Finally committing my LDAP changes.

* Added new APIs for modifying groups.
* RIDs are allocated similarly to NT, starting from 1000 and incrementing by 1
  for each new user/group.
* RIDs are now consistently in hex

* Fixed bugs reported by Allan Bjorklund <allan@umich.edu>:
   - ldap_close_connection is exported by OpenLDAP - changed to ldap_disconnect
   - Missing ldap_connect() in getusergroups functions
   - ldap_next_entry was being called too early while retrieving a sam_struct
   - LDAP globals should be extern in sampassldap.c

* Fixed bugs reported by Martin Hofbauer <mh@bacher.at>
   - Newly added workstation trust accounts had attributes DU rather than W.
   - User dn's were forced to start with "uid=XX" rather than using the existing
     dn.
(This used to be commit 91c77f5432169553572bb4d85ad5f09d17524f20)

3 files changed, 135 insertions, 50 deletions

diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c
index 49f7e1d13a..fad67cb79f 100644
--- a/source3/passdb/ldap.c
+++ b/source3/passdb/ldap.c
@@ -43,7 +43,7 @@ static pstring ldap_secret;
   Open connections to the LDAP server.
  ******************************************************************/	
 
-BOOL ldap_open_connection(BOOL modify)
+BOOL ldap_connect(void)
 {
 	int err;
 
@@ -66,7 +66,7 @@ BOOL ldap_open_connection(BOOL modify)
   close connections to the LDAP server.
  ******************************************************************/	
 
-void ldap_close_connection(void)
+void ldap_disconnect(void)
 {
 	if(!ldap_struct)
 		return;
@@ -171,7 +171,7 @@ struct smb_passwd *ldap_getpw(void)
 		return NULL; }
 	smbpw.unix_uid = atoi(temp);
 
-        if(ldap_get_attribute("ntuid", nt_name)) {
+        if(!ldap_get_attribute("ntuid", nt_name)) {
 		DEBUG(0,("Missing ntuid\n"));
 		return NULL; }
 	smbpw.nt_name = nt_name;
@@ -179,7 +179,7 @@ struct smb_passwd *ldap_getpw(void)
 	if(!ldap_get_attribute("rid", temp)) {
 		DEBUG(0,("Missing rid\n"));
 		return NULL; }
-	smbpw.user_rid = atoi(temp);
+	smbpw.user_rid = strtol(temp, NULL, 16);
 
 	if(ldap_get_attribute("acctFlags", temp))
 		smbpw.acct_ctrl = pwdb_decode_acct_ctrl(temp);
@@ -206,7 +206,6 @@ struct smb_passwd *ldap_getpw(void)
 	else
 		smbpw.pass_last_set_time = (time_t)(-1);
 
-	ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
 	return &smbpw;
 }
 
@@ -279,7 +278,7 @@ struct smb_passwd *ldap_getpw(void)
 	      ldap_make_mod(mods, LDAP_MOD_ADD, "uidNumber", temp);
 
 	      ldap_make_mod(mods, LDAP_MOD_ADD, "ntuid", newpwd->nt_name);
-	      slprintf(temp, sizeof(temp)-1, "%d", newpwd->user_rid);
+	      slprintf(temp, sizeof(temp)-1, "%x", newpwd->user_rid);
 	      ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
 	}
 
@@ -312,44 +311,112 @@ struct smb_passwd *ldap_getpw(void)
  *************************************************************************/
  BOOL ldap_makemods(char *attribute, char *value, LDAPMod **mods, BOOL add)
 {
-	pstring dn;
+	pstring filter;
+	char *dn;
 	int entries;
 	int err = 0;
 	BOOL rc;
 
-	slprintf(dn, sizeof(dn)-1, "%s=%s, %s", attribute, value,
-		 lp_ldap_suffix());
+	slprintf(filter, sizeof(filter)-1, "%s=%s", attribute, value);
 
-	if(!ldap_open_connection(True))
+	if (!ldap_connect())
 		return (False);
 
-	if(add)
-		err = ldap_add_s(ldap_struct, dn, mods);
+	ldap_search_for(filter);
 
