Finally committing my LDAP changes.

* Added new APIs for modifying groups. * RIDs are allocated similarly to NT, starting from 1000 and incrementing by 1 for each new user/group. * RIDs are now consistently in hex * Fixed bugs reported by Allan Bjorklund <allan@umich.edu>: - ldap_close_connection is exported by OpenLDAP - changed to ldap_disconnect - Missing ldap_connect() in getusergroups functions - ldap_next_entry was being called too early while retrieving a sam_struct - LDAP globals should be extern in sampassldap.c * Fixed bugs reported by Martin Hofbauer <mh@bacher.at> - Newly added workstation trust accounts had attributes DU rather than W. - User dn's were forced to start with "uid=XX" rather than using the existing dn. (This used to be commit 91c77f5432169553572bb4d85ad5f09d17524f20)
author: Matthew Chapman <matty@samba.org> 1999-01-15 05:00:26 +0000
committer: Matthew Chapman <matty@samba.org> 1999-01-15 05:00:26 +0000
commit: c35bf4578561af4f2971492f6ef826f10ac13860 (patch)
tree: f3f7487aea242103660e6263949b6e60395a0a5a /source3/groupdb
parent: b86b8a3ea887e12f0614e14da01419e5c224d038 (diff)
download: samba-c35bf4578561af4f2971492f6ef826f10ac13860.tar.gz
samba-c35bf4578561af4f2971492f6ef826f10ac13860.tar.bz2
samba-c35bf4578561af4f2971492f6ef826f10ac13860.zip
3 files changed, 385 insertions, 49 deletions
diff --git a/source3/groupdb/aliasldap.c b/source3/groupdb/aliasldap.c
index 35d810dabc..1e9a72a9d4 100644
--- a/source3/groupdb/aliasldap.c
+++ b/source3/groupdb/aliasldap.c
@@ -61,7 +61,7 @@ static LOCAL_GRP *ldapalias_getgrp(LOCAL_GRP *group,
 	DEBUG(2,("Retrieving alias [%s]\n", group->name));
 
         if(ldap_get_attribute("rid", temp)) {
-		group->rid = atoi(temp);
+		group->rid = strtol(temp, NULL, 16);
 	} else {
 		DEBUG(0, ("Missing rid\n"));
 		return NULL;
@@ -128,10 +128,7 @@ static void ldapalias_grpmods(LOCAL_GRP *group, LDAPMod ***mods, int operation)
 		ldap_make_mod(mods, LDAP_MOD_ADD, "objectClass", "sambaAlias");
 		ldap_make_mod(mods, LDAP_MOD_ADD, "cn", group->name);
 
-		slprintf(temp, sizeof(temp)-1, "%d", (gid_t)(-1));
-		ldap_make_mod(mods, LDAP_MOD_ADD, "gidNumber", temp);
-
-		slprintf(temp, sizeof(temp)-1, "%d", group->rid);
+		slprintf(temp, sizeof(temp)-1, "%x", group->rid);
 		ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
 	}
 
@@ -139,6 +136,30 @@ static void ldapalias_grpmods(LOCAL_GRP *group, LDAPMod ***mods, int operation)
 }
 
 
+/************************************************************************
+  Create a alias member entry
+ ************************************************************************/
+
+static BOOL ldapalias_memmods(DOM_SID *user_sid, LDAPMod ***mods,
+			      int operation)
+{
+	pstring member;
+	pstring sid_str;
+	fstring name;
+	uint8 type;
+
+	if (lookup_sid(user_sid, name, &type))
+		return (False);
+	sid_to_string(sid_str, user_sid);
+
+	slprintf(member, sizeof(member)-1, "%s,%s,%d", name, sid_str, type);
+
+	*mods = NULL;
+	ldap_make_mod(mods, operation, "member", member);
+	return True;
+}
+
+
 /***************************************************************
   Begin/end smbgrp enumeration.
  ****************************************************************/
@@ -148,7 +169,7 @@ static void *ldapalias_enumfirst(BOOL update)
 	if (lp_server_role() == ROLE_DOMAIN_NONE)
 		return NULL;
 
