Questions: Recursive group lookup

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Jan Schampera <jan.schampera [at] web.de>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Reply-to: jan.schampera [at] web.de
Subject: Questions: Recursive group lookup
Date: Fri, 29 Jan 2010 17:44:34 +0100

Moo,

I was wondering about recursive lookup of posixGroup using uniqueMember
attributes.

Attached is a patch that kind of works. IT'S TEST CODE, nothing really
serious.

- It just makes nslcd/group.c:getmembers() a bit recursive
- I'm not entirely sure about the memory management there
- I'm not at all sure about the implications of a multithreaded
environment there
- This code is interrupted by myldap_search() if the recursion depth is
too high, that's why there is no own depth counter (in case you wonder)

Any hints or comments for the above issues?

TheBonsai

--- nss-pam-ldapd/nslcd/group.c	2010-01-25 22:06:07.000000000 +0100
+++ nss-pam-ldapd.new/nslcd/group.c	2010-01-29 18:36:02.000000000 +0100
@@ -183,9 +183,17 @@
 /* return the list of members */
 static const char **getmembers(MYLDAP_ENTRY *entry,MYLDAP_SESSION *session)
 {
+  /*
+    THIS IS TEST CODE
+    DO NOT APPLY
+  */
   char buf[20];
-  int i;
+  int i, rec_i;
   const char **values;
+  const char **rec_values;
+  MYLDAP_SEARCH *rec_search;
+  MYLDAP_ENTRY *rec_entry;
+  static const char *rec_attrs[3];
   SET *set;
   set=set_new();
   if (set==NULL)
@@ -207,6 +215,25 @@
       /* transform the DN into a uid (dn2uid() already checks validity) */
       if (dn2uid(session,values[i],buf,sizeof(buf))!=NULL)
         set_add(set,buf);
+      else {
+        rec_attrs[0]=attmap_group_memberUid;
+        rec_attrs[1]=attmap_group_uniqueMember;
+        rec_attrs[2]=NULL;
+        if ((rec_search=myldap_search(session,values[i],LDAP_SCOPE_BASE,
+             group_filter,rec_attrs))==NULL) {
+          /* error: return what we have... */
+          values=set_tolist(set);
+          set_free(set);
+          return values;
+        }
+        while ((rec_entry=myldap_get_entry(rec_search, NULL))!=NULL) {
+          rec_values=getmembers(rec_entry,session);
+            for (rec_i=0;rec_values[rec_i]!=NULL;rec_i++) {
+              if (isvalidname(rec_values[rec_i]))
+                set_add(set,rec_values[rec_i]);
+            }
+        }
+      }
     }
   /* return the members */
   values=set_tolist(set);

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users

Questions: Recursive group lookup, Jan Schampera

Re: Questions: Recursive group lookup, Arthur de Jong
- Re: Questions: Recursive group lookup, Jan Schampera
  - Re: Questions: Recursive group lookup, Jan Schampera
    - Re: Questions: Recursive group lookup, Arthur de Jong

Prev by Date: Re: [nss-pam-ldapd] proposed patch for mutexing the daemon
Next by Date: Re: Questions: Recursive group lookup
Previous by thread: Re: [nss-pam-ldapd] proposed patch for mutexing the daemon
Next by thread: Re: Questions: Recursive group lookup