nss-pam-ldapd branch master updated. 0.9.7-27-gfee74d9
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd branch master updated. 0.9.7-27-gfee74d9
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd branch master updated. 0.9.7-27-gfee74d9
- Date: Sun, 18 Jun 2017 16:47:43 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".
The branch, master has been updated
via fee74d93917a857ceeeaeb78d41d31603fc9aefc (commit)
via 5126b26ef68fd5563a5ee390f7e47016a9884dd0 (commit)
via fe3772f3579b2cc27dc72c23b6400ee8f9ce4e15 (commit)
via ca62f59ac196f89b8f4b3218b17bb46f22346bc5 (commit)
via e68b85aac6e4010cacb43a33643f4050f138be7b (commit)
from 3d5ab890d3377eb1c344e69992252bebec8a29e6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=fee74d93917a857ceeeaeb78d41d31603fc9aefc
commit fee74d93917a857ceeeaeb78d41d31603fc9aefc
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun Jun 18 16:35:28 2017 +0200
Portability improvements to test_ldapcmds.sh
This fixes an issue with the export statement in POSIX shell scripts,
ensures that the commands in the output match those in the script,
strips password hashes for shadow lookups (for systems without PAM where
these are exposed) and only runs the tests if we enabled the utils.
Fixes 246a1f3.
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 7746275..0a7854e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -20,7 +20,7 @@
TESTS = test_dict test_set test_tio test_expr test_getpeercred test_cfg \
test_attmap test_myldap.sh test_common test_nsscmds.sh \
- test_ldapcmds.sh test_pamcmds.sh test_manpages.sh test_clock \
+ test_pamcmds.sh test_manpages.sh test_clock \
test_tio_timeout
if HAVE_PYTHON
TESTS += test_pycompile.sh test_pylint.sh
@@ -28,6 +28,9 @@ endif
if ENABLE_PYNSLCD
TESTS += test_pynslcd_cache.py test_doctest.sh
endif
+if ENABLE_UTILS
+ TESTS += test_ldapcmds.sh
+endif
AM_TESTS_ENVIRONMENT = PYTHON='@PYTHON@'; export PYTHON; \
builddir=$(builddir); export builddir;
diff --git a/tests/test_ldapcmds.sh b/tests/test_ldapcmds.sh
index d1ab2a4..8485d2b 100755
--- a/tests/test_ldapcmds.sh
+++ b/tests/test_ldapcmds.sh
@@ -30,7 +30,8 @@ top_srcdir="${top_srcdir-${srcdir}/..}"
builddir="${builddir-`dirname "$0"`}"
top_builddir="${top_builddir-${builddir}/..}"
python="${PYTHON-python}"
-export PYTHONPATH="${top_srcdir}/utils:${top_builddir}/utils"
+PYTHONPATH="${top_srcdir}/utils:${top_builddir}/utils"
+export PYTHONPATH
# ensure that we are running in the test environment
"$srcdir/testenv.sh" check_nslcd || exit 77
@@ -51,14 +52,14 @@ getent_ldap() {
check() {
# the command to execute
- cmd="$(echo $1 | sed 's/getent.ldap/getent_ldap/g')"
+ cmd="$1"
# save the expected output
expectfile=`mktemp -t expected.XXXXXX 2> /dev/null || tempfile -s .expected
2> /dev/null`
cat > "$expectfile"
# run the command
echo 'test_nsscmds.sh: checking "'"$cmd"'"'
actualfile=`mktemp -t actual.XXXXXX 2> /dev/null || tempfile -s .actual 2>
/dev/null`
- eval "$cmd" > "$actualfile" 2>&1 || true
+ eval "$(echo $cmd | sed 's/getent.ldap/getent_ldap/g')" > "$actualfile" 2>&1
|| true
# check for differences
diff -Nauwi "$expectfile" "$actualfile" || FAIL=`expr $FAIL + 1`
# remove temporary files
@@ -473,11 +474,11 @@ echo "test_ldapcmds.sh: testing shadow..."
# NOTE: the output of this should depend on whether we are root or not
-check "getent.ldap shadow ecordas" << EOM
+check "getent.ldap shadow ecordas | sed 's/^\([^:]*\):[^:]*:/\1:*:/'" << EOM
ecordas:*::::7:2::0
EOM
-check "getent.ldap shadow adishaw" << EOM
+check "getent.ldap shadow adishaw | sed 's/^\([^:]*\):[^:]*:/\1:*:/'" << EOM
adishaw:*:12302:::7:2::0
EOM
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=5126b26ef68fd5563a5ee390f7e47016a9884dd0
commit 5126b26ef68fd5563a5ee390f7e47016a9884dd0
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat Jun 17 21:55:33 2017 +0200
Use uint8_t instead of u_int8_t
The former seems to be available on more platforms than the latter.
