diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2007-08-03 08:13:51 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2007-08-03 08:13:51 +0000 |
| commit | 1a79a08b416d2c611afd51d143c4d74efecd7b9e (patch) | |
| tree | b51baec4a337a6d237204d8f20ff9146b08cd29f | |
| parent | f352b7c00315571d70d6aa9b45ed95d234d61f6f (diff) | |
remove nss_initgroups and nss_initgroups_ignoreusers configfile options
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@342 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | nslcd/cfg.c | 87 | ||||
| -rw-r--r-- | nslcd/cfg.h | 2 | ||||
| -rw-r--r-- | nslcd/group.c | 87 |
3 files changed, 24 insertions, 152 deletions
diff --git a/nslcd/cfg.c b/nslcd/cfg.c index c5ad6f4..8d44725 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -80,8 +80,6 @@ struct ldap_config *nslcd_cfg=NULL; #endif /* CONFIGURE_KRB5_CCNAME */ #define NSS_LDAP_KEY_DEBUG "debug" #define NSS_LDAP_KEY_PAGESIZE "pagesize" -#define NSS_LDAP_KEY_INITGROUPS "nss_initgroups" -#define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers" /* more reconnect policy fine-tuning */ #define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries" @@ -158,7 +156,6 @@ static void _nss_ldap_init_config(struct ldap_config *result) result->ldc_reconnect_sleeptime = LDAP_NSS_SLEEPTIME; result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME; result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES; - result->ldc_initgroups_ignoreusers = NULL; } static enum nss_status @@ -305,70 +302,6 @@ static enum nss_status do_parse_map_statement( return NSS_STATUS_SUCCESS; } -/* parse a comma-separated list */ -static enum nss_status do_parse_list(char *values,char ***valptr, - char **pbuffer,size_t *pbuflen) -{ - char *s, **p; -#ifdef HAVE_STRTOK_R - char *tok_r; -#endif /* HAVE_STRTOK_R */ - size_t valcount; - - int buflen = *pbuflen; - char *buffer = *pbuffer; - - /* comma separated list of values to ignore on initgroups() */ - for (valcount = 1, s = values; *s != '\0'; s++) - { - if (*s == ',') - valcount++; - } - - if (bytesleft (buffer, buflen, char *) < (valcount + 1) * sizeof (char *)) - { - return NSS_STATUS_UNAVAIL; - } - - align (buffer, buflen, char *); - p = *valptr = (char **) buffer; - - buffer += (valcount + 1) * sizeof (char *); - buflen -= (valcount + 1) * sizeof (char *); - -#ifdef HAVE_STRTOK_R - for (s = strtok_r(values, ",", &tok_r); s != NULL; - s = strtok_r(NULL, ",", &tok_r)) -#else /* HAVE_STRTOK_R */ - for (s = strtok(values, ","); s != NULL; s = strtok(NULL, ",")) -#endif /* not HAVE_STRTOK_R */ - { - int vallen; - char *elt = NULL; - - vallen = strlen (s); - if (buflen < (size_t) (vallen + 1)) - { - return NSS_STATUS_UNAVAIL; - } - - /* copy this value into the next block of buffer space */ - elt = buffer; - buffer += vallen + 1; - buflen -= vallen + 1; - - strncpy (elt, s, vallen); - elt[vallen] = '\0'; - *p++ = elt; - } - - *p = NULL; - *pbuffer = buffer; - *pbuflen = buflen; - - return NSS_STATUS_SUCCESS; -} - static enum nss_status do_searchdescriptorconfig (const char *key, const char *value, size_t len, struct ldap_service_search_descriptor ** result, @@ -739,17 +672,6 @@ static enum nss_status _nss_ldap_readconfig(struct ldap_config ** presult, char { do_parse_map_statement (result, v); } - else if (!strcasecmp (k, NSS_LDAP_KEY_INITGROUPS)) - { - if (!strcasecmp (v, "backlink")) - { - result->ldc_flags |= NSS_LDAP_FLAGS_INITGROUPS_BACKLINK; - } - else - { - result->ldc_flags &= ~(NSS_LDAP_FLAGS_INITGROUPS_BACKLINK); - } - } else if (!strcasecmp (k, NSS_LDAP_KEY_SCHEMA)) { if (!strcasecmp (v, "rfc2307bis")) @@ -761,15 +683,6 @@ static enum nss_status _nss_ldap_readconfig(struct ldap_config ** presult, char result->ldc_flags &= ~(NSS_LDAP_FLAGS_RFC2307BIS); } } - else if (!strcasecmp (k, NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS)) - { - status = do_parse_list (v, &result->ldc_initgroups_ignoreusers, - buffer, buflen); - if (status == NSS_STATUS_UNAVAIL) - { - break; - } - } else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY)) { if (!strcasecmp (v, "oneshot")) diff --git a/nslcd/cfg.h b/nslcd/cfg.h index bff6c1a..c790c57 100644 --- a/nslcd/cfg.h +++ b/nslcd/cfg.h @@ -137,7 +137,6 @@ struct ldap_config /* Use active directory time offsets? */ enum ldap_shadow_selector ldc_shadow_type; unsigned int ldc_flags; - char **ldc_initgroups_ignoreusers; }; extern struct ldap_config *nslcd_cfg; @@ -145,7 +144,6 @@ extern struct ldap_config *nslcd_cfg; /* * Flags that are exposed via _nss_ldap_test_config_flag() */ -#define NSS_LDAP_FLAGS_INITGROUPS_BACKLINK 0x0001 #define NSS_LDAP_FLAGS_RFC2307BIS 0x0004 #define NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT 0x0008 diff --git a/nslcd/group.c b/nslcd/group.c index 534ef30..c61940b 100644 --- a/nslcd/group.c +++ b/nslcd/group.c @@ -1014,21 +1014,6 @@ static enum nss_status ng_chase_backlink(const char ** membersOf, ldap_initgroup return stat; } -static int _nss_ldap_test_initgroups_ignoreuser(const char *user) -{ - char **p; - if (nslcd_cfg == NULL) - return 0; - if (nslcd_cfg->ldc_initgroups_ignoreusers == NULL) - return 0; - for (p = nslcd_cfg->ldc_initgroups_ignoreusers; *p != NULL; p++) - { - if (strcmp (*p, user) == 0) - return 1; - } - return 0; -} - static enum nss_status group_bymember(const char *user, long int *start, long int *size, long int limit, int *errnop) @@ -1065,64 +1050,40 @@ static enum nss_status group_bymember(const char *user, long int *start, return stat; } - if (_nss_ldap_test_initgroups_ignoreuser (LA_STRING (a))) + if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) { - log_log(LOG_DEBUG,"<== group_bymember (user ignored)"); - _nss_ldap_leave (); - return NSS_STATUS_NOTFOUND; + /* lookup the user's DN. */ + stat = _nss_ldap_search_s (&a, _nss_ldap_filt_getpwnam, LM_PASSWD, + no_attrs, 1, &res); + if (stat == NSS_STATUS_SUCCESS) + { + e = _nss_ldap_first_entry (res); + if (e != NULL) + { + userdn = _nss_ldap_get_dn (e); + } + ldap_msgfree (res); + } + } + else + { + userdn = NULL; } - lia.backlink = _nss_ldap_test_config_flag (NSS_LDAP_FLAGS_INITGROUPS_BACKLINK); - - if (lia.backlink != 0) + if (userdn != NULL) { - filter = _nss_ldap_filt_getpwnam_groupsbymember; - LA_STRING2 (a) = LA_STRING (a); + LA_STRING2 (a) = userdn; LA_TYPE (a) = LA_TYPE_STRING_AND_STRING; - - gidnumber_attrs[0] = attmap_group_gidNumber; - gidnumber_attrs[1] = attmap_group_memberOf; - gidnumber_attrs[2] = NULL; - - map = LM_PASSWD; + filter = _nss_ldap_filt_getgroupsbymemberanddn; } else { - if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) - { - /* lookup the user's DN. */ - stat = _nss_ldap_search_s (&a, _nss_ldap_filt_getpwnam, LM_PASSWD, - no_attrs, 1, &res); - if (stat == NSS_STATUS_SUCCESS) - { - e = _nss_ldap_first_entry (res); - if (e != NULL) - { - userdn = _nss_ldap_get_dn (e); - } - ldap_msgfree (res); - } - } - else - { - userdn = NULL; - } - - if (userdn != NULL) - { - LA_STRING2 (a) = userdn; - LA_TYPE (a) = LA_TYPE_STRING_AND_STRING; - filter = _nss_ldap_filt_getgroupsbymemberanddn; - } - else - { - filter = _nss_ldap_filt_getgroupsbymember; - } - - gidnumber_attrs[0] = attmap_group_gidNumber; - gidnumber_attrs[1] = NULL; + filter = _nss_ldap_filt_getgroupsbymember; } + gidnumber_attrs[0] = attmap_group_gidNumber; + gidnumber_attrs[1] = NULL; + if (_nss_ldap_ent_context_init_locked(&ctx)==NULL) { log_log(LOG_DEBUG,"<== group_bymember (ent_context_init failed)"); |