nss-pam-ldapd branch master updated. 0.9.3-4-g2274b41
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd branch master updated. 0.9.3-4-g2274b41
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd branch master updated. 0.9.3-4-g2274b41
- Date: Sun, 4 May 2014 14:58:08 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".
The branch, master has been updated
via 2274b41dcb6bbb2557ab0e4358a11f1d54da12d7 (commit)
via 15fc13ce31cd6455d7c64089425da795da5d51d2 (commit)
via f9878913604c197a214b78f26782efd245237dda (commit)
from 119cebf22916caacf31d8a3756740da682de7d6a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=2274b41dcb6bbb2557ab0e4358a11f1d54da12d7
commit 2274b41dcb6bbb2557ab0e4358a11f1d54da12d7
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun May 4 14:38:02 2014 +0200
Make buffer size error logging consistent
This adds logging of most cases where a defined buffer is not large
enough to hold provided data on error log level.
diff --git a/nslcd/alias.c b/nslcd/alias.c
index 3603c35..7d6b978 100644
--- a/nslcd/alias.c
+++ b/nslcd/alias.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -67,7 +67,10 @@ static int mkfilter_alias_byname(const char *name,
char safename[BUFLEN_SAFENAME];
/* escape attribute */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_alias_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
alias_filter, attmap_alias_cn, safename);
diff --git a/nslcd/attmap.c b/nslcd/attmap.c
index 1911273..11d730b 100644
--- a/nslcd/attmap.c
+++ b/nslcd/attmap.c
@@ -274,6 +274,12 @@ const char *attmap_get_value(MYLDAP_ENTRY *entry, const
char *attr,
values = myldap_get_values(entry, attr);
if ((values == NULL) || (values[0] == NULL))
return NULL;
+ if (strlen(values[0]) >= buflen)
+ {
+ log_log(LOG_ERR, "attmap_get_value(): buffer too small (%d required)",
+ strlen(values[0]));
+ return NULL;
+ }
strncpy(buffer, values[0], buflen);
buffer[buflen - 1] = '\0';
return buffer;
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index e1857d5..1d99962 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2007 West Consulting
- Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2007-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -455,14 +455,24 @@ static void add_uris_from_dns(const char *filename, int
lnr,
if ((strlen(hostlist) > 4) && (strcmp(hostlist + strlen(hostlist) - 4,
":636") == 0))
{
hostlist[strlen(hostlist) - 4] = '\0';
- mysnprintf(buf, sizeof(buf), "ldaps://%s", hostlist);
+ if (mysnprintf(buf, sizeof(buf), "ldaps://%s", hostlist))
+ {
+ log_log(LOG_ERR, "add_uris_from_dns(): buf buffer too small (%d
required)",
+ strlen(hostlist) + 8);
+ exit(EXIT_FAILURE);
+ }
}
else
{
/* strip default port number */
if ((strlen(hostlist) > 4) && (strcmp(hostlist + strlen(hostlist) - 4,
":389") == 0))
hostlist[strlen(hostlist) - 4] = '\0';
- mysnprintf(buf, sizeof(buf), "ldap://%s", hostlist);
+ if (mysnprintf(buf, sizeof(buf), "ldap://%s", hostlist))
+ {
+ log_log(LOG_ERR, "add_uris_from_dns(): buf buffer too small (%d
required)",
+ strlen(hostlist) + 7);
+ exit(EXIT_FAILURE);
+ }
}
log_log(LOG_DEBUG, "add_uris_from_dns(): found uri: %s", buf);
add_uri(filename, lnr, cfg, buf);
diff --git a/nslcd/common.h b/nslcd/common.h
index e8b6924..7c3ea1d 100644
--- a/nslcd/common.h
+++ b/nslcd/common.h
@@ -55,7 +55,7 @@
return -1;
#define ERROR_OUT_BUFERROR(fp) \
- log_log(LOG_WARNING, "client supplied argument %d bytes too large", \
+ log_log(LOG_ERR, "client supplied argument %d bytes too large", \
tmpint32); \
return -1;
@@ -279,7 +279,7 @@ int nslcd_usermod(TFILE *fp, MYLDAP_SESSION *session, uid_t
calleruid);
/* prepare the search filter */ \
if (mkfilter) \
{ \
- log_log(LOG_WARNING, "nslcd_" __STRING(db) "_" __STRING(fn) \
+ log_log(LOG_ERR, "nslcd_" __STRING(db) "_" __STRING(fn) \
"(): filter buffer too small"); \
return -1; \
} \
diff --git a/nslcd/ether.c b/nslcd/ether.c
index b1bd21a..ff61dd2 100644
--- a/nslcd/ether.c