Fixes be26510.
diff --git a/nslcd/ether.c b/nslcd/ether.c
index d790e5e..16117a5 100644
--- a/nslcd/ether.c
+++ b/nslcd/ether.c
@@ -78,7 +78,7 @@ static int mkfilter_ether_byname(const char *name,
ether_filter, attmap_ether_cn, safename);
}
-static void my_ether_ntoa(const u_int8_t *addr, char *buffer, int compact)
+static void my_ether_ntoa(const uint8_t *addr, char *buffer, int compact)
{
int i;
for (i = 0; i < 6; i++)
@@ -94,8 +94,8 @@ static int mkfilter_ether_byether(const struct ether_addr
*addr,
char *buffer, size_t buflen)
{
char addrstr1[20], addrstr2[20];
- my_ether_ntoa((const u_int8_t *)addr, addrstr1, 1);
- my_ether_ntoa((const u_int8_t *)addr, addrstr2, 0);
+ my_ether_ntoa((const uint8_t *)addr, addrstr1, 1);
+ my_ether_ntoa((const uint8_t *)addr, addrstr2, 0);
/* there should be no characters that need escaping */
return mysnprintf(buffer, buflen, "(&%s(|(%s=%s)(%s=%s)))", ether_filter,
attmap_ether_macAddress, addrstr1,
@@ -185,7 +185,7 @@ NSLCD_HANDLE(
char addrstr[20];
char filter[BUFLEN_FILTER];
READ(fp, &addr, sizeof(uint8_t[6]));
- my_ether_ntoa((u_int8_t *)&addr, addrstr, 1);
+ my_ether_ntoa((uint8_t *)&addr, addrstr, 1);
log_setrequest("ether=%s", addrstr);,
mkfilter_ether_byether(&addr, filter, sizeof(filter)),
write_ether(fp, entry, NULL, addrstr)
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=fe3772f3579b2cc27dc72c23b6400ee8f9ce4e15
commit fe3772f3579b2cc27dc72c23b6400ee8f9ce4e15
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat Jun 17 21:49:37 2017 +0200
Fix HAVE_DECL_PAM_ERROR usage
The macro is supposed to be defined to 0 (instead of undefined) if
pam_info() and pam_error() are not found.
Fixes 3d5ab89.
diff --git a/compat/pam_compat.h b/compat/pam_compat.h
index 0861624..5388fc6 100644
--- a/compat/pam_compat.h
+++ b/compat/pam_compat.h
@@ -60,13 +60,13 @@ int pam_prompt(pam_handle_t *pamh, int style, char
**response,
#endif /* not HAVE_PAM_PROMPT */
/* provide pam_info() if needed */
-#ifndef HAVE_DECL_PAM_INFO
+#if !HAVE_DECL_PAM_INFO
#define pam_info(pamh, format...) \
pam_prompt(pamh, PAM_TEXT_INFO, NULL, ##format)
#endif /* not HAVE_DECL_PAM_INFO */
/* provide pam_error() if needed */
-#ifndef HAVE_DECL_PAM_ERROR
+#if !HAVE_DECL_PAM_ERROR
#define pam_error(pamh, format...) \
pam_prompt(pamh, PAM_ERROR_MSG, NULL, ##format)
#endif /* not HAVE_DECL_PAM_ERROR */
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=ca62f59ac196f89b8f4b3218b17bb46f22346bc5
commit ca62f59ac196f89b8f4b3218b17bb46f22346bc5
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat Jun 17 21:06:14 2017 +0200
Also filter shadow entries by validnames
diff --git a/nslcd/shadow.c b/nslcd/shadow.c
index cdc7e5e..5fe5a94 100644
--- a/nslcd/shadow.c
+++ b/nslcd/shadow.c
@@ -254,16 +254,24 @@ static int write_shadow(TFILE *fp, MYLDAP_ENTRY *entry,
const char *requser,
for (i = 0; usernames[i] != NULL; i++)
if ((requser == NULL) || (STR_CMP(requser, usernames[i]) == 0))
{
- WRITE_INT32(fp, NSLCD_RESULT_BEGIN);
- WRITE_STRING(fp, usernames[i]);
- WRITE_STRING(fp, passwd);
- WRITE_INT32(fp, lastchangedate);
- WRITE_INT32(fp, mindays);
- WRITE_INT32(fp, maxdays);
- WRITE_INT32(fp, warndays);
- WRITE_INT32(fp, inactdays);
- WRITE_INT32(fp, expiredate);
