Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/group.c
Commit message (Collapse)AuthorAgeFilesLines
* Implement a nss_nested_groups configuration optionArthur de Jong2013-03-241-12/+18
| | | | | | This option can be used in both nslcd and pynslcd to enable recursive group member lookups. By default the functionality is disabled. This also updates the documentation.
* Implement support for nested groups in nslcdArthur de Jong2013-03-241-24/+162
| | | | | | | | | | | This differs from the code provided by Steve Hill in that it avoids (recursively) performing parallel LDAP searches by queueing groups and check for extra members per queued group (in the forward lookup) or check for extra parents (for the user to groups lookup). For the reverse lookup handling the NSLCD_HANDLE macro could no longer be used because extra care should be taken to free the sets before returning and two search phases are needed.
* Implement a mkfilter_group_bymemberdn() functionSteve Hill2013-03-241-0/+15
| | | | | | | | This was part of a bigger change to implement nested groups, however most of the other parts were re-implemented differently. For the original changes, see: http://lists.arthurdejong.org/nss-pam-ldapd-users/2013/msg00034.html
* check result of set_tolist() to ensure that memory ↵Arthur de Jong2013-01-121-1/+6
| | | | | | allocation problems are logged git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1911 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove the ldc_ prefix from struct ldap_config fieldsArthur de Jong2012-12-301-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
* move the action argument to NSLCD_HANDLE to the frontArthur de Jong2012-12-231-8/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1877 ef36b2f9-881f-0410-afb5-c4e39611909c
* update C coding style to a more commonly used styleArthur de Jong2012-12-221-141/+135
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch protocol from host byte order to network byte ↵Arthur de Jong2012-12-161-2/+2
| | | | | | order and switch use of uid_t and gid_t in the protocol to int32 git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1864 ef36b2f9-881f-0410-afb5-c4e39611909c
* ensure that values are logged as unsigned numbersArthur de Jong2012-11-221-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1838 ef36b2f9-881f-0410-afb5-c4e39611909c
* grow all search filter buffers to 4096 bytes (thanks flavio)Arthur de Jong2012-09-141-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1763 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement extra range checking of all numeric valuesArthur de Jong2012-05-201-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1694 ef36b2f9-881f-0410-afb5-c4e39611909c
* make whether or not to do case-sensitive filtering ↵Arthur de Jong2012-03-131-1/+1
| | | | | | configurable (patch by Matthew L. Dailey) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1634 ef36b2f9-881f-0410-afb5-c4e39611909c
* Use an explicit base of 10 for ↵Jakub Hrozek2011-09-301-1/+1
| | | | | | strtouid()/strtogid()/strtol() calls git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1547 ef36b2f9-881f-0410-afb5-c4e39611909c
* make validation log messages consistentArthur de Jong2011-09-091-8/+8
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1542 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide strtouid() and strtogid() functions that use ↵Arthur de Jong2011-08-271-1/+1
| | | | | | strtoul() or strtoull() (thanks Jakub Hrozek) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1524 ef36b2f9-881f-0410-afb5-c4e39611909c
* check errno after calls to strtol() to ensure that ↵Arthur de Jong2011-08-271-0/+7
| | | | | | numbers that are too large for type will be reported (thanks Jakub Hrozek) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1523 ef36b2f9-881f-0410-afb5-c4e39611909c
* implementation of myldap_get_values_len() to use ↵Arthur de Jong2011-08-051-1/+1
| | | | | | ldap_get_values_len() instead of ldap_get_values() to fix some problems with binary data in returned attribute values (patch by Wesley Mason) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1485 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch to using the member attribute by default instead ↵Arthur de Jong2011-08-031-7/+7
| | | | | | of uniqueMember git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1484 ef36b2f9-881f-0410-afb5-c4e39611909c
* make buffer sizes consistent, grow gidNumber buffer to ↵Arthur de Jong2011-07-021-5/+5
| | | | | | hold larger numbers and small consistency improvements git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1476 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide replacement implementation for strndup() for ↵Arthur de Jong2011-04-151-0/+1
| | | | | | systems that don't have it git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1427 ef36b2f9-881f-0410-afb5-c4e39611909c
* support using the objectSid attribute to provide numeric ↵Arthur de Jong2011-04-151-10/+37
| | | | | | user and group ids, based on a patch by Wesley Mason git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1425 ef36b2f9-881f-0410-afb5-c4e39611909c
* make user and group name validation errors a little more ↵Arthur de Jong2011-04-031-3/+3
| | | | | | informative git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1423 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow attribute mapping with an expression for the ↵Arthur de Jong2010-12-281-9/+13
| | | | | | userPassword attribute for passwd, group and shadow entries and by default map it to the unmatchable password ("*") to avoid accidentally leaking password information git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1346 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a nss_min_uid option to filter user entries ↵Arthur de Jong2010-12-201-1/+0