+++ b/nslcd/ether.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -69,7 +69,10 @@ static int mkfilter_ether_byname(const char *name,
char safename[BUFLEN_HOSTNAME];
/* escape attribute */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_ether_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
ether_filter, attmap_ether_cn, safename);
diff --git a/nslcd/group.c b/nslcd/group.c
index 390e398..d7dfe42 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -94,7 +94,10 @@ static int mkfilter_group_byname(const char *name,
char safename[BUFLEN_SAFENAME];
/* escape attribute */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_group_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
group_filter, attmap_group_cn, safename);
@@ -136,7 +139,10 @@ static int mkfilter_group_bymember(MYLDAP_SESSION *session,
char safedn[BUFLEN_SAFEDN];
/* escape attribute */
if (myldap_escape(uid, safeuid, sizeof(safeuid)))
+ {
+ log_log(LOG_ERR, "mkfilter_group_bymember(): safeuid buffer too small");
return -1;
+ }
/* try to translate uid to DN */
if ((strcasecmp(attmap_group_member, "\"\"") == 0) ||
(uid2dn(session, uid, dn, sizeof(dn)) == NULL))
@@ -144,7 +150,10 @@ static int mkfilter_group_bymember(MYLDAP_SESSION *session,
group_filter, attmap_group_memberUid, safeuid);
/* escape DN */
if (myldap_escape(dn, safedn, sizeof(safedn)))
+ {
+ log_log(LOG_ERR, "mkfilter_group_bymember(): safedn buffer too small");
return -1;
+ }
/* also lookup using user DN */
return mysnprintf(buffer, buflen, "(&%s(|(%s=%s)(%s=%s)))",
group_filter,
@@ -158,7 +167,10 @@ static int mkfilter_group_bymemberdn(const char *dn,
char safedn[BUFLEN_SAFEDN];
/* escape DN */
if (myldap_escape(dn, safedn, sizeof(safedn)))
+ {
+ log_log(LOG_ERR, "mkfilter_group_bymemberdn(): safedn buffer too small");
return -1;
+ }
return mysnprintf(buffer, buflen,
"(&%s(%s=%s))",
group_filter,
diff --git a/nslcd/host.c b/nslcd/host.c
index a898eee..7e5f6aa 100644
--- a/nslcd/host.c
+++ b/nslcd/host.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -69,7 +69,10 @@ static int mkfilter_host_byname(const char *name, char
*buffer, size_t buflen)
char safename[BUFLEN_HOSTNAME];
/* escape attribute */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_host_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
host_filter, attmap_host_cn, safename);
@@ -81,7 +84,10 @@ static int mkfilter_host_byaddr(const char *addrstr,
char safeaddr[64];
/* escape attribute */
if (myldap_escape(addrstr, safeaddr, sizeof(safeaddr)))
+ {
+ log_log(LOG_ERR, "mkfilter_host_byaddr(): safeaddr buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
host_filter, attmap_host_ipHostNumber, safeaddr);
diff --git a/nslcd/invalidator.c b/nslcd/invalidator.c
index 54a8f95..7e8e415 100644
--- a/nslcd/invalidator.c
+++ b/nslcd/invalidator.c
@@ -1,7 +1,7 @@
/*
invalidator.c - functions for invalidating external caches
- Copyright (C) 2013 Arthur de Jong
+ Copyright (C) 2013-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -85,8 +85,12 @@ static void exec_invalidate(const char *db)
argv[2] = (char *)db;
argv[3] = NULL;
}
- mysnprintf(cmdline, 80, "%s %s%s%s", argv[0], argv[1],
- argv[2] != NULL ? " " : "", argv[2] != NULL ? argv[2] : "");
+ if (mysnprintf(cmdline, 80, "%s %s%s%s", argv[0], argv[1],
+ argv[2] != NULL ? " " : "", argv[2] != NULL ? argv[2] : ""))
+ {
+ log_log(LOG_ERR, "exec_invalidate(): cmdline buffer too small");
+ return;
+ }
log_log(LOG_DEBUG, "invalidator: %s", cmdline);
/* do fork/exec */
switch (cpid=fork())
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 8b97447..53f5b97 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -1701,7 +1701,11 @@ static char **myldap_get_ranged_values(MYLDAP_ENTRY
*entry, const char *attr)
SET *set = NULL;
/* build the attribute name to find */
if (mysnprintf(attbuf, sizeof(attbuf), "%s;range=0-*", attr))
+ {
+ log_log(LOG_ERR, "myldap_get_ranged_values(): attbuf buffer too small (%d
