nss-pam-ldapd branch master updated. 0.9.7-28-g5103173

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd branch master updated. 0.9.7-28-g5103173
Date: Tue, 20 Jun 2017 23:10:36 +0200 (CEST)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  510317313cda849d41f4f7d498416dc978d2b842 (commit)
      from  fee74d93917a857ceeeaeb78d41d31603fc9aefc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=510317313cda849d41f4f7d498416dc978d2b842

commit 510317313cda849d41f4f7d498416dc978d2b842
Author: Seth Wright <seth@crosse.org>
Date:   Mon Mar 20 17:09:07 2017 -0400

    Add the ability to offset UID and GID numbers

diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index c373ca5..2e711cf 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -725,6 +725,36 @@
      </listitem>
     </varlistentry>
 
+    <varlistentry id="nss_uid_offset"> <!-- since 0.9.8 -->
+     <term><option>nss_uid_offset</option> 
<replaceable>NUMBER</replaceable></term>
+     <listitem>
+      <para>
+       This option specifies an offset that is added to all
+       <acronym>LDAP</acronym> numeric user ids.
+       This can be used to avoid user id collisions with local users or,
+       when using <literal>objectSid</literal> attributes, for compatibility
+       reasons.
+      </para>
+      <para>
+       The value from the <option>nss_min_uid</option> option is evaluated
+       after applying the offset.
+      </para>
+     </listitem>
+    </varlistentry>
+
+    <varlistentry id="nss_gid_offset"> <!-- since 0.9.8 -->
+     <term><option>nss_gid_offset</option> 
<replaceable>NUMBER</replaceable></term>
+     <listitem>
+      <para>
+       This option specifies an offset that is added to all
+       <acronym>LDAP</acronym> numeric group ids.
+       This can be used to avoid user id collisions with local groups or,
+       when using <literal>objectSid</literal> attributes, for compatibility
+       reasons.
+      </para>
+     </listitem>
+    </varlistentry>
+
     <varlistentry id="nss_nested_groups"> <!-- since 0.9.0 -->
      <term><option>nss_nested_groups</option> yes|no</term>
      <listitem>
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 2b832e2..530ab28 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -1239,6 +1239,8 @@ static void cfg_defaults(struct ldap_config *cfg)
   cfg->pagesize = 0;
   cfg->nss_initgroups_ignoreusers = NULL;
   cfg->nss_min_uid = 0;
+  cfg->nss_uid_offset = 0;
+  cfg->nss_gid_offset = 0;
   cfg->nss_nested_groups = 0;
   cfg->nss_getgrent_skipmembers = 0;
   cfg->nss_disable_enumeration = 0;
@@ -1575,6 +1577,16 @@ static void cfg_read(const char *filename, struct 
ldap_config *cfg)
       cfg->nss_min_uid = get_int(filename, lnr, keyword, &line);
       get_eol(filename, lnr, keyword, &line);
     }
+    else if (strcasecmp(keyword, "nss_uid_offset") == 0)
+    {
+      cfg->nss_uid_offset = get_int(filename, lnr, keyword, &line);
+      get_eol(filename, lnr, keyword, &line);
+    }
+    else if (strcasecmp(keyword, "nss_gid_offset") == 0)
+    {
+      cfg->nss_gid_offset = get_int(filename, lnr, keyword, &line);
+      get_eol(filename, lnr, keyword, &line);
+    }
     else if (strcasecmp(keyword, "nss_nested_groups") == 0)
     {
       cfg->nss_nested_groups = get_boolean(filename, lnr, keyword, &line);
@@ -1864,6 +1876,8 @@ static void cfg_dump(void)
     log_log(LOG_DEBUG, "CFG: nss_initgroups_ignoreusers %s", buffer);
   }
   log_log(LOG_DEBUG, "CFG: nss_min_uid %lu", (unsigned long 
int)nslcd_cfg->nss_min_uid);
+  log_log(LOG_DEBUG, "CFG: nss_uid_offset %lu", (unsigned long 
int)nslcd_cfg->nss_uid_offset);
+  log_log(LOG_DEBUG, "CFG: nss_gid_offset %lu", (unsigned long 
int)nslcd_cfg->nss_gid_offset);
