rpms/nss_ldap/devel nss_ldap-257-initgroups-minimum_uid.patch, NONE, 1.1
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Thu Sep 20 19:06:57 UTC 2007
Author: nalin
Update of /cvs/pkgs/rpms/nss_ldap/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24992
Added Files:
nss_ldap-257-initgroups-minimum_uid.patch
Log Message:
- attempt at implementing a minimum UID for initgroups, so that I can avoid
maintaining a list of excluded users for evar
nss_ldap-257-initgroups-minimum_uid.patch:
--- NEW FILE nss_ldap-257-initgroups-minimum_uid.patch ---
diff -ur nss_ldap/ldap-grp.c nss_ldap/ldap-grp.c
--- nss_ldap/ldap-grp.c 2007-08-03 00:51:09.000000000 -0400
+++ nss_ldap/ldap-grp.c 2007-09-20 14:32:14.000000000 -0400
@@ -1068,6 +1069,13 @@
return NSS_NOTFOUND;
}
+ if (_nss_ldap_test_initgroups_minimum_uid(LA_STRING (a)))
+ {
+ debug ("<== " NSS_LDAP_INITGROUPS_FUNCTION " (user id below configured minimum)");
+ return NSS_NOTFOUND;
+ }
+
+
lia.backlink = _nss_ldap_test_config_flag (NSS_LDAP_FLAGS_INITGROUPS_BACKLINK);
if (lia.backlink != 0)
diff -ur nss_ldap/ldap-nss.c nss_ldap/ldap-nss.c
--- nss_ldap/ldap-nss.c 2007-09-20 14:35:18.000000000 -0400
+++ nss_ldap/ldap-nss.c 2007-09-20 14:33:01.000000000 -0400
@@ -44,6 +44,7 @@
#include <syslog.h>
#include <signal.h>
#include <fcntl.h>
+#include <pwd.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <sys/param.h>
@@ -4245,6 +4246,33 @@
}
int
+_nss_ldap_test_initgroups_minimum_uid (const char *user)
+{
+ struct passwd passwd, *pwd;
+ char *buf = NULL;
+ size_t size = 0x40;
+ uid_t uid;
+ NSS_STATUS status;
+
+ do {
+ if ((buf = malloc(size)) == NULL)
+ return 0;
+ pwd = NULL;
+ errno = 0;
+ status = getpwnam_r(user, &passwd, buf, size, &pwd);
+ uid = passwd.pw_uid;
+ free(buf);
+ if ((status != 0) && (errno == ERANGE))
+ size *= 2;
+ if ((status == 0) && (pwd == &passwd))
+ return (uid < __config->ldc_initgroups_minimum_uid);
+ if (size > 0x40000)
+ return 0;
+ } while ((status != 0) && (errno == ERANGE));
+ return 0;
+}
+
+int
_nss_ldap_get_ld_errno (char **m, char **s)
{
#ifdef HAVE_LDAP_GET_OPTION
diff -ur nss_ldap/ldap-nss.h nss_ldap/ldap-nss.h
--- nss_ldap/ldap-nss.h 2007-09-20 14:35:18.000000000 -0400
+++ nss_ldap/ldap-nss.h 2007-09-20 14:33:24.000000000 -0400
@@ -390,6 +390,7 @@
time_t ldc_mtime;
char **ldc_initgroups_ignoreusers;
+ int ldc_initgroups_minimum_uid;
};
typedef struct ldap_config ldap_config_t;
@@ -897,6 +898,7 @@
int _nss_ldap_test_config_flag (unsigned int flag);
int _nss_ldap_test_initgroups_ignoreuser (const char *user);
+int _nss_ldap_test_initgroups_minimum_uid (const char *user);
int _nss_ldap_get_ld_errno (char **m, char **s);
#endif /* _LDAP_NSS_LDAP_LDAP_NSS_H */
diff -ur nss_ldap/util.c nss_ldap/util.c
--- nss_ldap/util.c 2007-09-20 14:35:18.000000000 -0400
+++ nss_ldap/util.c 2007-09-20 14:29:49.000000000 -0400
@@ -660,6 +660,7 @@
result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME;
result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES;
result->ldc_initgroups_ignoreusers = NULL;
+ result->ldc_initgroups_minimum_uid = 0;
for (i = 0; i <= LM_NONE; i++)
{
@@ -1137,6 +1138,10 @@
break;
}
}
+ else if (!strcasecmp (k, NSS_LDAP_KEY_INITGROUPS_MINIMUM_UID))
+ {
+ result->ldc_initgroups_minimum_uid = atoi (v);
+ }
else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY))
{
if (!strcasecmp (v, "oneshot"))
diff -ur nss_ldap/util.h nss_ldap/util.h
--- nss_ldap/util.h 2007-09-20 14:35:18.000000000 -0400
+++ nss_ldap/util.h 2007-09-20 14:25:28.000000000 -0400
@@ -83,6 +83,7 @@
#define NSS_LDAP_KEY_PAGESIZE "pagesize"
#define NSS_LDAP_KEY_INITGROUPS "nss_initgroups"
#define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers"
+#define NSS_LDAP_KEY_INITGROUPS_MINIMUM_UID "nss_initgroups_minimum_uid"
/* more reconnect policy fine-tuning */
#define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries"
--- nss_ldap/nss_ldap.5 2007-08-03 00:51:09.000000000 -0400
+++ nss_ldap/nss_ldap.5 2007-09-20 14:44:59.000000000 -0400
@@ -442,9 +442,17 @@
.B nss_ldap
implementation of
.BR initgroups(3)
-to return NSS_STATUS_NOTFOUND if called with a listed users as
+to return NSS_STATUS_NOTFOUND if called with one of the listed users as
its argument.
.TP
+.B nss_initgroups_minimum_uid <uid>
+This option directs the
+.B nss_ldap
+implementation of
+.BR initgroups(3)
+to return NSS_STATUS_NOTFOUND if called with a users whose user ID
+is below the specified value.
+.TP
.B nss_srv_domain <domain>
This option determines the DNS domain used for performing SRV
lookups.
More information about the fedora-extras-commits
mailing list