required)",
+ strlen(attr) + 10);
return NULL;
+ }
/* keep doing lookups untul we can't get any more results */
while (1)
{
@@ -1749,7 +1753,10 @@ static char **myldap_get_ranged_values(MYLDAP_ENTRY
*entry, const char *attr)
startat = nxt;
/* build attributes for a new search */
if (mysnprintf(attbuf, sizeof(attbuf), "%s;range=%d-*", attr, startat))
+ {
+ log_log(LOG_ERR, "myldap_get_ranged_values(): attbuf buffer too small");
break;
+ }
attrs[0] = attbuf;
attrs[1] = NULL;
/* close the previous search, if any */
diff --git a/nslcd/netgroup.c b/nslcd/netgroup.c
index d9acd42..6dbf77a 100644
--- a/nslcd/netgroup.c
+++ b/nslcd/netgroup.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -68,7 +68,10 @@ static int mkfilter_netgroup_byname(const char *name,
char safename[BUFLEN_SAFENAME];
/* escape attribute */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_netgroup_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
netgroup_filter, attmap_netgroup_cn, safename);
diff --git a/nslcd/network.c b/nslcd/network.c
index 89a3d27..26f68ad 100644
--- a/nslcd/network.c
+++ b/nslcd/network.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -68,7 +68,10 @@ static int mkfilter_network_byname(const char *name,
char safename[BUFLEN_HOSTNAME];
/* escape attribute */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_network_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
network_filter, attmap_network_cn, safename);
@@ -80,7 +83,10 @@ static int mkfilter_network_byaddr(const char *addrstr,
char safeaddr[64];
/* escape attribute */
if (myldap_escape(addrstr, safeaddr, sizeof(safeaddr)))
+ {
+ log_log(LOG_ERR, "mkfilter_network_byaddr(): safeaddr buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
network_filter, attmap_network_ipNetworkNumber, safeaddr);
diff --git a/nslcd/pam.c b/nslcd/pam.c
index 7bedcee..df44ce9 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -363,7 +363,7 @@ static void autzsearch_var_add(DICT *dict, const char *name,
/* perform escaping of the value */
if (myldap_escape(value, escaped_value, sz))
{
- log_log(LOG_CRIT, "autzsearch_var_add(): myldap_escape() failed to fit in
buffer");
+ log_log(LOG_ERR, "autzsearch_var_add(): escaped_value buffer too small");
free(escaped_value);
return;
}
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index e9cf950..198fd45 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -90,7 +90,10 @@ static int mkfilter_passwd_byname(const char *name,
char safename[BUFLEN_SAFENAME];
/* escape attribute */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_passwd_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
passwd_filter, attmap_passwd_uid, safename);
diff --git a/nslcd/protocol.c b/nslcd/protocol.c
index 32c8784..0e2cc47 100644
--- a/nslcd/protocol.c
+++ b/nslcd/protocol.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -68,7 +68,10 @@ static int mkfilter_protocol_byname(const char *name,
char safename[BUFLEN_SAFENAME];
/* escape attribute */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_protocol_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
protocol_filter, attmap_protocol_cn, safename);
diff --git a/nslcd/rpc.c b/nslcd/rpc.c
index 6539323..4021978 100644
--- a/nslcd/rpc.c
+++ b/nslcd/rpc.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -69,7 +69,10 @@ static int mkfilter_rpc_byname(const char *name, char
*buffer, size_t buflen)
char safename[BUFLEN_SAFENAME];
/* escape attribute */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_rpc_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
rpc_filter, attmap_rpc_cn, safename);
diff --git a/nslcd/service.c b/nslcd/service.c
index 83218db..1e5d615 100644
--- a/nslcd/service.c
+++ b/nslcd/service.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -71,12 +71,18 @@ static int mkfilter_service_byname(const char *name, const
char *protocol,
char safename[BUFLEN_SAFENAME], safeprotocol[BUFLEN_SAFENAME];