   log_log(LOG_DEBUG, "CFG: nss_nested_groups %s", 
print_boolean(nslcd_cfg->nss_nested_groups));
   log_log(LOG_DEBUG, "CFG: nss_getgrent_skipmembers %s", 
print_boolean(nslcd_cfg->nss_getgrent_skipmembers));
   log_log(LOG_DEBUG, "CFG: nss_disable_enumeration %s", 
print_boolean(nslcd_cfg->nss_disable_enumeration));
diff --git a/nslcd/cfg.h b/nslcd/cfg.h
index 652185e..8f991c7 100644
--- a/nslcd/cfg.h
+++ b/nslcd/cfg.h
@@ -124,6 +124,8 @@ struct ldap_config {
   int pagesize; /* set to a greater than 0 to enable handling of paged results 
with the specified size */
   SET *nss_initgroups_ignoreusers;  /* the users for which no initgroups() 
searches should be done */
   uid_t nss_min_uid;  /* minimum uid for users retrieved from LDAP */
+  uid_t nss_uid_offset; /* offset for uids retrieved from LDAP to avoid local 
uid clashes */
+  gid_t nss_gid_offset; /* offset for gids retrieved from LDAP to avoid local 
gid clashes */
   int nss_nested_groups; /* whether to expand nested groups */
   int nss_getgrent_skipmembers;  /* whether to skip member lookups */
   int nss_disable_enumeration;  /* enumeration turned on or off */
diff --git a/nslcd/group.c b/nslcd/group.c
index eab4bec..09dbb53 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -107,6 +107,7 @@ static int mkfilter_group_byname(const char *name,
    by gid, return -1 on errors */
 static int mkfilter_group_bygid(gid_t gid, char *buffer, size_t buflen)
 {
+  gid -= nslcd_cfg->nss_gid_offset;
   /* if searching for a Windows domain SID */
   if (gidSid != NULL)
   {
@@ -376,6 +377,7 @@ static int write_group(TFILE *fp, MYLDAP_ENTRY *entry, 
const char *reqname,
           return 0;
         }
       }
+      gids[numgids] += nslcd_cfg->nss_gid_offset;
     }
   }
   /* get group passwd (userPassword) (use only first entry) */
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index 7506ad7..016fb73 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -103,6 +103,7 @@ static int mkfilter_passwd_byname(const char *name,
    by uid, return -1 on errors */
 static int mkfilter_passwd_byuid(uid_t uid, char *buffer, size_t buflen)
 {
+  uid -= nslcd_cfg->nss_uid_offset;
   if (uidSid != NULL)
   {
     return mysnprintf(buffer, buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))",
@@ -486,6 +487,7 @@ static int write_passwd(TFILE *fp, MYLDAP_ENTRY *entry, 
const char *requser,
           return 0;
         }
       }
+      uids[numuids] += nslcd_cfg->nss_uid_offset;
       if (uids[numuids] < nslcd_cfg->nss_min_uid)
       {
           log_log(LOG_DEBUG, "%s: %s: less than nss_min_uid",
@@ -529,6 +531,7 @@ static int write_passwd(TFILE *fp, MYLDAP_ENTRY *entry, 
const char *requser,
       return 0;
     }
   }
+  gid += nslcd_cfg->nss_gid_offset;
   /* get the gecos for this entry */
   attmap_get_value(entry, attmap_passwd_gecos, gecos, sizeof(gecos));
   /* get the home directory for this entry */

-----------------------------------------------------------------------

Summary of changes:
 man/nslcd.conf.5.xml | 30 ++++++++++++++++++++++++++++++
 nslcd/cfg.c          | 14 ++++++++++++++
 nslcd/cfg.h          |  2 ++
 nslcd/group.c        |  2 ++
 nslcd/passwd.c       |  3 +++
 5 files changed, 51 insertions(+)


hooks/post-receive
-- 
nss-pam-ldapd
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-commits/

nss-pam-ldapd branch master updated. 0.9.7-28-g5103173, Commits of the nss-pam-ldapd project

Prev by Date: nss-pam-ldapd branch master updated. 0.9.7-27-gfee74d9
Next by Date: nss-pam-ldapd branch master updated. 0.9.7-31-g7920d85
Previous by thread: nss-pam-ldapd branch master updated. 0.9.7-27-gfee74d9
Next by thread: nss-pam-ldapd branch master updated. 0.9.7-31-g7920d85