nss-pam-ldapd branch master updated. 0.9.3-15-gf5ee208
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd branch master updated. 0.9.3-15-gf5ee208
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd branch master updated. 0.9.3-15-gf5ee208
- Date: Fri, 6 Jun 2014 11:52:26 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".
The branch, master has been updated
via f5ee208c4d40cf752b0e36082093f8888e3a33cc (commit)
via 13483f9f91c1fe4f3257f1d6b42eb1d01b3c6ba3 (commit)
via 3d29861e86e2044dc4dfbf6f2615c3e567c7a4f6 (commit)
via aa1d81059227782b1660c742b9f9d961b43aaf71 (commit)
from 94eacb5463f8699efff1b2fa76e286cd755d2318 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f5ee208c4d40cf752b0e36082093f8888e3a33cc
commit f5ee208c4d40cf752b0e36082093f8888e3a33cc
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Thu Jun 5 23:48:03 2014 +0200
Fix comment
diff --git a/pynslcd/cache.py b/pynslcd/cache.py
index c3c0082..99b520d 100644
--- a/pynslcd/cache.py
+++ b/pynslcd/cache.py
@@ -181,7 +181,7 @@ def _get_connection():
filename, detect_types=sqlite3.PARSE_DECLTYPES,
check_same_thread=False)
connection.row_factory = sqlite3.Row
- # initialise connection properties
+ # initialise connection properties
connection.executescript('''
-- store temporary tables in memory
PRAGMA temp_store = MEMORY;
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=13483f9f91c1fe4f3257f1d6b42eb1d01b3c6ba3
commit 13483f9f91c1fe4f3257f1d6b42eb1d01b3c6ba3
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Thu Jun 5 23:16:23 2014 +0200
Introduce lookup_groupbyuser test command
This command can be used to perform a lookup using getgrouplist() to
present a list of returned numeric group ids. This can be used to avoid
the additional lookups that are done with the id and groups commands.
diff --git a/.gitignore b/.gitignore
index 63f34cd..6554d20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -57,6 +57,7 @@ stamp-*
/pynslcd/constants.py
# /tests/
+/tests/lookup_groupbyuser
/tests/lookup_netgroup
/tests/lookup_shadow
/tests/temp.cfg
diff --git a/configure.ac b/configure.ac
index 96ae06f..bc15d80 100644
--- a/configure.ac
+++ b/configure.ac
@@ -345,7 +345,7 @@ AC_CHECK_FUNCS([malloc realloc atexit])
AC_FUNC_FORK
AC_CHECK_FUNCS(__assert_fail)
AC_SEARCH_LIBS(clock_gettime, rt)
-AC_CHECK_FUNCS([setusershell getusershell endusershell])
+AC_CHECK_FUNCS([setusershell getusershell endusershell getgrouplist])
AC_CHECK_DECLS([setusershell, getusershell, endusershell])
# checks for types
diff --git a/tests/Makefile.am b/tests/Makefile.am
index cf1009e..49e9d81 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -33,7 +33,8 @@ AM_TESTS_ENVIRONMENT = PYTHON='@PYTHON@'; export PYTHON; \
check_PROGRAMS = test_dict test_set test_tio test_expr test_getpeercred \
test_cfg test_attmap test_myldap test_common test_clock \
- test_tio_timeout lookup_netgroup lookup_shadow
+ test_tio_timeout lookup_netgroup lookup_shadow \
+ lookup_groupbyuser
EXTRA_DIST = README nslcd-test.conf usernames.txt testenv.sh test_myldap.sh \
test_nsscmds.sh test_pamcmds.sh test_pamcmds.expect \
@@ -92,3 +93,5 @@ test_tio_timeout_SOURCES = test_tio_timeout.c ../common/tio.h
lookup_netgroup_SOURCES = lookup_netgroup.c
lookup_shadow_SOURCES = lookup_shadow.c
+
+lookup_groupbyuser_SOURCES = lookup_groupbyuser.c
diff --git a/tests/lookup_groupbyuser.c b/tests/lookup_groupbyuser.c
new file mode 100644
index 0000000..a3ade26
--- /dev/null
+++ b/tests/lookup_groupbyuser.c
@@ -0,0 +1,74 @@
+/*
+ lookup_groupbyuser.c - simple lookup for groups by user
+
+ Copyright (C) 2014 Arthur de Jong
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA
+*/
+
+#include "config.h"
+
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+
+#include <grp.h>
+
+#ifndef HAVE_GETGROUPLIST
+/* dummy implementation that for systems without getgrouplist() */
+int main(int argc,char *argv[])
+{
+ fprintf(stderr, "%s: getgrouplist() not available\n", argv[0]);
+ return 1;
+}
+#else /* HAVE_GETGROUPLIST */
+
+/* the main program... */
+int main(int argc,char *argv[])
+{
+ gid_t groups[1024];
+ int ngroups = sizeof(groups);
+ int i;
+ /* check arguments */
+ if ((argc != 1) && (argc != 2))
+ {
+ fprintf(stderr, "Usage: %s [USERNAME]\n", argv[0]);
+ exit(EXIT_FAILURE);
+ }
+ /* start lookup */
+ if (getgrouplist(argv[1], (gid_t)-1, groups, &ngroups) < 0)
+ {
+ fprintf(stderr, "getgrouplist() failed (%d entries would be returned)\n",
+ ngroups);
+ exit(EXIT_FAILURE);
+ }
+ /* print results */
+ printf("user=%s groups=", argv[1]);
+ for (i = 0; i < ngroups; i++)
+ {
+ if (groups[i] != (gid_t)-1)
+ {
+ if (i > 0)
+ printf(",");
+ printf("%d", groups[i]);
+ }
+ }
+ printf("\n");
+ return 0;
+}
+
+#endif /* HAVE_GETGROUPLIST */
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=3d29861e86e2044dc4dfbf6f2615c3e567c7a4f6
commit 3d29861e86e2044dc4dfbf6f2615c3e567c7a4f6
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Wed May 14 21:29:38 2014 +0200
Clear buffers before free-ing
This clears most buffers that may hold credentials at one point before
free()ing the memory.