-	if (!ldap_open_connection(False))
+	if (!ldap_connect())
 		return NULL;
 
 	ldap_search_for("objectClass=sambaAlias");
@@ -158,7 +179,7 @@ static void *ldapalias_enumfirst(BOOL update)
 
 static void ldapalias_enumclose(void *vp)
 {
-	ldap_close_connection();
+	ldap_disconnect();
 }
 
 
@@ -188,7 +209,7 @@ static LOCAL_GRP *ldapalias_getgrpbynam(const char *name,
 	fstring filter;
 	LOCAL_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
@@ -197,7 +218,7 @@ static LOCAL_GRP *ldapalias_getgrpbynam(const char *name,
 
 	ret = ldapalias_getgrp(&localgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -207,7 +228,7 @@ static LOCAL_GRP *ldapalias_getgrpbygid(gid_t grp_id,
 	fstring filter;
 	LOCAL_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
@@ -215,7 +236,7 @@ static LOCAL_GRP *ldapalias_getgrpbygid(gid_t grp_id,
 	ldap_search_for(filter);
 	ret = ldapalias_getgrp(&localgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -225,15 +246,15 @@ static LOCAL_GRP *ldapalias_getgrpbyrid(uint32 grp_rid,
 	fstring filter;
 	LOCAL_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
-		 "(&(rid=%d)(objectClass=sambaAlias))", grp_rid);
+		 "(&(rid=%x)(objectClass=sambaAlias))", grp_rid);
 	ldap_search_for(filter);
 	ret = ldapalias_getgrp(&localgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -243,10 +264,21 @@ static LOCAL_GRP *ldapalias_getcurrentgrp(void *vp,
 	return ldapalias_getgrp(&localgrp, members, num_membs);
 }
 
+
+/*************************************************************************
+  Add/modify/delete aliases.
+ *************************************************************************/
+
 static BOOL ldapalias_addgrp(LOCAL_GRP *group)
 {
 	LDAPMod **mods;
 
+	if (!ldap_allocaterid(&group->rid))
+	{
+		DEBUG(0,("RID generation failed\n"));
+		return (False);
+	}
+
 	ldapalias_grpmods(group, &mods, LDAP_MOD_ADD); 
 	return ldap_makemods("cn", group->name, mods, True);
 }
@@ -259,6 +291,74 @@ static BOOL ldapalias_modgrp(LOCAL_GRP *group)
 	return ldap_makemods("cn", group->name, mods, False);
 }
 
+static BOOL ldapalias_delgrp(uint32 grp_rid)
+{
+	fstring filter;
+	char *dn;
+	int err;
+
+	if (!ldap_connect())
+		return (False);
+
+	slprintf(filter, sizeof(filter)-1,
+		 "(&(rid=%x)(objectClass=sambaAlias))", grp_rid);
+	ldap_search_for(filter);
+
+	if (!ldap_entry || !(dn = ldap_get_dn(ldap_struct, ldap_entry)))
+	{
+		ldap_disconnect();
+		return (False);
+	}
+
+	err = ldap_delete_s(ldap_struct, dn);
+	free(dn);
+	ldap_disconnect();
+
+	if (err != LDAP_SUCCESS)
+	{
+		DEBUG(0, ("delete: %s\n", ldap_err2string(err)));
+		return (False);
+	}
+
+	return True;
+}
+
+
+/*************************************************************************
+  Add users to/remove users from aliases.
+ *************************************************************************/
+
+static BOOL ldapalias_addmem(uint32 grp_rid, DOM_SID *user_sid)
+{
+	LDAPMod **mods;
+        fstring rid_str;
+
+	slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
+
+	if(!ldapalias_memmods(user_sid, &mods, LDAP_MOD_ADD))
+		return (False);
+
+	return ldap_makemods("rid", rid_str, mods, False);
+}
+
+static BOOL ldapalias_delmem(uint32 grp_rid, DOM_SID *user_sid)
+{
+	LDAPMod **mods;
+        fstring rid_str;
+
+	slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
+
+	if(!ldapalias_memmods(user_sid, &mods, LDAP_MOD_DELETE))
+		return (False);
+
+	return ldap_makemods("rid", rid_str, mods, False);
+}
+
+
+/*************************************************************************
+  Return aliases that a user is in.
+ *************************************************************************/
+
 static BOOL ldapalias_getusergroups(const char *name, LOCAL_GRP **groups,
 				    int *num_grps)
 {
@@ -266,6 +366,9 @@ static BOOL ldapalias_getusergroups(const char *name, LOCAL_GRP **groups,
 	fstring filter;
 	int i;
 
