~ubuntu-branches/ubuntu/quantal/nss-pam-ldapd/quantal

« back to all changes in this revision

Viewing changes to nslcd/passwd.c

Committer: Package Import Robot
Author(s): Arthur de Jong
Date: 2011-12-31 13:30:00 UTC
Revision ID: package-import@ubuntu.com-20111231133000-c2lpa27xp5s6q481

Tags: 0.8.5

http://bugs.debian.org/640781

http://bugs.debian.org/640623

http://bugs.debian.org/641619

http://bugs.debian.org/642347

http://bugs.debian.org/641820

http://bugs.debian.org/644892

http://bugs.debian.org/645599

* support larger gecos values (closes: #640781)
* updated Swedish debconf translation by Martin Bagge (closes: #640623)
* consistently handle whitespace in configuration file during package
  configuration (thanks Nick) (closes: #641619)
* add a versioned dependency on libpam0g to ensure the PAM libraries are
  multiarch-aware
* in debconf, treat the "hard" value for tls_reqcert as if it was "demand"
  (closes: #642347)
* reduce loglevel of user not found messages to avoid spamming the logs
  with useless information (thanks Wakko Warner) (closes: #641820)
* other logging improvements
* keep nslcd running during package upgrades (closes: #644892)
* explicitly parse numbers as base 10 (thanks Jakub Hrozek)
* implement FreeBSD group membership NSS function (thanks Tom Judge)
* fix an issue where changes in /etc/nsswitch.conf were not correctly
  picked up and could lead to lookups being disabled on upgrade
  (closes: #645599)
* fix an issue with detecting the uid of the calling process and log
  denied shadow requests in debug mode
* fix a typo in the disconnect logic code (thanks Martin Poole)
* enable hardening options during build
* implement configuration file handling in pynslcd and other pynslcd
  improvements (pynslcd is not in a Debian package yet)
* update debian/copyright

files modified:
AUTHORS

ChangeLog

Makefile.in

NEWS

TODO

common/Makefile.in

compat/Makefile.in

configure

configure.ac

debian/changelog

debian/control

debian/copyright

debian/libnss-ldapd.config

debian/libnss-ldapd.postrm

debian/nslcd.config

debian/nslcd.init

debian/nslcd.postinst

debian/po/sv.po

debian/rules

m4/ax_pthread.m4

man/Makefile.in

man/nslcd.8

man/nslcd.8.xml

man/nslcd.conf.5

man/nslcd.conf.5.xml

man/pam_ldap.8

man/pam_ldap.8.xml

nslcd/Makefile.in

nslcd/alias.c

nslcd/attmap.c

nslcd/cfg.c

nslcd/common.c

nslcd/common.h

nslcd/ether.c

nslcd/group.c

nslcd/host.c

nslcd/myldap.c

nslcd/netgroup.c

nslcd/network.c

nslcd/nslcd.c

nslcd/nsswitch.c

nslcd/pam.c

nslcd/passwd.c

nslcd/protocol.c

nslcd/rpc.c

nslcd/service.c

nslcd/shadow.c

nss/Makefile.in

nss/bsdnss.c

pam/Makefile.in

pynslcd/Makefile.in

pynslcd/alias.py

pynslcd/cfg.py

pynslcd/common.py

pynslcd/config.py.in

pynslcd/ether.py

pynslcd/group.py

pynslcd/host.py

pynslcd/netgroup.py

pynslcd/network.py

pynslcd/pam.py

pynslcd/passwd.py

pynslcd/pynslcd.py

pynslcd/shadow.py

pynslcd/tio.py

tests/Makefile.in

Show diffs side-by-side

added added

removed removed

nslcd/passwd.c

183

values=myldap_get_values_len(entry,attmap_passwd_uidNumber);

184

if ((values==NULL)||(values[0]==NULL))

185

{

186

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

186

log_log(LOG_WARNING,"%s: %s: missing",

187

myldap_get_dn(entry),attmap_passwd_uidNumber);

188

return 0;

189

}

195

else

196

{

197

errno=0;

198

uid=strtouid(values[i],&tmp,0);

198

uid=strtouid(values[i],&tmp,10);

199

if ((*(values[i])=='\0')||(*tmp!='\0'))

200

{

201

log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",

201

log_log(LOG_WARNING,"%s: %s: non-numeric",

202

myldap_get_dn(entry),attmap_passwd_uidNumber);

203

continue;

204

}

205

else if (errno!=0)

206

{

207

log_log(LOG_WARNING,"passwd entry %s contains too large %s value",

207

log_log(LOG_WARNING,"%s: %s: too large",

208

myldap_get_dn(entry),attmap_passwd_uidNumber);

209

continue;

210

}

235

search=myldap_search(session,dn,LDAP_SCOPE_BASE,passwd_filter,attrs,rcp);

236

if (search==NULL)

237

{

238

log_log(LOG_WARNING,"lookup of user %s failed: %s",dn,ldap_err2string(*rcp));

238

log_log(LOG_WARNING,"%s: lookup error: %s",dn,ldap_err2string(*rcp));

239

return NULL;

240

}

241

entry=myldap_get_entry(search,rcp);

242

if (entry==NULL)

243

{

244

if (*rcp!=LDAP_SUCCESS)

245

log_log(LOG_WARNING,"lookup of user %s failed: %s",dn,ldap_err2string(*rcp));

245

log_log(LOG_WARNING,"%s: lookup error: %s",dn,ldap_err2string(*rcp));

