['oldpassword']
             else:

http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=13d31b77de7d1cb53529b475f1fe1eba51209054

commit 13d31b77de7d1cb53529b475f1fe1eba51209054
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Aug 18 17:31:31 2013 +0200

    Fix not logging passwords in pynslcd (7108b1f)

diff --git a/pynslcd/common.py b/pynslcd/common.py
index df2a644..97899ad 100644
--- a/pynslcd/common.py
+++ b/pynslcd/common.py
@@ -115,7 +115,7 @@ class Request(object):
         parameters = dict(parameters)
         for param in ('password', 'oldpassword', 'newpassword'):
             if parameters.get(param):
-                parameters['param'] = '***'
+                parameters[param] = '***'
         logging.debug('%s(%r)', self.__class__.__name__, parameters)
 
     def __call__(self):

http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7e90541014410ebf8fa67e1a71c0dab5229253c3

commit 7e90541014410ebf8fa67e1a71c0dab5229253c3
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Aug 18 17:25:28 2013 +0200

    Update files from test environment

diff --git a/tests/nslcd-test.conf b/tests/nslcd-test.conf
index d3430da..3a83bd0 100644
--- a/tests/nslcd-test.conf
+++ b/tests/nslcd-test.conf
@@ -5,24 +5,29 @@
 # The location at which the LDAP server(s) should be reachable.
 uri ldap://127.0.0.1/
 
-# The search base that will be used for all queries.
-base dc=test,dc=tld
-
-# The LDAP protocol version to use.
-#ldap_version 3
-
 # The DN to bind with for normal lookups.
 #binddn cn=annonymous,dc=example,dc=net
 #bindpw *removed*
 
-# The search scope.
-#scope sub
-
-# The number of answers to request in a single search.
-#pagesize 100
+# credentials for modifications
+rootpwmoddn cn=admin,dc=test,dc=tld
+rootpwmodpw test
 
 # The timeout for network operations.
 timelimit 2
 bind_timelimit 4
 reconnect_sleeptime 4
 reconnect_retrytime 10
+
+# The search bases that will be used
+base dc=test,dc=tld
+base passwd ou=people,dc=test,dc=tld
+base shadow ou=people,dc=test,dc=tld
+base group ou=groups,dc=test,dc=tld
+
+# support nested groups and groupOfNames
+filter group (|(objectClass=posixGroup)(objectClass=groupOfNames))
+nss_nested_groups on
+
+# invalidate caches on reconnect
+reconnect_invalidate passwd,group,nfsidmap
diff --git a/tests/test.ldif b/tests/test.ldif
index f8a8b82..3e50487 100644
--- a/tests/test.ldif
+++ b/tests/test.ldif
@@ -22,9 +22,9 @@ entryUUID: 3a042f10-7031-102c-8abf-e7971ee3e994
 creatorsName:
 createTimestamp: 20080215164557Z
 userPassword:: e1NTSEF9YVY0NmREb0ZqNk1uaklvTnJXR2htYnVHamFaa2J3YUE=
-entryCSN: 20100108211946.865226Z#000000#000#000000
-modifiersName: cn=admin,dc=test,dc=tld
-modifyTimestamp: 20100108211946Z
+entryCSN: 20130728180631.658724Z#000000#000#000000
+modifiersName:
+modifyTimestamp: 20130728180631Z
 
 dn: ou=people,dc=test,dc=tld
 objectClass: top
@@ -53428,11 +53428,6 @@ modifyTimestamp: 20080215164610Z
 entryCSN: 20080215164610.377224Z#000000#000#000000
 
 dn: uid=ecolden,ou=lotsofpeople,dc=test,dc=tld
-objectClass: top
-objectClass: posixAccount
-objectClass: shadowAccount
-objectClass: person
-objectClass: inetOrgPerson
 uid: ecolden
 uidNumber: 5972
 gidNumber: 1000
@@ -53444,15 +53439,20 @@ gecos: Estelle Colden
 shadowWarning: 7
 shadowInactive: 2
 shadowLastChange: 12302
-userPassword:: e1NNRDV9TnpXMUMwVWV2ZGpkOUFWcXhNN1g2L3B4dXowPQ==
 loginShell: /bin/bash
 structuralObjectClass: inetOrgPerson
 entryUUID: 416fdcea-7031-102c-927f-e7971ee3e994
 creatorsName:
-modifiersName:
 createTimestamp: 20080215164610Z
-modifyTimestamp: 20080215164610Z
-entryCSN: 20080215164610.382725Z#000000#000#000000
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: person
+objectClass: inetOrgPerson
+userPassword:: e0NSWVBUfWt2aG8xRXlxR25CZEU=
+entryCSN: 20121122212849.394124Z#000000#000#000000
+modifiersName: cn=admin,dc=test,dc=tld
+modifyTimestamp: 20121122212849Z
 