+	if(!ldap_connect())
+		return (False);
+
 	slprintf(filter, sizeof(pstring)-1,
 		 "(&(member=%s,*)(objectclass=sambaAlias))", name);
 	ldap_search_for(filter);
@@ -274,6 +377,7 @@ static BOOL ldapalias_getusergroups(const char *name, LOCAL_GRP **groups,
 
 	if(!i) {
 		*groups = NULL;
+		ldap_disconnect();
 		return (True);
 	}
 
@@ -282,6 +386,7 @@ static BOOL ldapalias_getusergroups(const char *name, LOCAL_GRP **groups,
 		i--;
 	} while(ldapalias_getgrp(&grouplist[i], NULL, NULL) && (i > 0));
 
+	ldap_disconnect();
 	return (True);
 }
 
@@ -300,6 +405,10 @@ static struct aliasdb_ops ldapalias_ops =
 
 	ldapalias_addgrp,
 	ldapalias_modgrp,
+	ldapalias_delgrp,
+
+	ldapalias_addmem,
+	ldapalias_delmem,
 
 	ldapalias_getusergroups
 };
diff --git a/source3/groupdb/builtinldap.c b/source3/groupdb/builtinldap.c
index f2a530cbb9..baac82f1ba 100644
--- a/source3/groupdb/builtinldap.c
+++ b/source3/groupdb/builtinldap.c
@@ -58,10 +58,10 @@ static LOCAL_GRP *ldapbuiltin_getgrp(LOCAL_GRP *group,
 		DEBUG(0, ("Missing cn\n"));
                 return NULL; }
 	
-	DEBUG(2,("Retrieving alias [%s]\n", group->name));
+	DEBUG(2,("Retrieving builtin alias [%s]\n", group->name));
 
         if(ldap_get_attribute("rid", temp)) {
-		group->rid = atoi(temp);
+		group->rid = strtol(temp, NULL, 16);
 	} else {
 		DEBUG(0, ("Missing rid\n"));
 		return NULL;
@@ -129,10 +129,7 @@ static void ldapbuiltin_grpmods(LOCAL_GRP *group, LDAPMod ***mods,
 		ldap_make_mod(mods, LDAP_MOD_ADD, "objectClass", "sambaBuiltin");
 		ldap_make_mod(mods, LDAP_MOD_ADD, "cn", group->name);
 
-		slprintf(temp, sizeof(temp)-1, "%d", (gid_t)(-1));
-		ldap_make_mod(mods, LDAP_MOD_ADD, "gidNumber", temp);
-
-		slprintf(temp, sizeof(temp)-1, "%d", group->rid);
+		slprintf(temp, sizeof(temp)-1, "%x", group->rid);
 		ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
 	}
 
@@ -140,6 +137,30 @@ static void ldapbuiltin_grpmods(LOCAL_GRP *group, LDAPMod ***mods,
 }
 
 
+/************************************************************************
+  Create a builtin alias member entry
+ ************************************************************************/
+
+static BOOL ldapbuiltin_memmods(DOM_SID *user_sid, LDAPMod ***mods,
+			      int operation)
+{
+	pstring member;
+	pstring sid_str;
+	fstring name;
+	uint8 type;
+
+	if (lookup_sid(user_sid, name, &type))
+		return (False);
+	sid_to_string(sid_str, user_sid);
+
+	slprintf(member, sizeof(member)-1, "%s,%s,%d", name, sid_str, type);
+
+	*mods = NULL;
+	ldap_make_mod(mods, operation, "member", member);
+	return True;
+}
+
+
 /***************************************************************
   Begin/end smbgrp enumeration.
  ****************************************************************/
@@ -149,7 +170,7 @@ static void *ldapbuiltin_enumfirst(BOOL update)
 	if (lp_server_role() == ROLE_DOMAIN_NONE)
 		return NULL;
 
