Finally committing my LDAP changes.

* Added new APIs for modifying groups.
* RIDs are allocated similarly to NT, starting from 1000 and incrementing by 1
  for each new user/group.
* RIDs are now consistently in hex

* Fixed bugs reported by Allan Bjorklund <allan@umich.edu>:
   - ldap_close_connection is exported by OpenLDAP - changed to ldap_disconnect
   - Missing ldap_connect() in getusergroups functions
   - ldap_next_entry was being called too early while retrieving a sam_struct
   - LDAP globals should be extern in sampassldap.c

* Fixed bugs reported by Martin Hofbauer <mh@bacher.at>
   - Newly added workstation trust accounts had attributes DU rather than W.
   - User dn's were forced to start with "uid=XX" rather than using the existing
     dn.
(This used to be commit 91c77f5432169553572bb4d85ad5f09d17524f20)

1 files changed, 124 insertions, 15 deletions

diff --git a/source3/groupdb/builtinldap.c b/source3/groupdb/builtinldap.c
index f2a530cbb9..baac82f1ba 100644
--- a/source3/groupdb/builtinldap.c
+++ b/source3/groupdb/builtinldap.c
@@ -58,10 +58,10 @@ static LOCAL_GRP *ldapbuiltin_getgrp(LOCAL_GRP *group,
 		DEBUG(0, ("Missing cn\n"));
                 return NULL; }
 	
-	DEBUG(2,("Retrieving alias [%s]\n", group->name));
+	DEBUG(2,("Retrieving builtin alias [%s]\n", group->name));
 
         if(ldap_get_attribute("rid", temp)) {
-		group->rid = atoi(temp);
+		group->rid = strtol(temp, NULL, 16);
 	} else {
 		DEBUG(0, ("Missing rid\n"));
 		return NULL;
@@ -129,10 +129,7 @@ static void ldapbuiltin_grpmods(LOCAL_GRP *group, LDAPMod ***mods,
 		ldap_make_mod(mods, LDAP_MOD_ADD, "objectClass", "sambaBuiltin");
 		ldap_make_mod(mods, LDAP_MOD_ADD, "cn", group->name);
 
-		slprintf(temp, sizeof(temp)-1, "%d", (gid_t)(-1));
-		ldap_make_mod(mods, LDAP_MOD_ADD, "gidNumber", temp);
-
-		slprintf(temp, sizeof(temp)-1, "%d", group->rid);
+		slprintf(temp, sizeof(temp)-1, "%x", group->rid);
 		ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
 	}
 
@@ -140,6 +137,30 @@ static void ldapbuiltin_grpmods(LOCAL_GRP *group, LDAPMod ***mods,
 }
 
 
+/************************************************************************
+  Create a builtin alias member entry
+ ************************************************************************/
+
+static BOOL ldapbuiltin_memmods(DOM_SID *user_sid, LDAPMod ***mods,
+			      int operation)
+{
+	pstring member;
+	pstring sid_str;
+	fstring name;
+	uint8 type;
+
+	if (lookup_sid(user_sid, name, &type))
+		return (False);
+	sid_to_string(sid_str, user_sid);
+
+	slprintf(member, sizeof(member)-1, "%s,%s,%d", name, sid_str, type);
+
+	*mods = NULL;
+	ldap_make_mod(mods, operation, "member", member);
+	return True;
+}
+
+
 /***************************************************************
   Begin/end smbgrp enumeration.
  ****************************************************************/
@@ -149,7 +170,7 @@ static void *ldapbuiltin_enumfirst(BOOL update)
 	if (lp_server_role() == ROLE_DOMAIN_NONE)
 		return NULL;
 
-	if (!ldap_open_connection(False))
+	if (!ldap_connect())
 		return NULL;
 
 	ldap_search_for("objectClass=sambaBuiltin");
@@ -159,7 +180,7 @@ static void *ldapbuiltin_enumfirst(BOOL update)
 
 static void ldapbuiltin_enumclose(void *vp)
 {
-	ldap_close_connection();
+	ldap_disconnect();
 }
 
 
@@ -189,7 +210,7 @@ static LOCAL_GRP *ldapbuiltin_getgrpbynam(const char *name,
 	fstring filter;
 	LOCAL_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
@@ -198,7 +219,7 @@ static LOCAL_GRP *ldapbuiltin_getgrpbynam(const char *name,
 