 dn: cn=Veronica Sefcovic+uid=vsefcovic,ou=lotsofpeople,dc=test,dc=tld
 objectClass: top
@@ -53995,19 +53995,10 @@ modifyTimestamp: 20080215164610Z
 entryCSN: 20080215164610.501209Z#000000#000#000000
 
 dn: uid=lgutenberg,ou=lotsofpeople,dc=test,dc=tld
-objectClass: top
-objectClass: posixAccount
-objectClass: shadowAccount
-objectClass: person
-objectClass: inetOrgPerson
 uid: lgutenberg
 uidNumber: 5993
 gidNumber: 1000
 givenName: Loke
-sn: Gutenberg
-cn: Loke Gutenberg
-homeDirectory: /home/lgutenberg
-gecos: Loke Gutenberg
 shadowWarning: 7
 shadowInactive: 2
 shadowLastChange: 12302
@@ -54016,10 +54007,19 @@ loginShell: /bin/bash
 structuralObjectClass: inetOrgPerson
 entryUUID: 418327e6-7031-102c-9294-e7971ee3e994
 creatorsName:
-modifiersName:
 createTimestamp: 20080215164610Z
-modifyTimestamp: 20080215164610Z
-entryCSN: 20080215164610.509163Z#000000#000#000000
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: person
+objectClass: inetOrgPerson
+cn: Loke GutenberC
+homeDirectory: /home/lgutenberH
+gecos: Loke GutenberG
+sn: GutenberG
+entryCSN: 20120914220036.671368Z#000000#000#000000
+modifiersName: cn=admin,dc=test,dc=tld
+modifyTimestamp: 20120914220036Z
 
 dn: uid=fsumrall,ou=lotsofpeople,dc=test,dc=tld
 objectClass: top
@@ -54187,9 +54187,7 @@ dn: uid=arthur,ou=people,dc=test,dc=tld
 uid: arthur
 gidNumber: 100
 givenName: Arthur
-cn: Arthur de Jong
 homeDirectory: /home/arthur
-gecos: Arthur de Jong
 trustModel: fullaccess
 sambaLMPassword: 25ABFCD2391656AFEDCB213712461263
 sambaNTPassword: 7213BCD02736ABC64564ABCDFF766DE3
@@ -54198,7 +54196,6 @@ sambaSID: S-1-5-21-2656270644-2771678393-2525940785-3000
 sambaPwdLastSet: 2043613290
 sambaPwdMustChange: 3043613290
 sambaAcctFlags: [UX         ]
-loginShell: /bin/bash
 sn: de Jong
 description: rarthur
 structuralObjectClass: inetOrgPerson
@@ -54210,8 +54207,6 @@ shadowInactive: 2
 uidNumber: 1000
 title:: c3V4AAA=
 title: su
-userPassword:: e1NTSEF9cFZuV0podUFoWkVITDRwWU15L0thejFUcVJxdFY3YXQ=
-shadowLastChange: 14302
 labeledURI: http://arthurdejong.org/ Arthur's homepage
 mail: arthur@arthurdejong.org
 objectClass: top
@@ -54222,9 +54217,25 @@ objectClass: organizationalPerson
 objectClass: inetOrgPerson
 objectClass: trustAccount
 objectClass: sambaSamAccount
-entryCSN: 20110306150217.133434Z#000000#000#000000
+cn: Arthur de Jong
+gecos: Arthur de Jong
+pwdHistory: 20121231162542Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}X8X9Wv1aiFh
+ XaU26Zjw+frJK3ideCxbK
+pwdHistory: 20121231171205Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}QtBGll2tgRG
+ QHEFlfbKZmp5jAbwjP5CB
+pwdHistory: 20121231171242Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}qDaO+b09SW4
+ lgLPA9L6NcwWaetfwvfJf
+pwdHistory: 20121231171823Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}FHMVCFxHLQ/
+ 6Jm9PVaP5xcMj8nIjdv6k
+pwdHistory: 20130101190306Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}YeTgVbD8nP8
+ fuHbc1jLtgbI7b+2xT0DL
+loginShell: /bin/bash
+userPassword:: e1NTSEF9RWJ0Qm1vWWhtcXM1RExuYTlpa29TWmRBcWNCbG1NNXc=
+pwdChangedTime: 20130818152331Z
+shadowLastChange: 15935
+entryCSN: 20130818152331.602207Z#000000#000#000000
 modifiersName: cn=admin,dc=test,dc=tld
-modifyTimestamp: 20110306150217Z
+modifyTimestamp: 20130818152331Z
 
