diff options
Diffstat (limited to 'nslcd')
| -rw-r--r-- | nslcd/attmap.c | 6 | ||||
| -rw-r--r-- | nslcd/group.c | 8 |
2 files changed, 11 insertions, 3 deletions
diff --git a/nslcd/attmap.c b/nslcd/attmap.c index 08130fa..1911273 100644 --- a/nslcd/attmap.c +++ b/nslcd/attmap.c @@ -2,7 +2,7 @@ attmap.c - attribute mapping values and functions This file is part of the nss-pam-ldapd library. - Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong + Copyright (C) 2007-2014 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -217,6 +217,7 @@ const char *attmap_set_mapping(const char **var, const char *value) (note that this needs to match the functionality in the specific lookup module) */ if ((var != &attmap_group_userPassword) && + (var != &attmap_group_member) && (var != &attmap_passwd_userPassword) && (var != &attmap_passwd_gidNumber) && (var != &attmap_passwd_gecos) && @@ -231,6 +232,9 @@ const char *attmap_set_mapping(const char **var, const char *value) (var != &attmap_shadow_shadowExpire) && (var != &attmap_shadow_shadowFlag)) return NULL; + /* the member attribute may only be set to an empty string */ + if ((var == attmap_group_member) && (strcmp(value, "\"\"") != 0)) + return NULL; } /* check if the value will be changed */ if ((*var == NULL) || (strcmp(*var, value) != 0)) diff --git a/nslcd/group.c b/nslcd/group.c index 5ce6730..1455930 100644 --- a/nslcd/group.c +++ b/nslcd/group.c @@ -123,7 +123,8 @@ static int mkfilter_group_bymember(MYLDAP_SESSION *session, if (myldap_escape(uid, safeuid, sizeof(safeuid))) return -1; /* try to translate uid to DN */ - if (uid2dn(session, uid, dn, sizeof(dn)) == NULL) + if ((strcasecmp(attmap_group_member, "\"\"") == 0) || + (uid2dn(session, uid, dn, sizeof(dn)) == NULL)) return mysnprintf(buffer, buflen, "(&%s(%s=%s))", group_filter, attmap_group_memberUid, safeuid); /* escape DN */ @@ -227,6 +228,9 @@ static void getmembers(MYLDAP_ENTRY *entry, MYLDAP_SESSION *session, if (isvalidname(values[i])) set_add(members, values[i]); } + /* skip rest if attmap_group_member is blank */ + if (strcasecmp(attmap_group_member, "\"\"") == 0) + return; /* add the member values */ values = myldap_get_values(entry, attmap_group_member); if (values != NULL) @@ -423,7 +427,7 @@ int nslcd_group_bymember(TFILE *fp, MYLDAP_SESSION *session) log_log(LOG_WARNING, "nslcd_group_bymember(): filter buffer too small"); return -1; } - if (nslcd_cfg->nss_nested_groups) + if ((nslcd_cfg->nss_nested_groups) && (strcasecmp(attmap_group_member, "\"\"") != 0)) { seen = set_new(); tocheck = set_new(); |