-	if(!add || (err = LDAP_ALREADY_EXISTS))
+	if (ldap_entry)
+	{
+		dn = ldap_get_dn(ldap_struct, ldap_entry);
 		err = ldap_modify_s(ldap_struct, dn, mods);
+		free(dn);
+	}
+	else if (add)
+	{
+		pstrcat(filter, ", ");
+		pstrcat(filter, lp_ldap_suffix());
+		err = ldap_add_s(ldap_struct, filter, mods);
+	}
 
-	if(err == LDAP_SUCCESS) {
-		DEBUG(2,("Updated entry [%s]\n",value));
+	if (err == LDAP_SUCCESS)
+	{
+		DEBUG(2,("Updated entry [%s]\n", value));
 		rc = True;
 	} else {
 		DEBUG(0,("update: %s\n", ldap_err2string(err)));
 		rc = False;
 	}
 
-	ldap_close_connection();
+	ldap_disconnect();
 	ldap_mods_free(mods, 1);
 	return rc;
 }
 
 
+/************************************************************************
+  Return next available RID, starting from 1000
+ ************************************************************************/
+
+BOOL ldap_allocaterid(uint32 *rid)
+{
+	pstring newdn;
+	fstring rid_str;
+	LDAPMod **mods;
+	char *dn;
+	int err;
+
+	DEBUG(2, ("Allocating new RID\n"));
+
+	if (!ldap_connect())
+		return (False);
+
+	ldap_search_for("(&(id=root)(objectClass=sambaConfig))");
+
+	if (ldap_entry && ldap_get_attribute("nextrid", rid_str))
+		*rid = strtol(rid_str, NULL, 16);
+	else
+		*rid = 1000;
+
+	mods = NULL;
+	if(!ldap_entry)
+	{
+		ldap_make_mod(&mods, LDAP_MOD_ADD, "objectClass",
+			      "sambaConfig");
+		ldap_make_mod(&mods, LDAP_MOD_ADD, "id", "root");
+	}
+
+	slprintf(rid_str, sizeof(fstring)-1, "%x", (*rid) + 1);
+	ldap_make_mod(&mods, LDAP_MOD_REPLACE, "nextrid", rid_str);
+
+	if (ldap_entry)
+	{
+                dn = ldap_get_dn(ldap_struct, ldap_entry);
+                err = ldap_modify_s(ldap_struct, dn, mods);
+                free(dn);
+	} else {
+		pstrcpy(newdn, "id=root, ");
+		pstrcat(newdn, lp_ldap_suffix());
+		ldap_add_s(ldap_struct, newdn, mods);
+	}
+
+	ldap_disconnect();
+
+	if(err != LDAP_SUCCESS)
+	{
+		DEBUG(0,("nextrid update: %s\n", ldap_err2string(err)));
+		return (False);
+	}
+
+	return (True);
+}
+
+
 /***************************************************************
   Begin/end account enumeration.
  ****************************************************************/
 
 static void *ldap_enumfirst(BOOL update)
 {
-	if (!ldap_open_connection(False))
+	if (!ldap_connect())
 		return NULL;
 
 	ldap_search_for("objectclass=sambaAccount");
@@ -359,7 +426,7 @@ static void *ldap_enumfirst(BOOL update)
 
 static void ldap_enumclose(void *vp)
 {
-	ldap_close_connection();
+	ldap_disconnect();
 }
 
 
@@ -387,13 +454,13 @@ static struct smb_passwd *ldap_getpwbynam(const char *name)
 {
 	struct smb_passwd *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return NULL;
 
 	ldap_search_by_name(name);
 	ret = ldap_getpw();
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -401,19 +468,23 @@ static struct smb_passwd *ldap_getpwbyuid(uid_t userid)
 {
 	struct smb_passwd *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return NULL;
 
 	ldap_search_by_uid(userid);
 	ret = ldap_getpw();
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
 static struct smb_passwd *ldap_getcurrentpw(void *vp)
 {
-	return ldap_getpw();
+	struct smb_passwd *ret;
+
+	ret = ldap_getpw();
+	ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
+	return ret;
 }
 
 
@@ -424,6 +495,9 @@ static BOOL ldap_addpw(struct smb_passwd *newpwd)
 {
 	LDAPMod **mods;
 
+	if (!newpwd || !ldap_allocaterid(&newpwd->user_rid))
+		return (False);
+
 	ldap_smbpwmods(newpwd, &mods, LDAP_MOD_ADD);
 	return ldap_makemods("uid", newpwd->unix_name, mods, True);
 }
@@ -432,6 +506,9 @@ static BOOL ldap_modpw(struct smb_passwd *pwd, BOOL override)
 {
 	LDAPMod **mods;
 