-	if (!ldap_open_connection(False))
+	if (!ldap_connect())
 		return NULL;
 
 	ldap_search_for("objectClass=sambaBuiltin");
@@ -159,7 +180,7 @@ static void *ldapbuiltin_enumfirst(BOOL update)
 
 static void ldapbuiltin_enumclose(void *vp)
 {
-	ldap_close_connection();
+	ldap_disconnect();
 }
 
 
@@ -189,7 +210,7 @@ static LOCAL_GRP *ldapbuiltin_getgrpbynam(const char *name,
 	fstring filter;
 	LOCAL_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
@@ -198,7 +219,7 @@ static LOCAL_GRP *ldapbuiltin_getgrpbynam(const char *name,
 
 	ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -208,7 +229,7 @@ static LOCAL_GRP *ldapbuiltin_getgrpbygid(gid_t grp_id,
 	fstring filter;
 	LOCAL_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
@@ -216,7 +237,7 @@ static LOCAL_GRP *ldapbuiltin_getgrpbygid(gid_t grp_id,
 	ldap_search_for(filter);
 	ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -226,15 +247,15 @@ static LOCAL_GRP *ldapbuiltin_getgrpbyrid(uint32 grp_rid,
 	fstring filter;
 	LOCAL_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
-		 "(&(rid=%d)(objectClass=sambaBuiltin))", grp_rid);
+		 "(&(rid=%x)(objectClass=sambaBuiltin))", grp_rid);
 	ldap_search_for(filter);
 	ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -244,10 +265,21 @@ static LOCAL_GRP *ldapbuiltin_getcurrentgrp(void *vp,
 	return ldapbuiltin_getgrp(&localgrp, members, num_membs);
 }
 
+
+/*************************************************************************
+  Add/modify/delete builtin aliases.
+ *************************************************************************/
+
 static BOOL ldapbuiltin_addgrp(LOCAL_GRP *group)
 {
 	LDAPMod **mods;
 
+	if (!ldap_allocaterid(&group->rid))
+	{
+	    DEBUG(0,("RID generation failed\n"));
+	    return (False);
+	}
+
 	ldapbuiltin_grpmods(group, &mods, LDAP_MOD_ADD); 
 	return ldap_makemods("cn", group->name, mods, True);
 }
@@ -260,6 +292,74 @@ static BOOL ldapbuiltin_modgrp(LOCAL_GRP *group)
 	return ldap_makemods("cn", group->name, mods, False);
 }
 
+static BOOL ldapbuiltin_delgrp(uint32 grp_rid)
+{
+	fstring filter;
+	char *dn;
+	int err;
+
+	if (!ldap_connect())
+		return (False);
+
+	slprintf(filter, sizeof(filter)-1,
+		 "(&(rid=%x)(objectClass=sambaBuiltin))", grp_rid);
+	ldap_search_for(filter);
+
+	if (!ldap_entry || !(dn = ldap_get_dn(ldap_struct, ldap_entry)))
+	{
+		ldap_disconnect();
+		return (False);
+	}
+
+	err = ldap_delete_s(ldap_struct, dn);
+	free(dn);
+	ldap_disconnect();
+
+	if (err != LDAP_SUCCESS)
+	{
+		DEBUG(0, ("delete: %s\n", ldap_err2string(err)));
+		return (False);
+	}
+
+	return True;
+}
+
+
+/*************************************************************************
+  Add users to/remove users from aliases.
+ *************************************************************************/
+
+static BOOL ldapbuiltin_addmem(uint32 grp_rid, DOM_SID *user_sid)
+{
+	LDAPMod **mods;
+        fstring rid_str;
+
+	slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
+
+	if(!ldapbuiltin_memmods(user_sid, &mods, LDAP_MOD_ADD))
+		return (False);
+
+	return ldap_makemods("rid", rid_str, mods, False);
+}
+
+static BOOL ldapbuiltin_delmem(uint32 grp_rid, DOM_SID *user_sid)
+{
+	LDAPMod **mods;
+        fstring rid_str;
+
+	slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
+
+	if(!ldapbuiltin_memmods(user_sid, &mods, LDAP_MOD_DELETE))
+		return (False);
+
+	return ldap_makemods("rid", rid_str, mods, False);
+}
+
+
+/*************************************************************************
+  Return builtin aliases that a user is in.
+ *************************************************************************/
+
 static BOOL ldapbuiltin_getusergroups(const char *name,
 			LOCAL_GRP **groups, int *num_grps)
 {
@@ -267,6 +367,9 @@ static BOOL ldapbuiltin_getusergroups(const char *name,
 	fstring filter;
 	int i;
 
