Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/nslcd/group.c
Commit message (Collapse)AuthorAgeFilesLines
* Add the ability to offset UID and GID numbersSeth Wright2017-06-201-0/+2
|
* Implement nss_getgrent_skipmembersArthur de Jong2015-04-201-3/+6
| | | | | | | This option allows skipping group member list retrieval to improve performance with very large groups. This option results in inconsistent group membership information being presented that may confuse some applications.
* uid_t/gid_t should be formatted as unsigned longJason Luan2014-09-301-2/+2
| | | | | | | | | mmkfilter_passwd_byuid()/mkfilter_group_bygid() get wrong filter string because "%d" will return negative when uid/gid larger than 2^31, and result to "Authentiction failure". This also changes the other places where uid_t or gid_t values are formatted.
* Make buffer size error logging consistentArthur de Jong2014-05-041-0/+12
| | | | | This adds logging of most cases where a defined buffer is not large enough to hold provided data on error log level.
* Support builtin Windows groupsDavy Defaud2014-01-311-0/+13
| | | | | | | | | | | This maps the gid (gidNumber) to an AD SID for builtin groups when searching a group by gid (RID) between 544 and 552. In that case the SID prefix is not the domain's prefix (S-1-5-21-dddddd-dddddd-dddddd) but the BUILTIN SID prefix (1-5-32). For example, if you add a user to the Administrators builtin group (S-1-5-32-544), now you should be able to get this group through nslcd, instead of receiving an error message.
* Use myldap_get_deref_values() to get member uidsArthur de Jong2014-01-051-0/+21
| | | | | | | This uses information from the deref control (if available) to get the username for each of the members of the group. Any missing deref member attribute values will be seen as nested groups and will be traversed if nested group support is enabled.
* Skip member attributes in bymember searchArthur de Jong2014-01-051-2/+17
| | | | | | | This changes the group by member searches to not request the member attributes. This will speed up result parsing by a fraction because less data is transferred but will also cause the deref control not to be added to these searches.
* Support blanking the member attributeArthur de Jong2014-01-051-2/+6
| | | | | | This allows remapping the member attribute to an empty string which removes support for that attribute. This can reduce the number of search operations if the attribute is not used.
* Fix typoArthur de Jong2014-01-051-1/+1
|
* Fix memory leaks related to set_pop()Arthur de Jong2014-01-051-2/+6
| | | | | | | | | | | | | Some pieces of code did not properly free() the value returned by set_pop(). The leak in group code was related to the introduction of nested group functionality in 41ba574 (merged in 3daa68d) so should only be present in releases 0.9.0 forward. The leak in the netgroup code only ended up in the Solaris version of the NSS module and was introduced in 4ea9ad1 (merged in 5c8779d). This leak is present in all releases from 0.8.0 forward.
* Centralise buffer sizesArthur de Jong2013-12-181-12/+12
| | | | | | Common buffer sizes are now stored centrally so it can be easily and consistently updated if required. Some buffers remain with locally defined sizes that do not match a global buffer size.
* Fix a number of compiler warningsArthur de Jong2013-10-291-3/+2
| | | | | This includes a number of small fixes for issues that were formerly masked by the incorrect AC_LANG_PROGRAM check.
* Increase password buffer sizeBersl2013-08-281-1/+1
| | | | With the smaller buffers some password hashes would be truncated.
* Implement a nss_nested_groups configuration optionArthur de Jong2013-03-241-12/+18
| | | | | | This option can be used in both nslcd and pynslcd to enable recursive group member lookups. By default the functionality is disabled. This also updates the documentation.
* Implement support for nested groups in nslcdArthur de Jong2013-03-241-24/+162
| | | | | | | | | | | This differs from the code provided by Steve Hill in that it avoids (recursively) performing parallel LDAP searches by queueing groups and check for extra members per queued group (in the forward lookup) or check for extra parents (for the user to groups lookup). For the reverse lookup handling the NSLCD_HANDLE macro could no longer be used because extra care should be taken to free the sets before returning and two search phases are needed.
