nss-pam-ldapd branch master updated. 0.9.3-11-g94eacb5

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd branch master updated. 0.9.3-11-g94eacb5
Date: Sun, 4 May 2014 23:30:31 +0200 (CEST)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  94eacb5463f8699efff1b2fa76e286cd755d2318 (commit)
       via  ca36a50143eb38c9040c2567172b9bfb9dba1838 (commit)
      from  d6163e23de9dfe4490c9b06d52e91dc0eb71aec9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=94eacb5463f8699efff1b2fa76e286cd755d2318

commit 94eacb5463f8699efff1b2fa76e286cd755d2318
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun May 4 23:17:42 2014 +0200

    Improve error logging of user login failures

diff --git a/nslcd/pam.c b/nslcd/pam.c
index df44ce9..2240504 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -69,7 +69,7 @@ static int try_bind(const char *userdn, const char *password,
   {
     if (rc == LDAP_SUCCESS)
       rc = LDAP_LOCAL_ERROR;
-    log_log(LOG_WARNING, "%s: lookup failed: %s", userdn, ldap_err2string(rc));
+    log_log(LOG_WARNING, "%s: %s", userdn, ldap_err2string(rc));
   }
   else
   {
@@ -78,7 +78,7 @@ static int try_bind(const char *userdn, const char *password,
     {
       if (rc == LDAP_SUCCESS)
         rc = LDAP_NO_RESULTS_RETURNED;
-      log_log(LOG_WARNING, "%s: lookup failed: %s", userdn, 
ldap_err2string(rc));
+      log_log(LOG_WARNING, "%s: %s", userdn, ldap_err2string(rc));
     }
   }
   /* get any policy response from the bind */

http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=ca36a50143eb38c9040c2567172b9bfb9dba1838

commit ca36a50143eb38c9040c2567172b9bfb9dba1838
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun May 4 23:16:03 2014 +0200

    Also extract policy controls on BIND failure
    
    This ensures that controls returned by an LDAP server as part of a
    failed BIND operation are also returned. This makes it possible to
    distinguish between a wrong password and an expired password.
    
    This also only logs the BIND operation result on DEBUG level (the error
    is logged later on).

diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 53f5b97..78968ae 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -566,7 +566,7 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP 
*ld, const char *uri)
       ldap_msgfree(result);
     return LDAP_TIMEOUT;
   }
-  /* parse the result from the bind operation (frees result, get controls) */
+  /* parse the result from the bind operation (frees result, gets controls) */
   responsectrls = NULL;
   parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL, 
&responsectrls, 1);
   if (parserc != LDAP_SUCCESS)
@@ -576,20 +576,19 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP 
*ld, const char *uri)
       ldap_controls_free(responsectrls);
     return parserc;
   }
-  if (rc != LDAP_SUCCESS)
-  {
-    myldap_err(LOG_ERR, ld, rc, "ldap_parse_result() failed");
-    if (responsectrls != NULL)
-      ldap_controls_free(responsectrls);
-    return rc;
-  }
-  /* check the returned controls */
+  /* handle any returned controls */
   if (responsectrls != NULL)
   {
     handle_ppasswd_controls(session, ld, responsectrls);
-    /* free controls */
     ldap_controls_free(responsectrls);
   }
+  /* return the result of the BIND operation */
+  if (rc != LDAP_SUCCESS)
+  {
+    myldap_err(LOG_DEBUG, ld, rc, "ldap_parse_result() result");
+    return rc;
+  }
+  /* check the returned controls */
   return LDAP_SUCCESS;
 }
 #endif /* no SASL, so no ppolicy */

-----------------------------------------------------------------------

Summary of changes:
 nslcd/myldap.c |   19 +++++++++----------
 nslcd/pam.c    |    4 ++--
 2 files changed, 11 insertions(+), 12 deletions(-)


hooks/post-receive
-- 
nss-pam-ldapd
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/

nss-pam-ldapd branch master updated. 0.9.3-11-g94eacb5, Commits of the nss-pam-ldapd project

Prev by Date: nss-pam-ldapd branch master updated. 0.9.3-9-gd6163e2
Next by Date: nss-pam-ldapd branch master updated. 0.9.3-15-gf5ee208
Previous by thread: nss-pam-ldapd branch master updated. 0.9.3-9-gd6163e2
Next by thread: nss-pam-ldapd branch master updated. 0.9.3-15-gf5ee208