+	if(!ldap_connect())
+		return (False);
+
 	slprintf(filter, sizeof(pstring)-1,
 		 "(&(member=%s,*)(objectclass=sambaBuiltin))", name);
 	ldap_search_for(filter);
@@ -275,6 +378,7 @@ static BOOL ldapbuiltin_getusergroups(const char *name,
 
 	if(!i) {
 		*groups = NULL;
+		ldap_disconnect();
 		return (True);
 	}
 
@@ -283,6 +387,7 @@ static BOOL ldapbuiltin_getusergroups(const char *name,
 		i--;
 	} while(ldapbuiltin_getgrp(&grouplist[i], NULL, NULL) && (i > 0));
 
+	ldap_disconnect();
 	return (True);
 }
 
@@ -301,6 +406,10 @@ static struct aliasdb_ops ldapbuiltin_ops =
 
 	ldapbuiltin_addgrp,
 	ldapbuiltin_modgrp,
+	ldapbuiltin_delgrp,
+
+	ldapbuiltin_addmem,
+	ldapbuiltin_delmem,
 
 	ldapbuiltin_getusergroups
 };
diff --git a/source3/groupdb/groupldap.c b/source3/groupdb/groupldap.c
index df0d755240..4411ead14c 100644
--- a/source3/groupdb/groupldap.c
+++ b/source3/groupdb/groupldap.c
@@ -28,6 +28,7 @@
 #include <ldap.h>
 
 extern int DEBUGLEVEL;
+extern DOM_SID global_sam_sid;
 
 /* Internal state */
 extern LDAP *ldap_struct;
@@ -48,6 +49,7 @@ static DOMAIN_GRP *ldapgroup_getgrp(DOMAIN_GRP *group,
 	fstring temp;
 	char **values;
 	DOMAIN_GRP_MEMBER *memblist;
+	char *value, *sep;
 	int i;
 
 	if(!ldap_entry)
@@ -60,7 +62,7 @@ static DOMAIN_GRP *ldapgroup_getgrp(DOMAIN_GRP *group,
 	DEBUG(2,("Retrieving group [%s]\n", group->name));
 
         if(ldap_get_attribute("rid", temp)) {
-		group->rid = atoi(temp);
+		group->rid = strtol(temp, NULL, 16);
 	} else {
 		DEBUG(0, ("Missing rid\n"));
 		return NULL;
@@ -76,16 +78,33 @@ static DOMAIN_GRP *ldapgroup_getgrp(DOMAIN_GRP *group,
 		return group;
 	}
 
-	if(values = ldap_get_values(ldap_struct, ldap_entry, "uidMember")) {
-
-		DEBUG(0, ("Need to return NT names here\n"));
+	if(values = ldap_get_values(ldap_struct, ldap_entry, "member")) {
 
 		*num_membs = i = ldap_count_values(values);
 		*members = memblist = malloc(i * sizeof(DOMAIN_GRP_MEMBER));
 
 		do {
-			fstrcpy(memblist[--i].name, values[i]);
+                        value = values[--i];
+                
+                        if(!(sep = strchr(value, ','))) {
+                                DEBUG(0, ("Malformed group member\n"));
+                                return NULL;
+                        }
+                        *(sep++) = 0;
+                        fstrcpy(memblist[i].name, value);   
+
+                        if(!(value = strchr(sep, ','))) {
+                                DEBUG(0, ("Malformed group member\n"));
+                                return NULL;
+                        }
+                        memblist[i].rid = strtol(sep, &value, 16);
+
+                        if((memblist[i].sid_use = atoi(value+1))
+                                        >= SID_NAME_UNKNOWN)
+                                DEBUG(0, ("Invalid SID use in group"));
+
 			memblist[i].attr = 0x7;
+
 		} while(i > 0);
 
 		ldap_value_free(values);
@@ -115,10 +134,7 @@ static void ldapgroup_grpmods(DOMAIN_GRP *group, LDAPMod ***mods,
 		ldap_make_mod(mods, LDAP_MOD_ADD, "objectClass", "sambaGroup");
 		ldap_make_mod(mods, LDAP_MOD_ADD, "cn", group->name);
 
