Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd
diff options
context:
space:
mode:
Diffstat (limited to 'nslcd')
-rw-r--r--nslcd/cfg.c7
-rw-r--r--nslcd/cfg.h1
-rw-r--r--nslcd/group.c30
3 files changed, 26 insertions, 12 deletions
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index c2b9674..056b6e2 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -1089,6 +1089,7 @@ static void cfg_defaults(struct ldap_config *cfg)
cfg->pagesize = 0;
cfg->nss_initgroups_ignoreusers = NULL;
cfg->nss_min_uid = 0;
+ cfg->nss_nested_groups = 0;
cfg->validnames_str = NULL;
handle_validnames(__FILE__, __LINE__, "",
"/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i",
@@ -1408,6 +1409,11 @@ static void cfg_read(const char *filename, struct ldap_config *cfg)
cfg->nss_min_uid = get_int(filename, lnr, keyword, &line);
get_eol(filename, lnr, keyword, &line);
}
+ else if (strcasecmp(keyword, "nss_nested_groups") == 0)
+ {
+ cfg->nss_nested_groups = get_boolean(filename, lnr, keyword, &line);
+ get_eol(filename, lnr, keyword, &line);
+ }
else if (strcasecmp(keyword, "validnames") == 0)
{
handle_validnames(filename, lnr, keyword, line, cfg);
@@ -1671,6 +1677,7 @@ static void cfg_dump(void)
log_log(LOG_DEBUG, "CFG: nss_initgroups_ignoreusers %s", buffer);
}
log_log(LOG_DEBUG, "CFG: nss_min_uid %d", nslcd_cfg->nss_min_uid);
+ log_log(LOG_DEBUG, "CFG: nss_nested_groups %s", print_boolean(nslcd_cfg->nss_nested_groups));
log_log(LOG_DEBUG, "CFG: validnames %s", nslcd_cfg->validnames_str);
log_log(LOG_DEBUG, "CFG: ignorecase %s", print_boolean(nslcd_cfg->ignorecase));
for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++)
diff --git a/nslcd/cfg.h b/nslcd/cfg.h
index 5acb1d0..7caaa02 100644
--- a/nslcd/cfg.h
+++ b/nslcd/cfg.h
@@ -119,6 +119,7 @@ struct ldap_config {
int pagesize; /* set to a greater than 0 to enable handling of paged results with the specified size */
SET *nss_initgroups_ignoreusers; /* the users for which no initgroups() searches should be done */
uid_t nss_min_uid; /* minimum uid for users retrieved from LDAP */
+ int nss_nested_groups; /* maximum group recursion depth */
regex_t validnames; /* the regular expression to determine valid names */
char *validnames_str; /* string version of validnames regexp */
int ignorecase; /* whether or not case should be ignored in lookups */
diff --git a/nslcd/group.c b/nslcd/group.c
index c422585..175fceb 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -322,8 +322,11 @@ static int write_group(TFILE *fp, MYLDAP_ENTRY *entry, const char *reqname,
set = set_new();
if (set != NULL)
{
- seen = set_new();
- subgroups = set_new();
+ if (nslcd_cfg->nss_nested_groups)
+ {
+ seen = set_new();
+ subgroups = set_new();
+ }
/* collect the members from this group */
getmembers(entry, session, set, seen, subgroups);
/* add the members of any nested groups */
@@ -420,17 +423,20 @@ int nslcd_group_bymember(TFILE *fp, MYLDAP_SESSION *session)
log_log(LOG_WARNING, "nslcd_group_bymember(): filter buffer too small");
return -1;
}
- seen = set_new();
- tocheck = set_new();
- if ((seen != NULL) && (tocheck == NULL))
- {
- set_free(seen);
- seen = NULL;
- }
- else if ((tocheck != NULL) && (seen == NULL))
+ if (nslcd_cfg->nss_nested_groups)
{
- set_free(tocheck);
- tocheck = NULL;
+ seen = set_new();
+ tocheck = set_new();
+ if ((seen != NULL) && (tocheck == NULL))
+ {
+ set_free(seen);
+ seen = NULL;
+ }
+ else if ((tocheck != NULL) && (seen == NULL))
+ {
+ set_free(tocheck);
+ tocheck = NULL;
+ }
}
/* perform a search for each search base */
for (i = 0; (base = group_bases[i]) != NULL; i++)