+	if (!pwd)
+		return (False);
+
 	ldap_smbpwmods(pwd, &mods, LDAP_MOD_REPLACE);
 	return ldap_makemods("uid", pwd->unix_name, mods, False);
 }
diff --git a/source3/passdb/passgrpldap.c b/source3/passdb/passgrpldap.c
index 3d647cd776..1092a3c5b1 100644
--- a/source3/passdb/passgrpldap.c
+++ b/source3/passdb/passgrpldap.c
@@ -66,7 +66,7 @@ static void ldappassgrp_member(char *attribute, uint32 **rids, int *numrids)
 
 static void *ldappassgrp_enumfirst(BOOL update)
 {
-	if (!ldap_open_connection(False))
+	if (!ldap_connect())
 		return NULL;
 
 	ldap_search_for("&(objectclass=sambaAccount)(|(group=*)(alias=*))");
@@ -76,7 +76,7 @@ static void *ldappassgrp_enumfirst(BOOL update)
 
 static void ldappassgrp_enumclose(void *vp)
 {
-	ldap_close_connection();
+	ldap_disconnect();
 }
 
 
@@ -106,7 +106,7 @@ static struct smb_passwd *ldappassgrp_getpwbynam(const char *name,
 {
 	struct smb_passwd *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return NULL;
 
 	ldap_search_by_ntname(name);
@@ -114,7 +114,7 @@ static struct smb_passwd *ldappassgrp_getpwbynam(const char *name,
 	ldappassgrp_member("alias", als_rids, num_alss);
 	ret = ldap_getpw();
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -124,7 +124,7 @@ static struct smb_passwd *ldappassgrp_getpwbyuid(uid_t userid,
 {
 	struct smb_passwd *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return NULL;
 
 	ldap_search_by_uid(userid);
@@ -132,7 +132,7 @@ static struct smb_passwd *ldappassgrp_getpwbyuid(uid_t userid,
 	ldappassgrp_member("alias", als_rids, num_alss);
 	ret = ldap_getpw();
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -142,7 +142,7 @@ static struct smb_passwd *ldappassgrp_getpwbyrid(uint32 user_rid,
 {
 	struct smb_passwd *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return NULL;
 
 	ldap_search_by_rid(user_rid);
@@ -150,7 +150,7 @@ static struct smb_passwd *ldappassgrp_getpwbyrid(uint32 user_rid,
 	ldappassgrp_member("alias", als_rids, num_alss);
 	ret = ldap_getpw();
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
diff --git a/source3/passdb/sampassldap.c b/source3/passdb/sampassldap.c
index 1c3283df0f..e456b6ab43 100644
--- a/source3/passdb/sampassldap.c
+++ b/source3/passdb/sampassldap.c
@@ -30,9 +30,9 @@
 extern int DEBUGLEVEL;
 
 /* Internal state */
-LDAP *ldap_struct;
-LDAPMessage *ldap_results;
-LDAPMessage *ldap_entry;
+extern LDAP *ldap_struct;
+extern LDAPMessage *ldap_results;
+extern LDAPMessage *ldap_entry;
 
 
 /*******************************************************************
@@ -44,7 +44,7 @@ BOOL ldap_search_by_rid(uint32 rid)
         fstring filter;
 
         slprintf(filter, sizeof(filter)-1,
-                 "(&(rid=%d)(objectclass=sambaAccount))", rid);
+                 "(&(rid=%x)(objectclass=sambaAccount))", rid);
         return ldap_search_for(filter);
 }
 
@@ -120,7 +120,7 @@ static struct sam_passwd *ldapsam_getsam()
 		sam21->unix_gid = (gid_t)(-1);
 	
 	if(ldap_get_attribute("grouprid", temp))
-		sam21->group_rid = atoi(temp);
+		sam21->group_rid = strtol(temp, NULL, 16);
 	else
 		sam21->group_rid = 0xFFFFFFFF;
 	
@@ -174,6 +174,7 @@ static struct sam_passwd *ldapsam_getsam()
         sam21->unknown_str = NULL;
         sam21->munged_dial = NULL;
 