/* escape attributes */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_service_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
if (*protocol != '\0')
{
if (myldap_escape(protocol, safeprotocol, sizeof(safeprotocol)))
+ {
+ log_log(LOG_ERR, "mkfilter_service_byname(): safeprotocol buffer too
small");
return -1;
+ }
return mysnprintf(buffer, buflen, "(&%s(%s=%s)(%s=%s))",
service_filter, attmap_service_cn, safename,
attmap_service_ipServiceProtocol, safeprotocol);
@@ -93,7 +99,10 @@ static int mkfilter_service_bynumber(int number, const char
*protocol,
if (*protocol != '\0')
{
if (myldap_escape(protocol, safeprotocol, sizeof(safeprotocol)))
+ {
+ log_log(LOG_ERR, "mkfilter_service_bynumber(): safeprotocol buffer too
small");
return -1;
+ }
return mysnprintf(buffer, buflen, "(&%s(%s=%d)(%s=%s))",
service_filter, attmap_service_ipServicePort, number,
attmap_service_ipServiceProtocol, safeprotocol);
diff --git a/nslcd/shadow.c b/nslcd/shadow.c
index b5cf021..85ca4ef 100644
--- a/nslcd/shadow.c
+++ b/nslcd/shadow.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -75,7 +75,10 @@ static int mkfilter_shadow_byname(const char *name, char
*buffer, size_t buflen)
char safename[BUFLEN_SAFENAME];
/* escape attribute */
if (myldap_escape(name, safename, sizeof(safename)))
+ {
+ log_log(LOG_ERR, "mkfilter_shadow_byname(): safename buffer too small");
return -1;
+ }
/* build filter */
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
shadow_filter, attmap_shadow_uid, safename);
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=15fc13ce31cd6455d7c64089425da795da5d51d2
commit 15fc13ce31cd6455d7c64089425da795da5d51d2
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun May 4 13:01:09 2014 +0200
Warn when binddn buffer is too small
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 9e0bc6e..8b97447 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -1031,14 +1031,30 @@ static int do_open(MYLDAP_SESSION *session)
}
/* Set alternative credentials for the session. */
-void myldap_set_credentials(MYLDAP_SESSION *session, const char *dn,
+int myldap_set_credentials(MYLDAP_SESSION *session, const char *dn,
const char *password)
{
+ /* error out when buffers are too small */
+ if (strlen(dn) >= sizeof(session->binddn))
+ {
+ log_log(LOG_ERR,
+ "myldap_set_credentials(): binddn buffer too small (%d required)",
+ strlen(dn));
+ return -1;
+ }
+ if (strlen(password) >= sizeof(session->bindpw))
+ {
+ log_log(LOG_ERR,
+ "myldap_set_credentials(): bindpw buffer too small (%d required)",
+ strlen(password));
+ return -1;
+ }
/* copy dn and password into session */
strncpy(session->binddn, dn, sizeof(session->binddn));
session->binddn[sizeof(session->binddn) - 1] = '\0';
strncpy(session->bindpw, password, sizeof(session->bindpw));
session->bindpw[sizeof(session->bindpw) - 1] = '\0';
+ return 0;
}
/* Get bind ppolicy results from the last bind operation. This function
diff --git a/nslcd/myldap.h b/nslcd/myldap.h
index c7358af..e54ae52 100644
--- a/nslcd/myldap.h
+++ b/nslcd/myldap.h
@@ -68,9 +68,9 @@ typedef struct myldap_entry MYLDAP_ENTRY;
uses the configuration to find the URLs to attempt connections to. */
MUST_USE MYLDAP_SESSION *myldap_create_session(void);
-/* Set alternative credentials for the session. */
-void myldap_set_credentials(MYLDAP_SESSION *session, const char *dn,
- const char *password);
+/* Set alternative credentials for the session. Returns 0 on success. */
+MUST_USE int myldap_set_credentials(MYLDAP_SESSION *session, const char *dn,
+ const char *password);
/* Get bind ppolicy results from the last bind operation. This function
returns a NSLCD_PAM_* code and optional message. */
diff --git a/nslcd/pam.c b/nslcd/pam.c
index c194225..7bedcee 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -2,7 +2,7 @@
pam.c - pam processing routines
Copyright (C) 2009 Howard Chu
