nss-pam-ldapd branch master updated. 0.9.2-32-g4211961
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd branch master updated. 0.9.2-32-g4211961
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd branch master updated. 0.9.2-32-g4211961
- Date: Fri, 31 Jan 2014 21:27:50 +0100 (CET)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".
The branch, master has been updated
via 4211961e35501ef89b2897dd1e633f2a983447a7 (commit)
from f6a067594d2527f0ce950c3117138df09413c007 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=4211961e35501ef89b2897dd1e633f2a983447a7
commit 4211961e35501ef89b2897dd1e633f2a983447a7
Author: Davy Defaud <davy.defaud@free.fr>
Date: Thu Jan 30 14:48:24 2014 +0100
Support builtin Windows groups
This maps the gid (gidNumber) to an AD SID for builtin groups when
searching a group by gid (RID) between 544 and 552. In that case the SID
prefix is not the domain's prefix (S-1-5-21-dddddd-dddddd-dddddd) but
the BUILTIN SID prefix (1-5-32).
For example, if you add a user to the Administrators builtin group
(S-1-5-32-544), now you should be able to get this group through nslcd,
instead of receiving an error message.
diff --git a/nslcd/group.c b/nslcd/group.c
index ffaeb80..390e398 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -72,6 +72,11 @@ const char *attmap_group_member = "member";
(these are already LDAP-escaped strings) */
static char *gidSid = NULL;
+/* BUILTIN SID definitions */
+static char *builtinSid = NULL;
+const gid_t min_builtin_rid = 544;
+const gid_t max_builtin_rid = 552;
+
/* default values for attributes */
static const char *default_group_userPassword = "*"; /* unmatchable */
@@ -99,8 +104,15 @@ static int mkfilter_group_byname(const char *name,
by gid, return -1 on errors */
static int mkfilter_group_bygid(gid_t gid, char *buffer, size_t buflen)
{
+ /* if searching for a Windows domain SID */
if (gidSid != NULL)
{
+ /* the given gid is a BUILTIN gid, the SID prefix is not the domain SID */
+ if ((gid >= min_builtin_rid) && (gid <= max_builtin_rid))
+ return mysnprintf(buffer, buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))",
+ group_filter, attmap_group_gidNumber, builtinSid,
+ (int)(gid & 0xff), (int)((gid >> 8) & 0xff),
+ (int)((gid >> 16) & 0xff), (int)((gid >> 24) & 0xff));
return mysnprintf(buffer, buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))",
group_filter, attmap_group_gidNumber, gidSid,
(int)(gid & 0xff), (int)((gid >> 8) & 0xff),
@@ -168,6 +180,7 @@ void group_init(void)
if (strncasecmp(attmap_group_gidNumber, "objectSid:", 10) == 0)
{
gidSid = sid2search(attmap_group_gidNumber + 10);
+ builtinSid = sid2search("S-1-5-32");
attmap_group_gidNumber = strndup(attmap_group_gidNumber, 9);
}
/* set up attribute list */
-----------------------------------------------------------------------
Summary of changes:
nslcd/group.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
hooks/post-receive
--
nss-pam-ldapd
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/
- nss-pam-ldapd branch master updated. 0.9.2-32-g4211961,
Commits of the nss-pam-ldapd project