246

return NULL;

247

}

248

/* check the uidNumber attribute if min_uid is set */

423

static inline int shadow_uses_ldap(void)

424

{

425

if (cached_shadow_uses_ldap==CACHED_UNKNOWN)

426

{

427

log_log(LOG_INFO,"(re)loading %s",NSSWITCH_FILE);

426

428

cached_shadow_uses_ldap=nsswitch_db_uses_ldap(NSSWITCH_FILE,"shadow");

429

cached_shadow_lastcheck=time(NULL);

430

}

427

431

return cached_shadow_uses_ldap;

428

432

}

429

433

442

446

int numuids;

443

447

char gidbuf[32];

444

448

gid_t gid;

445

char gecos[100];

446

char homedir[100];

447

char shell[100];

449

char gecos[1024];

450

char homedir[256];

451

char shell[64];

448

452

char passbuffer[64];

449

453

int i,j;

450

454

/* get the usernames for this entry */

451

455

usernames=myldap_get_values(entry,attmap_passwd_uid);

452

456

if ((usernames==NULL)||(usernames[0]==NULL))

453

457

{

454

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

458

log_log(LOG_WARNING,"%s: %s: missing",

455

459

myldap_get_dn(entry),attmap_passwd_uid);

456

460

return 0;

457

461

}

478

482

tmpvalues=myldap_get_values_len(entry,attmap_passwd_uidNumber);

479

483

if ((tmpvalues==NULL)||(tmpvalues[0]==NULL))

480

484

{

481

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

485

log_log(LOG_WARNING,"%s: %s: missing",

482

486

myldap_get_dn(entry),attmap_passwd_uidNumber);

483

487

return 0;

484

488

}

489

493

else

490

494

{

491

495

errno=0;

492

uids[numuids]=strtouid(tmpvalues[numuids],&tmp,0);

496

uids[numuids]=strtouid(tmpvalues[numuids],&tmp,10);

493

497

if ((*(tmpvalues[numuids])=='\0')||(*tmp!='\0'))

494

498

{

495

log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",

499

log_log(LOG_WARNING,"%s: %s: non-numeric",

496

500

myldap_get_dn(entry),attmap_passwd_uidNumber);

497

501

return 0;

498

502

}

499

503

else if (errno!=0)

500

504

{

501

log_log(LOG_WARNING,"passwd entry %s contains too large %s value",

505

log_log(LOG_WARNING,"%s: %s: too large",

502

506

myldap_get_dn(entry),attmap_passwd_uidNumber);

503

507

return 0;

504

508

}

511

515

tmpvalues=myldap_get_values_len(entry,attmap_passwd_gidNumber);

512

516

if ((tmpvalues==NULL)||(tmpvalues[0]==NULL))

513

517

{

514

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

518

log_log(LOG_WARNING,"%s: %s: missing",

515

519

myldap_get_dn(entry),attmap_passwd_gidNumber);

516

520

return 0;

517

521

}

522

526

attmap_get_value(entry,attmap_passwd_gidNumber,gidbuf,sizeof(gidbuf));

523

527

if (gidbuf[0]=='\0')

524

528

{

525

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

529

log_log(LOG_WARNING,"%s: %s: missing",

526

530

myldap_get_dn(entry),attmap_passwd_gidNumber);

527

531

return 0;

528

532

}

529

533

errno=0;

530

gid=strtogid(gidbuf,&tmp,0);

534

gid=strtogid(gidbuf,&tmp,10);

531

535

if ((gidbuf[0]=='\0')||(*tmp!='\0'))

532

536

{

533

log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",

537

log_log(LOG_WARNING,"%s: %s: non-numeric",

534

538

myldap_get_dn(entry),attmap_passwd_gidNumber);

535

539

return 0;

536

540

}

537

541

else if (errno!=0)

538

542

{

539

log_log(LOG_WARNING,"passwd entry %s contains too large %s value",

543

log_log(LOG_WARNING,"%s: %s: too large",

540

544

myldap_get_dn(entry),attmap_passwd_gidNumber);

541

545

return 0;

542

546

}

546

550

/* get the home directory for this entry */

547

551

attmap_get_value(entry,attmap_passwd_homeDirectory,homedir,sizeof(homedir));

548

552

if (homedir[0]=='\0')

549

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

553

log_log(LOG_WARNING,"%s: %s: missing",

550

554

myldap_get_dn(entry),attmap_passwd_homeDirectory);

551

555

/* get the shell for this entry */

552

556

attmap_get_value(entry,attmap_passwd_loginShell,shell,sizeof(shell));

556

560

{

557

561

if (!isvalidname(usernames[i]))

558

562

{

559

log_log(LOG_WARNING,"passwd entry %s denied by validnames option: \"%s\"",

560

myldap_get_dn(entry),usernames[i]);

563

log_log(LOG_WARNING,"%s: %s: denied by validnames option",

564

myldap_get_dn(entry),attmap_passwd_uid);

561

565

}

562

566

else

563

567

{

587

591

READ_STRING(fp,name);

588

592

log_setrequest("passwd=\"%s\"",name);

589

593

if (!isvalidname(name)) {

590

log_log(LOG_WARNING,"\"%s\": name denied by validnames option",name);

594

log_log(LOG_WARNING,"request denied by validnames option");

591

595

return -1;

592

596

}

593

597

check_nsswitch_reload();,

Older »