lists.arthurdejong.org
RSS feed

nss-pam-ldapd branch master updated. 0.9.7-3-gc12cd14

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd branch master updated. 0.9.7-3-gc12cd14



This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  c12cd14456e106c60bfcac6e9d3c4da43d89c5a8 (commit)
       via  d8ad7b127363d6d73ab1de6796886fda5eb07054 (commit)
      from  a3da150a81ebe23b59d6cbc4f2899cc50cd81225 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=c12cd14456e106c60bfcac6e9d3c4da43d89c5a8

commit c12cd14456e106c60bfcac6e9d3c4da43d89c5a8
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Sep 4 14:21:16 2016 +0200

    Remove duplicate break statement

diff --git a/nslcd/nslcd.c b/nslcd/nslcd.c
index a0035d2..02af88e 100644
--- a/nslcd/nslcd.c
+++ b/nslcd/nslcd.c
@@ -417,7 +417,7 @@ static void handleconnection(int sock, MYLDAP_SESSION 
*session)
     case NSLCD_ACTION_SERVICE_ALL:      (void)nslcd_service_all(fp, session); 
break;
     case NSLCD_ACTION_SHADOW_BYNAME:    (void)nslcd_shadow_byname(fp, session, 
uid); break;
     case NSLCD_ACTION_SHADOW_ALL:
-      if (!nslcd_cfg->nss_disable_enumeration) (void)nslcd_shadow_all(fp, 
session, uid); break;
+      if (!nslcd_cfg->nss_disable_enumeration) (void)nslcd_shadow_all(fp, 
session, uid);
       break;
     case NSLCD_ACTION_PAM_AUTHC:        (void)nslcd_pam_authc(fp, session, 
uid); break;
     case NSLCD_ACTION_PAM_AUTHZ:        (void)nslcd_pam_authz(fp, session); 
break;

http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=d8ad7b127363d6d73ab1de6796886fda5eb07054

commit d8ad7b127363d6d73ab1de6796886fda5eb07054
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Sep 4 13:29:22 2016 +0200

    Do not try all LDAP servers on failed authentication
    
    See https://bugs.launchpad.net/bugs/1618190

diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 932fd7b..dddb0d7 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -1336,6 +1336,13 @@ static int do_retry_search(MYLDAP_SEARCH *search)
         rc = do_open(search->session);
         if (rc == LDAP_SUCCESS)
           rc = do_try_search(search);
+        /* if we are authenticating a user and get an error regarding failed
+           password we should error out instead of trying all servers */
+        if ((search->session->binddn[0] != '\0') && (rc == 
LDAP_INVALID_CREDENTIALS))
+        {
+          do_close(search->session);
+          return rc;
+        }
         if (rc == LDAP_SUCCESS)
         {
           pthread_mutex_lock(&uris_mutex);

-----------------------------------------------------------------------

Summary of changes:
 nslcd/myldap.c | 7 +++++++
 nslcd/nslcd.c  | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
nss-pam-ldapd
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-commits/