-		slprintf(temp, sizeof(temp)-1, "%d", (gid_t)(-1));
-		ldap_make_mod(mods, LDAP_MOD_ADD, "gidNumber", temp);
-
-		slprintf(temp, sizeof(temp)-1, "%d", group->rid);
+		slprintf(temp, sizeof(temp)-1, "%x", group->rid);
 		ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
 	}
 
@@ -126,6 +142,30 @@ static void ldapgroup_grpmods(DOMAIN_GRP *group, LDAPMod ***mods,
 }
 
 
+/************************************************************************
+  Create a group member entry
+ ************************************************************************/
+
+static BOOL ldapgroup_memmods(uint32 user_rid, LDAPMod ***mods, int operation)
+{
+	pstring member;
+	fstring name;
+	DOM_SID sid;
+	uint8 type;
+
+	sid_copy(&sid, &global_sam_sid);
+	sid_append_rid(&sid, user_rid);
+	if (lookup_sid(&sid, name, &type))
+		return (False);
+
+	slprintf(member, sizeof(member)-1, "%s,%x,%d", name, user_rid, type);
+
+	*mods = NULL;
+	ldap_make_mod(mods, operation, "member", member);
+	return True;
+}
+
+
 /***************************************************************
   Begin/end domain group enumeration.
  ****************************************************************/
@@ -138,7 +178,7 @@ static void *ldapgroup_enumfirst(BOOL update)
 			server_role == ROLE_DOMAIN_MEMBER)
                 return NULL;
 
-	if (!ldap_open_connection(False))
+	if (!ldap_connect())
 		return NULL;
 
 	ldap_search_for("objectclass=sambaGroup");
@@ -148,7 +188,7 @@ static void *ldapgroup_enumfirst(BOOL update)
 
 static void ldapgroup_enumclose(void *vp)
 {
-	ldap_close_connection();
+	ldap_disconnect();
 }
 
 
@@ -178,7 +218,7 @@ static DOMAIN_GRP *ldapgroup_getgrpbynam(const char *name,
 	fstring filter;
 	DOMAIN_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
@@ -187,7 +227,7 @@ static DOMAIN_GRP *ldapgroup_getgrpbynam(const char *name,
 
 	ret = ldapgroup_getgrp(&domgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -197,7 +237,7 @@ static DOMAIN_GRP *ldapgroup_getgrpbygid(gid_t grp_id,
 	fstring filter;
 	DOMAIN_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
@@ -206,7 +246,7 @@ static DOMAIN_GRP *ldapgroup_getgrpbygid(gid_t grp_id,
 
 	ret = ldapgroup_getgrp(&domgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -216,16 +256,16 @@ static DOMAIN_GRP *ldapgroup_getgrpbyrid(uint32 grp_rid,
 	fstring filter;
 	DOMAIN_GRP *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return (False);
 
 	slprintf(filter, sizeof(filter)-1,
-		 "(&(rid=%d)(objectClass=sambaGroup))", grp_rid);
+		 "(&(rid=%x)(objectClass=sambaGroup))", grp_rid);
 	ldap_search_for(filter);
 
 	ret = ldapgroup_getgrp(&domgrp, members, num_membs);
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -237,13 +277,19 @@ static DOMAIN_GRP *ldapgroup_getcurrentgrp(void *vp,
 
 
 /*************************************************************************
-  Add/modify domain groups.
+  Add/modify/delete domain groups.
  *************************************************************************/
 
 static BOOL ldapgroup_addgrp(DOMAIN_GRP *group)
 {
 	LDAPMod **mods;
 