| | | | | | returned by LDAP git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1338 ef36b2f9-881f-0410-afb5-c4e39611909c
* log the request with any logged messagesArthur de Jong2010-11-071-9/+10
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1301 ef36b2f9-881f-0410-afb5-c4e39611909c
* update description of group schema supportedArthur de Jong2010-09-261-5/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1217 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove commented out memberOf and ipNetmaskNumber ↵Arthur de Jong2010-06-121-1/+0
| | | | | | attributes and small cleanups git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1138 ef36b2f9-881f-0410-afb5-c4e39611909c
* tune some buffer sizes and small cleanupsArthur de Jong2010-05-071-7/+6
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1087 ef36b2f9-881f-0410-afb5-c4e39611909c
* add an nss_initgroups_ignoreusers option to ignore ↵Arthur de Jong2010-03-201-0/+9
| | | | | | username to group lookups for the specified users git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1076 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix commentArthur de Jong2009-12-271-2/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1035 ef36b2f9-881f-0410-afb5-c4e39611909c
* change dict and set API to perform loops with a list of ↵Arthur de Jong2009-12-131-24/+9
| | | | | | strings instead of loop_first() and loop_next() functions git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1028 ef36b2f9-881f-0410-afb5-c4e39611909c
* give search filter escaping buffers more logical namesArthur de Jong2009-11-011-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1014 ef36b2f9-881f-0410-afb5-c4e39611909c
* also do proper escaping in mkfilter_group_bymember()Arthur de Jong2009-11-011-7/+15
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1013 ef36b2f9-881f-0410-afb5-c4e39611909c
* rename software to nss-pam-ldapdArthur de Jong2009-08-311-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@978 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix off by one error in the maximum number of gidNumber ↵Arthur de Jong2009-06-291-1/+1
| | | | | | attributes in an LDAP group entry git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@957 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement case-sensitive filtering for group, netgroup, ↵Arthur de Jong2009-06-061-18/+8
| | | | | | passwd, protocols, rpc, services and shadow lookups git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@934 ef36b2f9-881f-0410-afb5-c4e39611909c
* refactor protocol reading and writing macros to the ↵Arthur de Jong2009-05-291-2/+2
| | | | | | common directory, use more logical names and in the PAM module no longer use NSS status codes (import of r887 from nss-pam-ldapd) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@904 ef36b2f9-881f-0410-afb5-c4e39611909c
* initialise database modules only once after parsing configArthur de Jong2009-05-241-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@893 ef36b2f9-881f-0410-afb5-c4e39611909c
* support multiple search bases, partially based on a ↵Arthur de Jong2009-05-241-5/+7
| | | | | | patch by Leigh Wedding <lwedding@bigpond.com> git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@892 ef36b2f9-881f-0410-afb5-c4e39611909c
* clear up protocol description in nslcd.h, renaming ↵Arthur de Jong2009-04-191-1/+1
| | | | | | NSLCD_RESULT_SUCCESS to NSLCD_RESULT_BEGIN git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@834 ef36b2f9-881f-0410-afb5-c4e39611909c
* combine isvalidusername() and isvalidgroupname() into ↵Arthur de Jong2008-06-131-40/+4
| | | | | | isvalidname() because they are similar enough and we just want to check to see if it is a reasonable name (e.g. not a DN) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@759 ef36b2f9-881f-0410-afb5-c4e39611909c
* miscellaneous portability improvementsArthur de Jong2008-06-061-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@742 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix tests for valid user and group namesArthur de Jong2008-04-201-5/+5
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@690 ef36b2f9-881f-0410-afb5-c4e39611909c
* add checks for valid user and group names in incoming ↵Arthur de Jong2008-04-201-20/+74
| | | | | | requests and for data returned from LDAP git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@689 ef36b2f9-881f-0410-afb5-c4e39611909c
* only support uniqueMember containing DN valuesArthur de Jong2008-04-201-14/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@688 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix warning message to not refer to aliasArthur de Jong2008-04-201-2/+2
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@687 ef36b2f9-881f-0410-afb5-c4e39611909c
* correctly call set_free() instead of free()Arthur de Jong2008-04-191-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@683 ef36b2f9-881f-0410-afb5-c4e39611909c
* use the new set data structure to gather the group membersArthur de Jong2008-04-191-59/+21
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@682 ef36b2f9-881f-0410-afb5-c4e39611909c
* properly handle the case where dn2uid() couldn't do a ↵Arthur de Jong2008-04-061-2/+2
| | | | | | DN->uid lookup git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@672 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix member->group searches by also searching for DN in ↵Arthur de Jong2008-04-051-6/+17
| | | | | | uniqueMember attribute git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@663 ef36b2f9-881f-0410-afb5-c4e39611909c