Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd
diff options
context:
space:
mode:
Diffstat (limited to 'nslcd')
-rw-r--r--nslcd/common.h3
-rw-r--r--nslcd/group.c23
-rw-r--r--nslcd/passwd.c36
3 files changed, 56 insertions, 6 deletions
diff --git a/nslcd/common.h b/nslcd/common.h
index 1c920cd..1fa272d 100644
--- a/nslcd/common.h
+++ b/nslcd/common.h
@@ -79,6 +79,9 @@ int read_address(TFILE *fp,char *addr,int *addrlen,int *af);
/* transforms the DN info a uid doing an LDAP lookup if needed */
char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen);
+/* transforms the uid into a DN by doing an LDAP lookup */
+char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen);
+
/* these are the different functions that handle the database
specific actions, see nslcd.h for the action descriptions */
int nslcd_alias_byname(TFILE *fp,MYLDAP_SESSION *session);
diff --git a/nslcd/group.c b/nslcd/group.c
index 41af0be..3507309 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -103,13 +103,24 @@ static int mkfilter_group_bygid(gid_t gid,
/* create a search filter for searching a group entry
by member uid, return -1 on errors */
-static int mkfilter_group_bymember(const char *uid,
+static int mkfilter_group_bymember(MYLDAP_SESSION *session,
+ const char *uid,
char *buffer,size_t buflen)
{
- return mysnprintf(buffer,buflen,
- "(&%s(%s=%s))",
- group_filter,
- attmap_group_memberUid,uid);
+ char buf[80],*dn;
+ /* try to translate uid to DN */
+ dn=uid2dn(session,uid,buf,sizeof(buf));
+ if (dn==NULL)
+ return mysnprintf(buffer,buflen,
+ "(&%s(%s=%s))",
+ group_filter,
+ attmap_group_memberUid,uid);
+ else /* also lookup using user DN */
+ return mysnprintf(buffer,buflen,
+ "(&%s(|(%s=%s)(%s=%s)))",
+ group_filter,
+ attmap_group_memberUid,uid,
+ attmap_group_uniqueMember,dn);
}
static void group_init(void)
@@ -353,7 +364,7 @@ NSLCD_HANDLE(
READ_STRING_BUF2(fp,name,sizeof(name)),
log_log(LOG_DEBUG,"nslcd_group_bymember(%s)",name);,
NSLCD_ACTION_GROUP_BYMEMBER,
- mkfilter_group_bymember(name,filter,sizeof(filter)),
+ mkfilter_group_bymember(session,name,filter,sizeof(filter)),
write_group(fp,entry,NULL,NULL,0,session)
)
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index 281d2d0..7113e64 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -160,6 +160,42 @@ char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen)
return buf;
}
+char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen)
+{
+ MYLDAP_SEARCH *search;
+ MYLDAP_ENTRY *entry;
+ static const char *attrs[1];
+ int rc;
+ const char *dn;
+ char filter[1024];
+ /* set up attributes (we don't care, we just want the DN) */
+ attrs[0]=NULL;
+ /* initialize default base, scrope, etc */
+ passwd_init();
+ /* we have to look up the entry */
+ mkfilter_passwd_byname(uid,filter,sizeof(filter));
+ search=myldap_search(session,passwd_base,passwd_scope,filter,attrs);
+ if (search==NULL)
+ return NULL;
+ entry=myldap_get_entry(search,&rc);
+ if (entry==NULL)
+ return NULL;
+ /* get DN */
+ dn=myldap_get_dn(entry);
+ if (strcasecmp(dn,"unknown")==0)
+ {
+ myldap_search_close(search);
+ return NULL;
+ }
+ /* copy into buffer */
+ if (strlen(dn)<buflen)
+ strcpy(buf,dn);
+ else
+ buf=NULL;
+ myldap_search_close(search);
+ return buf;
+}
+
/* the maximum number of uidNumber attributes per entry */
#define MAXUIDS_PER_ENTRY 5