+	if (!ldap_allocaterid(&group->rid))
+	{
+	    DEBUG(0,("RID generation failed\n"));
+	    return (False);
+	}
+
 	ldapgroup_grpmods(group, &mods, LDAP_MOD_ADD); 
 	return ldap_makemods("cn", group->name, mods, True);
 }
@@ -256,6 +302,69 @@ static BOOL ldapgroup_modgrp(DOMAIN_GRP *group)
 	return ldap_makemods("cn", group->name, mods, False);
 }
 
+static BOOL ldapgroup_delgrp(uint32 grp_rid)
+{
+	fstring filter;
+	char *dn;
+	int err;
+
+	if (!ldap_connect())
+		return (False);
+
+	slprintf(filter, sizeof(filter)-1,
+		 "(&(rid=%x)(objectClass=sambaGroup))", grp_rid);
+	ldap_search_for(filter);
+
+	if (!ldap_entry || !(dn = ldap_get_dn(ldap_struct, ldap_entry)))
+	{
+		ldap_disconnect();
+		return (False);
+	}
+
+	err = ldap_delete_s(ldap_struct, dn);
+	free(dn);
+	ldap_disconnect();
+
+	if (err != LDAP_SUCCESS)
+	{
+		DEBUG(0, ("delete: %s\n", ldap_err2string(err)));
+		return (False);
+	}
+
+	return True;
+}
+
+
+/*************************************************************************
+  Add users to/remove users from groups.
+ *************************************************************************/
+
+static BOOL ldapgroup_addmem(uint32 grp_rid, uint32 user_rid)
+{
+	LDAPMod **mods;
+        fstring rid_str;
+
+	slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
+
+	if(!ldapgroup_memmods(user_rid, &mods, LDAP_MOD_ADD))
+		return (False);
+
+	return ldap_makemods("rid", rid_str, mods, False);
+}
+
+static BOOL ldapgroup_delmem(uint32 grp_rid, uint32 user_rid)
+{
+	LDAPMod **mods;
+        fstring rid_str;
+
+	slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
+
+	if(!ldapgroup_memmods(user_rid, &mods, LDAP_MOD_DELETE))
+		return (False);
+
+	return ldap_makemods("rid", rid_str, mods, False);
+}
+
 
 /*************************************************************************
   Return domain groups that a user is in.
@@ -268,14 +377,18 @@ static BOOL ldapgroup_getusergroups(const char *name, DOMAIN_GRP **groups,
 	fstring filter;
 	int i;
 
+	if(!ldap_connect())
+		return (False);
+
 	slprintf(filter, sizeof(pstring)-1,
-		 "(&(uidMember=%s)(objectclass=sambaGroup))", name);
+		 "(&(member=%s,*)(objectclass=sambaGroup))", name);
 	ldap_search_for(filter);
 
 	*num_grps = i = ldap_count_entries(ldap_struct, ldap_results);
 
 	if(!i) {
 		*groups = NULL;
+		ldap_disconnect();
 		return (True);
 	}
 
@@ -284,6 +397,7 @@ static BOOL ldapgroup_getusergroups(const char *name, DOMAIN_GRP **groups,
 		i--;
 	} while(ldapgroup_getgrp(&grouplist[i], NULL, NULL) && (i > 0));
 
+	ldap_disconnect();
 	return (True);
 }
 
@@ -302,6 +416,10 @@ static struct groupdb_ops ldapgroup_ops =
 
 	ldapgroup_addgrp,
 	ldapgroup_modgrp,
+	ldapgroup_delgrp,
+
+	ldapgroup_addmem,
+	ldapgroup_delmem,
 
 	ldapgroup_getusergroups
 };
author	Matthew Chapman <matty@samba.org>	1999-01-15 05:00:26 +0000
committer	Matthew Chapman <matty@samba.org>	1999-01-15 05:00:26 +0000
commit	c35bf4578561af4f2971492f6ef826f10ac13860 (patch)
tree	f3f7487aea242103660e6263949b6e60395a0a5a /source3/groupdb
parent	b86b8a3ea887e12f0614e14da01419e5c224d038 (diff)
download	samba-c35bf4578561af4f2971492f6ef826f10ac13860.tar.gz samba-c35bf4578561af4f2971492f6ef826f10ac13860.tar.bz2 samba-c35bf4578561af4f2971492f6ef826f10ac13860.zip