- Copyright (C) 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2009-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -55,7 +55,11 @@ static int try_bind(const char *userdn, const char *password,
if (session == NULL)
return LDAP_UNAVAILABLE;
/* set up credentials for the session */
- myldap_set_credentials(session, userdn, password);
+ if (myldap_set_credentials(session, userdn, password))
+ {
+ myldap_session_close(session);
+ return LDAP_LOCAL_ERROR;
+ }
/* perform search for own object (just to do any kind of search) */
attrs[0] = "dn";
attrs[1] = NULL;
@@ -686,7 +690,11 @@ static int try_pwmod(MYLDAP_SESSION *oldsession,
if (session == NULL)
return LDAP_UNAVAILABLE;
/* set up credentials for the session */
- myldap_set_credentials(session, binddn, oldpassword);
+ if (myldap_set_credentials(session, userdn, oldpassword))
+ {
+ myldap_session_close(session);
+ return LDAP_LOCAL_ERROR;
+ }
/* perform search for own object (just to do any kind of search) */
if ((lookup_dn2uid(session, userdn, &rc, buffer, sizeof(buffer)) != NULL) &&
(rc == LDAP_SUCCESS))
diff --git a/nslcd/usermod.c b/nslcd/usermod.c
index f7b22c5..e0de4d4 100644
--- a/nslcd/usermod.c
+++ b/nslcd/usermod.c
@@ -2,7 +2,7 @@
usermod.c - routines for changing user information such as full name,
login shell, etc
- Copyright (C) 2013 Arthur de Jong
+ Copyright (C) 2013-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -117,7 +117,8 @@ static MYLDAP_SESSION *get_session(const char *binddn,
const char *userdn,
return NULL;
}
/* set up credentials for the session */
- myldap_set_credentials(session, binddn, password);
+ if (myldap_set_credentials(session, binddn, password))
+ return NULL;
/* perform search for own object (just to do any kind of search to set
up the connection with fail-over) */
if ((lookup_dn2uid(session, userdn, rcp, buffer, sizeof(buffer)) == NULL) ||
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f9878913604c197a214b78f26782efd245237dda
commit f9878913604c197a214b78f26782efd245237dda
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun May 4 12:57:10 2014 +0200
Grow DN buffer size
The buffer size seems to be a problem in environments with long names or
environments with non-ASCII characters.
diff --git a/nslcd/common.h b/nslcd/common.h
index b6fcd72..e8b6924 100644
--- a/nslcd/common.h
+++ b/nslcd/common.h
@@ -3,7 +3,7 @@
This file is part of the nss-pam-ldapd library.
Copyright (C) 2006 West Consulting
- Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2006-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -164,8 +164,8 @@ void invalidator_do(enum ldap_map_selector map);
#define BUFLEN_SAFENAME 300 /* escaped name */
#define BUFLEN_PASSWORD 128 /* passwords */
#define BUFLEN_PASSWORDHASH 256 /* passwords hashes */
-#define BUFLEN_DN 256 /* distinguished names */
-#define BUFLEN_SAFEDN 300 /* escapedd dn */
+#define BUFLEN_DN 512 /* distinguished names */
+#define BUFLEN_SAFEDN 600 /* escapedd dn */
#define BUFLEN_FILTER 4096 /* search filters */
#define BUFLEN_HOSTNAME (HOST_NAME_MAX + 1) /* host names (+ escaped) */
#define BUFLEN_MESSAGE 1024 /* message strings */
-----------------------------------------------------------------------
Summary of changes:
nslcd/alias.c | 5 ++++-
nslcd/attmap.c | 6 ++++++
nslcd/cfg.c | 16 +++++++++++++---
nslcd/common.h | 10 +++++-----
nslcd/ether.c | 5 ++++-
nslcd/group.c | 12 ++++++++++++
nslcd/host.c | 8 +++++++-
nslcd/invalidator.c | 10 +++++++---
nslcd/myldap.c | 25 ++++++++++++++++++++++++-
nslcd/myldap.h | 6 +++---
nslcd/netgroup.c | 5 ++++-
nslcd/network.c | 8 +++++++-
nslcd/pam.c | 16 ++++++++++++----
nslcd/passwd.c | 5 ++++-
nslcd/protocol.c | 5 ++++-
nslcd/rpc.c | 5 ++++-
nslcd/service.c | 11 ++++++++++-
nslcd/shadow.c | 5 ++++-
nslcd/usermod.c | 5 +++--
19 files changed, 137 insertions(+), 31 deletions(-)
hooks/post-receive
--
nss-pam-ldapd
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/
- nss-pam-ldapd branch master updated. 0.9.3-4-g2274b41,
Commits of the nss-pam-ldapd project