- WRITE_INT32(fp, flag);
+ if (!isvalidname(usernames[i]))
+ {
+ log_log(LOG_WARNING, "%s: %s: denied by validnames option",
+ myldap_get_dn(entry), attmap_passwd_uid);
+ }
+ else
+ {
+ WRITE_INT32(fp, NSLCD_RESULT_BEGIN);
+ WRITE_STRING(fp, usernames[i]);
+ WRITE_STRING(fp, passwd);
+ WRITE_INT32(fp, lastchangedate);
+ WRITE_INT32(fp, mindays);
+ WRITE_INT32(fp, maxdays);
+ WRITE_INT32(fp, warndays);
+ WRITE_INT32(fp, inactdays);
+ WRITE_INT32(fp, expiredate);
+ WRITE_INT32(fp, flag);
+ }
}
return 0;
}
@@ -308,7 +316,12 @@ NSLCD_HANDLE_UID(
char name[BUFLEN_NAME];
char filter[BUFLEN_FILTER];
READ_STRING(fp, name);
- log_setrequest("shadow=\"%s\"", name);,
+ log_setrequest("shadow=\"%s\"", name);
+ if (!isvalidname(name))
+ {
+ log_log(LOG_WARNING, "request denied by validnames option");
+ return -1;
+ },
mkfilter_shadow_byname(name, filter, sizeof(filter)),
write_shadow(fp, entry, name, calleruid)
)
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=e68b85aac6e4010cacb43a33643f4050f138be7b
commit e68b85aac6e4010cacb43a33643f4050f138be7b
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat Jun 17 16:26:16 2017 +0200
Fix and clarify a few comments
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index fde4bda..7506ad7 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -297,7 +297,7 @@ char *dn2uid(MYLDAP_SESSION *session, const char *dn, char
*buf, size_t buflen)
{
if ((cacheentry->uid != NULL) && (strlen(cacheentry->uid) < buflen))
{
- /* if the cached entry is still valid, return that */
+ /* positive hit: if the cached entry is still valid, return that */
if ((nslcd_cfg->cache_dn2uid_positive > 0) &&
(time(NULL) < (cacheentry->timestamp +
nslcd_cfg->cache_dn2uid_positive)))
{
@@ -308,9 +308,9 @@ char *dn2uid(MYLDAP_SESSION *session, const char *dn, char
*buf, size_t buflen)
}
else
{
+ /* negative hit: if the cached entry is still valid, return that */
if ((nslcd_cfg->cache_dn2uid_negative > 0) &&
(time(NULL) < (cacheentry->timestamp +
nslcd_cfg->cache_dn2uid_negative)))
- /* if the cached entry is still valid, return that */
{
pthread_mutex_unlock(&dn2uid_cache_mutex);
return NULL;
diff --git a/nslcd/shadow.c b/nslcd/shadow.c
index 85ca4ef..cdc7e5e 100644
--- a/nslcd/shadow.c
+++ b/nslcd/shadow.c
@@ -127,7 +127,7 @@ static long to_date(const char *dn, const char *date, const
char *attr)
/* we expect an AD 64-bit datetime value;
we should do date=date/864000000000-134774
but that causes problems on 32-bit platforms,
- first we devide by 1000000000 by stripping the
+ first we divide by 1000000000 by stripping the
last 9 digits from the string and going from there */
l = strlen(date) - 9;
if (l > (sizeof(buffer) - 1))
-----------------------------------------------------------------------
Summary of changes:
compat/pam_compat.h | 4 ++--
nslcd/ether.c | 8 ++++----
nslcd/passwd.c | 4 ++--
nslcd/shadow.c | 37 +++++++++++++++++++++++++------------
tests/Makefile.am | 5 ++++-
tests/test_ldapcmds.sh | 11 ++++++-----
6 files changed, 43 insertions(+), 26 deletions(-)
hooks/post-receive
--
nss-pam-ldapd
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-commits/
- nss-pam-ldapd branch master updated. 0.9.7-27-gfee74d9,
Commits of the nss-pam-ldapd project
