nss-pam-ldapd branch master updated. 0.9.2-18-gbe94912
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd branch master updated. 0.9.2-18-gbe94912
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd branch master updated. 0.9.2-18-gbe94912
- Date: Sun, 5 Jan 2014 21:44:19 +0100 (CET)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".
The branch, master has been updated
via be94912a9d236bbe3d5b0e17b771727b0054906d (commit)
via 0d3fa5d2621e771283c75f10cb4d3cba9a56be52 (commit)
from 8e74848cff12ea9902c59081515d46fc51d6f545 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=be94912a9d236bbe3d5b0e17b771727b0054906d
commit be94912a9d236bbe3d5b0e17b771727b0054906d
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun Jan 5 21:36:09 2014 +0100
Support blanking the member attribute
This allows remapping the member attribute to an empty string which
removes support for that attribute. This can reduce the number of search
operations if the attribute is not used.
diff --git a/nslcd/attmap.c b/nslcd/attmap.c
index 08130fa..1911273 100644
--- a/nslcd/attmap.c
+++ b/nslcd/attmap.c
@@ -2,7 +2,7 @@
attmap.c - attribute mapping values and functions
This file is part of the nss-pam-ldapd library.
- Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
+ Copyright (C) 2007-2014 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -217,6 +217,7 @@ const char *attmap_set_mapping(const char **var, const char
*value)
(note that this needs to match the functionality in the specific
lookup module) */
if ((var != &attmap_group_userPassword) &&
+ (var != &attmap_group_member) &&
(var != &attmap_passwd_userPassword) &&
(var != &attmap_passwd_gidNumber) &&
(var != &attmap_passwd_gecos) &&
@@ -231,6 +232,9 @@ const char *attmap_set_mapping(const char **var, const char
*value)
(var != &attmap_shadow_shadowExpire) &&
(var != &attmap_shadow_shadowFlag))
return NULL;
+ /* the member attribute may only be set to an empty string */
+ if ((var == attmap_group_member) && (strcmp(value, "\"\"") != 0))
+ return NULL;
}
/* check if the value will be changed */
if ((*var == NULL) || (strcmp(*var, value) != 0))
diff --git a/nslcd/group.c b/nslcd/group.c
index 5ce6730..1455930 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -123,7 +123,8 @@ static int mkfilter_group_bymember(MYLDAP_SESSION *session,
if (myldap_escape(uid, safeuid, sizeof(safeuid)))
return -1;
/* try to translate uid to DN */
- if (uid2dn(session, uid, dn, sizeof(dn)) == NULL)
+ if ((strcasecmp(attmap_group_member, "\"\"") == 0) ||
+ (uid2dn(session, uid, dn, sizeof(dn)) == NULL))
return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
group_filter, attmap_group_memberUid, safeuid);
/* escape DN */
@@ -227,6 +228,9 @@ static void getmembers(MYLDAP_ENTRY *entry, MYLDAP_SESSION
*session,
if (isvalidname(values[i]))
set_add(members, values[i]);
}
+ /* skip rest if attmap_group_member is blank */
+ if (strcasecmp(attmap_group_member, "\"\"") == 0)
+ return;
/* add the member values */
values = myldap_get_values(entry, attmap_group_member);
if (values != NULL)
@@ -423,7 +427,7 @@ int nslcd_group_bymember(TFILE *fp, MYLDAP_SESSION *session)
log_log(LOG_WARNING, "nslcd_group_bymember(): filter buffer too small");
return -1;
}
- if (nslcd_cfg->nss_nested_groups)
+ if ((nslcd_cfg->nss_nested_groups) && (strcasecmp(attmap_group_member,
"\"\"") != 0))
{
seen = set_new();
tocheck = set_new();
diff --git a/pynslcd/group.py b/pynslcd/group.py
index da2d315..c8abfe5 100644
--- a/pynslcd/group.py
+++ b/pynslcd/group.py
@@ -1,7 +1,7 @@
# group.py - group entry lookup routines
#
-# Copyright (C) 2010, 2011, 2012, 2013 Arthur de Jong
+# Copyright (C) 2010-2014 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -55,8 +55,10 @@ class Search(search.LDAPSearch):
if 'memberUid' in self.parameters or 'member' in self.parameters:
# set up our own attributes that leave out membership attributes
self.attributes = list(self.attributes)
- self.attributes.remove(attmap['memberUid'])
- self.attributes.remove(attmap['member'])
+ if attmap['memberUid'] in self.attributes:
+ self.attributes.remove(attmap['memberUid'])
+ if attmap['member'] in self.attributes:
+ self.attributes.remove(attmap['member'])
def mk_filter(self):
# we still need a custom mk_filter because this is an | query
@@ -125,15 +127,16 @@ class GroupRequest(common.Request):
if common.is_valid_name(member):
members.add(member)
# translate and add the member values
- for memberdn in clean(attributes['member']):
- if memberdn in seen:
- continue
- seen.add(memberdn)
- member = passwd.dn2uid(self.conn, memberdn)
- if member and common.is_valid_name(member):
- members.add(member)
- elif cfg.nss_nested_groups:
- subgroups.append(memberdn)
+ if attmap['member']:
+ for memberdn in clean(attributes['member']):
+ if memberdn in seen:
+ continue
+ seen.add(memberdn)
+ member = passwd.dn2uid(self.conn, memberdn)
+ if member and common.is_valid_name(member):
+ members.add(member)
+ elif cfg.nss_nested_groups:
+ subgroups.append(memberdn)
def convert(self, dn, attributes, parameters):
# get group names and check against requested group name
@@ -200,7 +203,7 @@ class GroupByMemberRequest(GroupRequest):
seen.add(dn)
for values in self.convert(dn, attributes, parameters):
yield values
- if cfg.nss_nested_groups:
+ if cfg.nss_nested_groups and attmap['member']:
tocheck = list(seen)
# find parent groups
while tocheck:
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=0d3fa5d2621e771283c75f10cb4d3cba9a56be52
commit 0d3fa5d2621e771283c75f10cb4d3cba9a56be52
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun Jan 5 15:11:40 2014 +0100
Fix typo
diff --git a/nslcd/group.c b/nslcd/group.c
index 725b196..5ce6730 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -315,7 +315,7 @@ static int write_group(TFILE *fp, MYLDAP_ENTRY *entry,
const char *reqname,
passbuffer, sizeof(passbuffer));
if (passwd == NULL)
passwd = default_group_userPassword;
- /* get group memebers (memberUid&member) */
+ /* get group members (memberUid&member) */
if (wantmembers)
{
set = set_new();
-----------------------------------------------------------------------
Summary of changes:
nslcd/attmap.c | 6 +++++-
nslcd/group.c | 10 +++++++---
pynslcd/group.py | 29 ++++++++++++++++-------------
3 files changed, 28 insertions(+), 17 deletions(-)
hooks/post-receive
--
nss-pam-ldapd
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/
- nss-pam-ldapd branch master updated. 0.9.2-18-gbe94912,
Commits of the nss-pam-ldapd project