* Implement a mkfilter_group_bymemberdn() functionSteve Hill2013-03-241-0/+15
| | | | | | | | This was part of a bigger change to implement nested groups, however most of the other parts were re-implemented differently. For the original changes, see: http://lists.arthurdejong.org/nss-pam-ldapd-users/2013/msg00034.html
* check result of set_tolist() to ensure that memory ↵Arthur de Jong2013-01-121-1/+6
| | | | | | allocation problems are logged git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1911 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove the ldc_ prefix from struct ldap_config fieldsArthur de Jong2012-12-301-4/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1887 ef36b2f9-881f-0410-afb5-c4e39611909c
* move the action argument to NSLCD_HANDLE to the frontArthur de Jong2012-12-231-8/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1877 ef36b2f9-881f-0410-afb5-c4e39611909c
* update C coding style to a more commonly used styleArthur de Jong2012-12-221-141/+135
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1873 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch protocol from host byte order to network byte ↵Arthur de Jong2012-12-161-2/+2
| | | | | | order and switch use of uid_t and gid_t in the protocol to int32 git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1864 ef36b2f9-881f-0410-afb5-c4e39611909c
* ensure that values are logged as unsigned numbersArthur de Jong2012-11-221-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1838 ef36b2f9-881f-0410-afb5-c4e39611909c
* grow all search filter buffers to 4096 bytes (thanks flavio)Arthur de Jong2012-09-141-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1763 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement extra range checking of all numeric valuesArthur de Jong2012-05-201-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1694 ef36b2f9-881f-0410-afb5-c4e39611909c
* make whether or not to do case-sensitive filtering ↵Arthur de Jong2012-03-131-1/+1
| | | | | | configurable (patch by Matthew L. Dailey) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1634 ef36b2f9-881f-0410-afb5-c4e39611909c
* Use an explicit base of 10 for ↵Jakub Hrozek2011-09-301-1/+1
| | | | | | strtouid()/strtogid()/strtol() calls git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1547 ef36b2f9-881f-0410-afb5-c4e39611909c
* make validation log messages consistentArthur de Jong2011-09-091-8/+8
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1542 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide strtouid() and strtogid() functions that use ↵Arthur de Jong2011-08-271-1/+1
| | | | | | strtoul() or strtoull() (thanks Jakub Hrozek) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1524 ef36b2f9-881f-0410-afb5-c4e39611909c
* check errno after calls to strtol() to ensure that ↵Arthur de Jong2011-08-271-0/+7
| | | | | | numbers that are too large for type will be reported (thanks Jakub Hrozek) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1523 ef36b2f9-881f-0410-afb5-c4e39611909c
* implementation of myldap_get_values_len() to use ↵Arthur de Jong2011-08-051-1/+1
| | | | | | ldap_get_values_len() instead of ldap_get_values() to fix some problems with binary data in returned attribute values (patch by Wesley Mason) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1485 ef36b2f9-881f-0410-afb5-c4e39611909c
* switch to using the member attribute by default instead ↵Arthur de Jong2011-08-031-7/+7
| | | | | | of uniqueMember git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1484 ef36b2f9-881f-0410-afb5-c4e39611909c
* make buffer sizes consistent, grow gidNumber buffer to ↵Arthur de Jong2011-07-021-5/+5
| | | | | | hold larger numbers and small consistency improvements git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1476 ef36b2f9-881f-0410-afb5-c4e39611909c
* provide replacement implementation for strndup() for ↵Arthur de Jong2011-04-151-0/+1
| | | | | | systems that don't have it git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1427 ef36b2f9-881f-0410-afb5-c4e39611909c
* support using the objectSid attribute to provide numeric ↵Arthur de Jong2011-04-151-10/+37
| | | | | | user and group ids, based on a patch by Wesley Mason git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1425 ef36b2f9-881f-0410-afb5-c4e39611909c
* make user and group name validation errors a little more ↵Arthur de Jong2011-04-031-3/+3
| | | | | | informative git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1423 ef36b2f9-881f-0410-afb5-c4e39611909c
* allow attribute mapping with an expression for the ↵Arthur de Jong2010-12-281-9/+13
| | | | | | userPassword attribute for passwd, group and shadow entries and by default map it to the unmatchable password ("*") to avoid accidentally leaking password information git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1346 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement a nss_min_uid option to filter user entries ↵Arthur de Jong2010-12-201-1/+0
| | | | | | returned by LDAP git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1338 ef36b2f9-881f-0410-afb5-c4e39611909c
* log the request with any logged messagesArthur de Jong2010-11-071-9/+10
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1301 ef36b2f9-881f-0410-afb5-c4e39611909c
* update description of group schema supportedArthur de Jong2010-09-261-5/+4
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1217 ef36b2f9-881f-0410-afb5-c4e39611909c
* remove commented out memberOf and ipNetmaskNumber ↵Arthur de Jong2010-06-121-1/+0
| | | | | | attributes and small cleanups git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1138 ef36b2f9-881f-0410-afb5-c4e39611909c
* tune some buffer sizes and small cleanupsArthur de Jong2010-05-071-7/+6
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1087 ef36b2f9-881f-0410-afb5-c4e39611909c
* add an nss_initgroups_ignoreusers option to ignore ↵Arthur de Jong2010-03-201-0/+9
| | | | | | username to group lookups for the specified users git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1076 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix commentArthur de Jong2009-12-271-2/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1035 ef36b2f9-881f-0410-afb5-c4e39611909c
* change dict and set API to perform loops with a list of ↵Arthur de Jong2009-12-131-24/+9
| | | | | | strings instead of loop_first() and loop_next() functions git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1028 ef36b2f9-881f-0410-afb5-c4e39611909c
* give search filter escaping buffers more logical namesArthur de Jong2009-11-011-3/+3
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1014 ef36b2f9-881f-0410-afb5-c4e39611909c
* also do proper escaping in mkfilter_group_bymember()Arthur de Jong2009-11-011-7/+15
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1013 ef36b2f9-881f-0410-afb5-c4e39611909c
* rename software to nss-pam-ldapdArthur de Jong2009-08-311-1/+1
| | | | git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@978 ef36b2f9-881f-0410-afb5-c4e39611909c
* fix off by one error in the maximum number of gidNumber ↵Arthur de Jong2009-06-291-1/+1
| | | | | | attributes in an LDAP group entry git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@957 ef36b2f9-881f-0410-afb5-c4e39611909c
* implement case-sensitive filtering for group, netgroup, ↵Arthur de Jong2009-06-061-18/+8
| | | | | | passwd, protocols, rpc, services and shadow lookups git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@934 ef36b2f9-881f-0410-afb5-c4e39611909c
* refactor protocol reading and writing macros to the ↵Arthur de Jong2009-05-291-2/+2
| | | | | | common directory, use more logical names and in the PAM module no longer use NSS status codes (import of r887 from nss-pam-ldapd) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@904 ef36b2f9-881f-0410-afb5-c4e39611909c