 	ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -208,7 +229,7 @@ static LOCAL_GRP *ldapbuiltin_getgrpbygid(gid_t grp_id,
 	fstring filter;
 	LOCAL_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
@@ -216,7 +237,7 @@ static LOCAL_GRP *ldapbuiltin_getgrpbygid(gid_t grp_id,
 	ldap_search_for(filter);
 	ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -226,15 +247,15 @@ static LOCAL_GRP *ldapbuiltin_getgrpbyrid(uint32 grp_rid,
 	fstring filter;
 	LOCAL_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
-		 "(&(rid=%d)(objectClass=sambaBuiltin))", grp_rid);
+		 "(&(rid=%x)(objectClass=sambaBuiltin))", grp_rid);
 	ldap_search_for(filter);
 	ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -244,10 +265,21 @@ static LOCAL_GRP *ldapbuiltin_getcurrentgrp(void *vp,
 	return ldapbuiltin_getgrp(&localgrp, members, num_membs);
 }
 
+
+/*************************************************************************
+  Add/modify/delete builtin aliases.
+ *************************************************************************/
+
 static BOOL ldapbuiltin_addgrp(LOCAL_GRP *group)
 {
 	LDAPMod **mods;
 
+	if (!ldap_allocaterid(&group->rid))
+	{
+	    DEBUG(0,("RID generation failed\n"));
+	    return (False);
+	}
+
 	ldapbuiltin_grpmods(group, &mods, LDAP_MOD_ADD); 
 	return ldap_makemods("cn", group->name, mods, True);
 }
@@ -260,6 +292,74 @@ static BOOL ldapbuiltin_modgrp(LOCAL_GRP *group)
 	return ldap_makemods("cn", group->name, mods, False);
 }
 
+static BOOL ldapbuiltin_delgrp(uint32 grp_rid)
+{
+	fstring filter;
+	char *dn;
+	int err;
+
+	if (!ldap_connect())
+		return (False);
+
+	slprintf(filter, sizeof(filter)-1,
+		 "(&(rid=%x)(objectClass=sambaBuiltin))", grp_rid);
+	ldap_search_for(filter);
+
+	if (!ldap_entry || !(dn = ldap_get_dn(ldap_struct, ldap_entry)))
+	{
+		ldap_disconnect();
+		return (False);
+	}
+
+	err = ldap_delete_s(ldap_struct, dn);
+	free(dn);
+	ldap_disconnect();
+
+	if (err != LDAP_SUCCESS)
+	{
+		DEBUG(0, ("delete: %s\n", ldap_err2string(err)));
+		return (False);
+	}
+
+	return True;
+}
+
+
+/*************************************************************************
+  Add users to/remove users from aliases.
+ *************************************************************************/
+
+static BOOL ldapbuiltin_addmem(uint32 grp_rid, DOM_SID *user_sid)
+{
+	LDAPMod **mods;
+        fstring rid_str;
+
+	slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
+
+	if(!ldapbuiltin_memmods(user_sid, &mods, LDAP_MOD_ADD))
+		return (False);
+
+	return ldap_makemods("rid", rid_str, mods, False);
+}
+
+static BOOL ldapbuiltin_delmem(uint32 grp_rid, DOM_SID *user_sid)
+{
+	LDAPMod **mods;
+        fstring rid_str;
+
+	slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
+
+	if(!ldapbuiltin_memmods(user_sid, &mods, LDAP_MOD_DELETE))
+		return (False);
+
+	return ldap_makemods("rid", rid_str, mods, False);
+}
+
+
+/*************************************************************************
+  Return builtin aliases that a user is in.
+ *************************************************************************/
+
 static BOOL ldapbuiltin_getusergroups(const char *name,
 			LOCAL_GRP **groups, int *num_grps)
 {
@@ -267,6 +367,9 @@ static BOOL ldapbuiltin_getusergroups(const char *name,
 	fstring filter;
 	int i;
 
+	if(!ldap_connect())
+		return (False);
+
 	slprintf(filter, sizeof(pstring)-1,
 		 "(&(member=%s,*)(objectclass=sambaBuiltin))", name);
 	ldap_search_for(filter);
@@ -275,6 +378,7 @@ static BOOL ldapbuiltin_getusergroups(const char *name,
 
 	if(!i) {
 		*groups = NULL;
+		ldap_disconnect();
 		return (True);
 	}
 
@@ -283,6 +387,7 @@ static BOOL ldapbuiltin_getusergroups(const char *name,
 		i--;
 	} while(ldapbuiltin_getgrp(&grouplist[i], NULL, NULL) && (i > 0));
 
+	ldap_disconnect();
 	return (True);
 }
 
@@ -301,6 +406,10 @@ static struct aliasdb_ops ldapbuiltin_ops =
 
 	ldapbuiltin_addgrp,
 	ldapbuiltin_modgrp,
+	ldapbuiltin_delgrp,
+
+	ldapbuiltin_addmem,
+	ldapbuiltin_delmem,
 
 	ldapbuiltin_getusergroups
 };