 dn: cn=Test User3,ou=extra,ou=people,dc=test,dc=tld
 objectClass: top
@@ -55903,12 +55914,12 @@ pwdMinAge: 1
 pwdGraceAuthNLimit: 10
 pwdLockoutDuration: 30
 pwdMustChange: TRUE
-pwdExpireWarning: 600
-pwdMaxAge: 660
 pwdInHistory: 0
-entryCSN: 20130106105309.705361Z#000000#000#000000
+pwdExpireWarning: 600000
+pwdMaxAge: 660000
+entryCSN: 20130330211902.764111Z#000000#000#000000
 modifiersName: cn=admin,dc=test,dc=tld
-modifyTimestamp: 20130106105309Z
+modifyTimestamp: 20130330211902Z
 
 dn:: Y2495Y+v5piv5b2T6L+Z5LiqVeebmOWcqCxvdT1wZW9wbGUsZGM9dGVzdCxkYz10bGQ=
 uid: tstchinese

http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=724a75ff167ccbafe11b879f05310cc525f88093

commit 724a75ff167ccbafe11b879f05310cc525f88093
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Mon Jul 29 23:13:18 2013 +0200

    Improve error and help output of getent command

diff --git a/utils/getent.py b/utils/getent.py
index d662272..039a48c 100755
--- a/utils/getent.py
+++ b/utils/getent.py
@@ -31,15 +31,25 @@ import constants
 from nslcd import NslcdClient
 
 
+epilog = '''
+supported databases:
+  aliases, ethers, group, group.bymember, hosts, hostsv4, hostsv6,
+  netgroup, netgroup.norec, networks, networksv4, networksv6, passwd,
+  protocols, rpc, services, shadow
+
+Report bugs to <%s>.
+'''.strip() % constants.PACKAGE_BUGREPORT
+
 # set up command line parser
 parser = argparse.ArgumentParser(
-    description='Query information in LDAP.',
-    epilog='Report bugs to <%s>.' % constants.PACKAGE_BUGREPORT)
+    formatter_class=argparse.RawDescriptionHelpFormatter,
+    description='Query information in LDAP via nslcd.',
+    epilog=epilog)
 parser.add_argument('-V', '--version', action=VersionAction)
 parser.add_argument('database', metavar='DATABASE',
-                    help='any of those supported by nslcd')
+                    help='any database supported by nslcd')
 parser.add_argument('key', metavar='KEY', nargs='?',
-                    help='information to lookup')
+                    help='filter returned database values by key')
 
 
 def getent_aliases(database, key=None):
@@ -339,5 +349,5 @@ if __name__ == '__main__':
         else:
             parser.error('Unknown database: %s' % args.database)
     except struct.error:
-        print 'Problem contacting nslcd'
+        print 'Problem communicating with nslcd'
         sys.exit(1)

-----------------------------------------------------------------------

Summary of changes:
 pam/pam.c             |    2 +-
 pynslcd/common.py     |    2 +-
 pynslcd/pam.py        |    4 +--
 tests/nslcd-test.conf |   27 ++++++++++-------
 tests/test.ldif       |   81 ++++++++++++++++++++++++++++---------------------
 utils/getent.py       |   20 +++++++++---
 6 files changed, 81 insertions(+), 55 deletions(-)


hooks/post-receive
-- 
nss-pam-ldapd
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/
nss-pam-ldapd branch master updated. 0.9.0-48-g44a38eb, Commits of the nss-pam-ldapd project
Prev by Date: nss-pam-ldapd branch master updated. 0.9.0-43-g882f7be
Next by Date: nss-pam-ldapd branch master updated. 0.9.0-49-g34365b4
Previous by thread: nss-pam-ldapd branch master updated. 0.9.0-43-g882f7be
Next by thread: nss-pam-ldapd branch master updated. 0.9.0-49-g34365b4