From a8b91db168be36606391eb0b96af0ee4aaa6812f Mon Sep 17 00:00:00 2001 From: Dave Olson Date: Mon, 26 Feb 2018 09:52:09 -0800 Subject: Fixed exclude_users to work, added more users, alway skip tacacs[0-9]* Ticket: CM-19886 Reviewed By: nobody Testing Done: Somehow exclude_users wasn't implemented (or got deleted somewhere along the line). Make list match tacplus_client, except exclude our own mapped users by matching config items, and also skip any user starting with tacacs[0-9] inline instead of listing all 16 in exclude_users field in config file. Implemened for mapped_priv_user too, since that work is ongoing. Listed change in debian/changelog If debug is set to 2 or higher, print that the name lookup was skipped due to exclusion. --- map_common.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'map_common.c') diff --git a/map_common.c b/map_common.c index 1c3bfa9..f7ee038 100644 --- a/map_common.c +++ b/map_common.c @@ -35,6 +35,7 @@ static const char config_file[] = "/etc/nss_mapuser.conf"; * in build, so local to the shared lib. */ char *exclude_users; /* don't lookup these users */ char *mappeduser; +char *mapped_priv_user; uid_t min_uid = DEF_MIN_UID; int debug; @@ -54,6 +55,10 @@ reset_config(void) (void)free(mappeduser); mappeduser = NULL; } + if(mapped_priv_user) { + (void)free(mapped_priv_user); + mapped_priv_user = NULL; + } debug = 0; min_uid = DEF_MIN_UID; } @@ -117,6 +122,10 @@ nss_mapuser_config(int *errnop, const char *lname) /* the user we are mapping to */ mappeduser = strdup(lbuf+12); } + else if(!strncmp(lbuf, "mapped_priv_user=", 17)) { + /* the user we are mapping to */ + mapped_priv_user = strdup(lbuf+17); + } else if(!strncmp(lbuf, "min_uid=", 8)) { /* * Don't lookup uids that are local, typically set to either -- cgit v1.2.3