summaryrefslogtreecommitdiff
blob: d2f8efeec7518df99197c4b15c8438148ee39540 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
Gentoo-Bug: 155492
Original-Author: Heath Caldwell <hncaldwell@csupomona.edu>
Rediffed-by: Robin H. Johnson <robbat2@gentoo.org>

--- nss_ldap-257.orig/ChangeLog	2007-09-18 15:02:59.997686000 -0700
+++ nss_ldap-257/ChangeLog	2007-09-18 15:04:07.925113592 -0700
@@ -3,2 +3,7 @@
 
+257.1	Heath Caldwell <hncaldwell@csupomona.edu>
+
+	* add configurable maximum group depth with new
+	  configuration file option called nss_max_group_depth
+
 257	Luke Howard <lukeh@padl.com>
--- nss_ldap-257.orig/ldap-grp.c	2007-08-02 21:51:09.000000000 -0700
+++ nss_ldap-257/ldap-grp.c	2007-09-18 15:03:23.734619150 -0700
@@ -308,7 +308,7 @@
   uniquemember_attrs[0] = uniquemember_attr;
   uniquemember_attrs[1] = NULL;
 
-  if (*depth > LDAP_NSS_MAXGR_DEPTH)
+  if (*depth > _nss_ldap_max_group_depth)
     {
       return NSS_NOTFOUND;
     }
@@ -844,7 +844,7 @@
   const char *gidnumber_attrs[2];
   int erange;
 
-  if (lia->depth > LDAP_NSS_MAXGR_DEPTH)
+  if (lia->depth > _nss_ldap_max_group_depth)
     return NSS_NOTFOUND;
 
   if (_nss_ldap_namelist_find (lia->known_groups, dn))
@@ -890,7 +890,7 @@
   size_t memberCount, i;
   int erange;
 
-  if (lia->depth > LDAP_NSS_MAXGR_DEPTH)
+  if (lia->depth > _nss_ldap_max_group_depth)
     return NSS_NOTFOUND;
 
   for (memberCount = 0; membersOf[memberCount] != NULL; memberCount++)
--- nss_ldap-257.orig/ldap-nss.h	2007-09-18 15:02:59.997686000 -0700
+++ nss_ldap-257/ldap-nss.h	2007-09-18 15:03:23.734619150 -0700
@@ -105,7 +105,8 @@
 #define LDAP_NSS_MAXNETGR_DEPTH  16	/* maximum depth of netgroup nesting for innetgr() */
 #endif /* HAVE_NSSWITCH_H */
 
-#define LDAP_NSS_MAXGR_DEPTH     16     /* maximum depth of group nesting for getgrent()/initgroups() */
+#define LDAP_NSS_MAXGR_DEPTH     16	/* default maximum depth of group nesting for getgrent()/initgroups() */
+extern int _nss_ldap_max_group_depth;	/* global variable to hold maximum group depth */
 
 #if LDAP_NSS_NGROUPS > 64
 #define LDAP_NSS_BUFLEN_GROUP	(NSS_BUFSIZ + (LDAP_NSS_NGROUPS * (sizeof (char *) + LOGNAME_MAX))) 
--- nss_ldap-257.orig/nss_ldap.5	2007-09-18 15:03:00.001020000 -0700
+++ nss_ldap-257/nss_ldap.5	2007-09-18 15:05:42.779508238 -0700
@@ -453,6 +453,10 @@
 verify no local applications rely on this information before
 enabling this on a production system.
 .TP
+.B nss_max_group_depth <value>
+Specifies the maximum depth to which nested groups are queried.
+A value of 0 effectively disables querying for nested groups.
+.TP
 .B nss_srv_domain <domain>
 This option determines the DNS domain used for performing SRV
 lookups.
--- nss_ldap-257.orig/util.c	2007-09-18 15:03:00.001020000 -0700
+++ nss_ldap-257/util.c	2007-09-18 15:04:35.032083555 -0700
@@ -62,2 +62,5 @@
 
+/* Initialize global maximum group depth to default. */
+int _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH;
+
 static NSS_STATUS do_getrdnvalue (const char *dn,
@@ -805,2 +808,5 @@
 
+  /* Reset global maximum group depth to default. */
+  _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH;
+
   while (fgets (b, sizeof (b), fp) != NULL)
--- nss_ldap-257.orig/util.h	2007-09-18 15:03:00.001020000 -0700
+++ nss_ldap-257/util.h	2007-09-18 15:05:11.295822638 -0700
@@ -84,6 +84,7 @@
 #define NSS_LDAP_KEY_INITGROUPS		"nss_initgroups"
 #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS	"nss_initgroups_ignoreusers"
 #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS	"nss_getgrent_skipmembers"
+#define NSS_LDAP_KEY_MAX_GROUP_DEPTH	"nss_max_group_depth"
 
 /* more reconnect policy fine-tuning */
 #define NSS_LDAP_KEY_RECONNECT_TRIES		"nss_reconnect_tries"