diff --git a/common/tio.c b/common/tio.c
index 1ec1381..910d6f8 100644
--- a/common/tio.c
+++ b/common/tio.c
@@ -2,7 +2,7 @@
tio.c - timed io functions
This file is part of the nss-pam-ldapd library.
- Copyright (C) 2007, 2008, 2010, 2011, 2012, 2013 Arthur de Jong
+ Copyright (C) 2007-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -485,6 +485,8 @@ int tio_close(TFILE *fp)
if (close(fp->fd))
retv = -1;
/* free any allocated buffers */
+ memset(fp->readbuffer.buffer, 0, sizeof(fp->readbuffer.size));
+ memset(fp->writebuffer.buffer, 0, sizeof(fp->writebuffer.size));
free(fp->readbuffer.buffer);
free(fp->writebuffer.buffer);
/* free the tio struct itself */
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 78968ae..7babe0e 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -318,6 +318,7 @@ static MYLDAP_SESSION *myldap_session_new(void)
for (i = 0; i < MAX_SEARCHES_IN_SESSION; i++)
session->searches[i] = NULL;
session->binddn[0] = '\0';
+ memset(session->bindpw, 0, sizeof(session->bindpw));
session->bindpw[0] = '\0';
session->policy_response = NSLCD_PAM_SUCCESS;
session->policy_message[0] = '\0';
@@ -1195,6 +1196,7 @@ void myldap_session_close(MYLDAP_SESSION *session)
/* close any open connections */
do_close(session);
/* free allocated memory */
+ memset(session->bindpw, 0, sizeof(session->bindpw));
free(session);
}
diff --git a/nslcd/pam.c b/nslcd/pam.c
index 2240504..96e045a 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -293,6 +293,7 @@ int nslcd_pam_authc(TFILE *fp, MYLDAP_SESSION *session,
uid_t calleruid)
{
log_log(LOG_NOTICE, "rootpwmoddn not configured");
/* we break the protocol */
+ memset(password, 0, sizeof(password));
return -1;
}
userdn = nslcd_cfg->rootpwmoddn;
@@ -302,6 +303,7 @@ int nslcd_pam_authc(TFILE *fp, MYLDAP_SESSION *session,
uid_t calleruid)
if (strlen(nslcd_cfg->rootpwmodpw) >= sizeof(password))
{
log_log(LOG_ERR, "nslcd_pam_authc(): rootpwmodpw will not fit in
password");
+ memset(password, 0, sizeof(password));
return -1;
}
strcpy(password, nslcd_cfg->rootpwmodpw);
@@ -318,6 +320,7 @@ int nslcd_pam_authc(TFILE *fp, MYLDAP_SESSION *session,
uid_t calleruid)
{
WRITE_INT32(fp, NSLCD_RESULT_END);
}
+ memset(password, 0, sizeof(password));
return -1;
}
userdn = myldap_get_dn(entry);
@@ -344,6 +347,7 @@ int nslcd_pam_authc(TFILE *fp, MYLDAP_SESSION *session,
uid_t calleruid)
WRITE_INT32(fp, authzrc);
WRITE_STRING(fp, authzmsg);
WRITE_INT32(fp, NSLCD_RESULT_END);
+ memset(password, 0, sizeof(password));
return 0;
}
@@ -765,6 +769,8 @@ int nslcd_pam_pwmod(TFILE *fp, MYLDAP_SESSION *session,
uid_t calleruid)
{
WRITE_INT32(fp, NSLCD_RESULT_END);
}
+ memset(oldpassword, 0, sizeof(oldpassword));
+ memset(newpassword, 0, sizeof(newpassword));
return -1;
}
/* check if pam_password_prohibit_message is set */
@@ -775,6 +781,8 @@ int nslcd_pam_pwmod(TFILE *fp, MYLDAP_SESSION *session,
uid_t calleruid)
WRITE_INT32(fp, NSLCD_PAM_PERM_DENIED);
WRITE_STRING(fp, nslcd_cfg->pam_password_prohibit_message);
WRITE_INT32(fp, NSLCD_RESULT_END);
+ memset(oldpassword, 0, sizeof(oldpassword));
+ memset(newpassword, 0, sizeof(newpassword));
return 0;
}
/* check if the the user passed the rootpwmoddn */
@@ -788,6 +796,8 @@ int nslcd_pam_pwmod(TFILE *fp, MYLDAP_SESSION *session,
uid_t calleruid)
if (strlen(nslcd_cfg->rootpwmodpw) >= sizeof(oldpassword))
{
log_log(LOG_ERR, "nslcd_pam_pwmod(): rootpwmodpw will not fit in
oldpassword");
+ memset(oldpassword, 0, sizeof(oldpassword));
+ memset(newpassword, 0, sizeof(newpassword));
return -1;
}
strcpy(oldpassword, nslcd_cfg->rootpwmodpw);
@@ -804,6 +814,8 @@ int nslcd_pam_pwmod(TFILE *fp, MYLDAP_SESSION *session,
uid_t calleruid)
WRITE_INT32(fp, rc);
WRITE_STRING(fp, authzmsg);
WRITE_INT32(fp, NSLCD_RESULT_END);
+ memset(oldpassword, 0, sizeof(oldpassword));
+ memset(newpassword, 0, sizeof(newpassword));
return 0;
}
}
@@ -819,6 +831,8 @@ int nslcd_pam_pwmod(TFILE *fp, MYLDAP_SESSION *session,
uid_t calleruid)
WRITE_INT32(fp, NSLCD_PAM_PERM_DENIED);
WRITE_STRING(fp, authzmsg);
WRITE_INT32(fp, NSLCD_RESULT_END);
+ memset(oldpassword, 0, sizeof(oldpassword));
+ memset(newpassword, 0, sizeof(newpassword));
return 0;
}
/* write response */
@@ -827,5 +841,7 @@ int nslcd_pam_pwmod(TFILE *fp, MYLDAP_SESSION *session,
uid_t calleruid)
WRITE_INT32(fp, NSLCD_PAM_SUCCESS);
WRITE_STRING(fp, "");
WRITE_INT32(fp, NSLCD_RESULT_END);
+ memset(oldpassword, 0, sizeof(oldpassword));
+ memset(newpassword, 0, sizeof(newpassword));
return 0;
}
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=aa1d81059227782b1660c742b9f9d961b43aaf71
commit aa1d81059227782b1660c742b9f9d961b43aaf71
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Thu May 8 18:06:19 2014 +0200
Clarify code contribution
diff --git a/HACKING b/HACKING
index 3fa25c2..ecaef10 100644
--- a/HACKING
+++ b/HACKING
@@ -16,12 +16,12 @@ are considered:
* clearly state which problem you're trying to solve and how this is
accomplished
* please follow the existing coding conventions
-* please test the patch and include information on testing with the patch
- (platforms tested, etc)
+* please test the patch and include information on tested platforms, etc.
* add a copyright statement with the patch if you feel the contribution is
significant enough (e.g. more than a few lines)
-* when including third-party code, retain copyright information (copyright
- holder and license) and ensure that the license is LGPL compatible
+* ensure that the code you contribute can be integrated in the project
+ under the LGPL (when including third-party code, retain copyright
+ information license, you have permission to distribute the code, etc.)
Please email nss-pam-ldapd-users@lists.arthurdejong.org if you want to
contribute. All contributions will be acknowledged in the AUTHORS file.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 +
HACKING | 8 ++--
common/tio.c | 4 +-
configure.ac | 2 +-
nslcd/myldap.c | 2 +
nslcd/pam.c | 16 +++++++
pynslcd/cache.py | 2 +-
tests/Makefile.am | 5 ++-
tests/{lookup_netgroup.c => lookup_groupbyuser.c} | 50 ++++++++++++++-------
9 files changed, 65 insertions(+), 25 deletions(-)
copy tests/{lookup_netgroup.c => lookup_groupbyuser.c} (53%)
hooks/post-receive
--
nss-pam-ldapd
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/
- nss-pam-ldapd branch master updated. 0.9.3-15-gf5ee208,
Commits of the nss-pam-ldapd project