+        ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
 	return sam21;
 }
 
@@ -201,7 +202,7 @@ static struct sam_disp_info *ldapsam_getdispinfo()
 	DEBUG(2,("Retrieving account [%s]\n",nt_name));
 
 	if(ldap_get_attribute("rid", temp))
-		dispinfo.user_rid = atoi(temp);
+		dispinfo.user_rid = strtol(temp, NULL, 16);
 	else {
 		DEBUG(0,("Missing rid\n"));
 		return NULL; }
@@ -211,6 +212,7 @@ static struct sam_disp_info *ldapsam_getdispinfo()
 	else
 		dispinfo.full_name = NULL;
 
+        ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
 	return &dispinfo;
 }
 
@@ -231,7 +233,7 @@ static void ldapsam_sammods(struct sam_passwd *newpwd, LDAPMod ***mods,
 	slprintf(temp, sizeof(temp)-1, "%d", newpwd->unix_gid);
 	ldap_make_mod(mods, operation, "gidNumber", temp);
 
-	slprintf(temp, sizeof(temp)-1, "%d", newpwd->group_rid);
+	slprintf(temp, sizeof(temp)-1, "%x", newpwd->group_rid);
 	ldap_make_mod(mods, operation, "grouprid", temp);
 
 	ldap_make_mod(mods, operation, "cn", newpwd->full_name);
@@ -261,7 +263,7 @@ static void ldapsam_sammods(struct sam_passwd *newpwd, LDAPMod ***mods,
 
 static void *ldapsam_enumfirst(BOOL update)
 {
-	if (!ldap_open_connection(False))
+	if (!ldap_connect())
 		return NULL;
 
 	ldap_search_for("objectclass=sambaAccount");
@@ -271,7 +273,7 @@ static void *ldapsam_enumfirst(BOOL update)
 
 static void ldapsam_enumclose(void *vp)
 {
-	ldap_close_connection();
+	ldap_disconnect();
 }
 
 
@@ -299,13 +301,13 @@ static struct sam_passwd *ldapsam_getsambynam(const char *name)
 {
 	struct sam_passwd *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 		return NULL;
 
 	ldap_search_by_ntname(name);
 	ret = ldapsam_getsam();
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -313,13 +315,13 @@ static struct sam_passwd *ldapsam_getsambyuid(uid_t userid)
 {
 	struct sam_passwd *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 	   return NULL;
 
 	ldap_search_by_uid(userid);
 	ret = ldapsam_getsam();
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -327,13 +329,13 @@ static struct sam_passwd *ldapsam_getsambyrid(uint32 user_rid)
 {
 	struct sam_passwd *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 	   return NULL;
 
 	ldap_search_by_rid(user_rid);
 	ret = ldapsam_getsam();
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -351,6 +353,9 @@ static BOOL ldapsam_addsam(struct sam_passwd *newpwd)
 {	
 	LDAPMod **mods;
 
+	if (!newpwd || !ldap_allocaterid(&newpwd->user_rid))
+		return (False);
+
 	ldapsam_sammods(newpwd, &mods, LDAP_MOD_ADD);
 	return ldap_makemods("uid", newpwd->unix_name, mods, True);
 }
@@ -359,6 +364,9 @@ static BOOL ldapsam_modsam(struct sam_passwd *pwd, BOOL override)
 {
 	LDAPMod **mods;
 
+	if (!pwd)
+		return (False);
+
 	ldapsam_sammods(pwd, &mods, LDAP_MOD_REPLACE);
 	return ldap_makemods("uid", pwd->unix_name, mods, False);
 }
@@ -372,13 +380,13 @@ static struct sam_disp_info *ldapsam_getdispbynam(const char *name)
 {
 	struct sam_disp_info *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 	   return NULL;
 
 	ldap_search_by_ntname(name);
 	ret = ldapsam_getdispinfo();
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }
 
@@ -386,13 +394,13 @@ static struct sam_disp_info *ldapsam_getdispbyrid(uint32 user_rid)
 {
 	struct sam_disp_info *ret;
 
-	if(!ldap_open_connection(False))
+	if(!ldap_connect())
 	   return NULL;
 
 	ldap_search_by_rid(user_rid);
 	ret = ldapsam_getdispinfo();
 
-	ldap_close_connection();
+	ldap_disconnect();
 	return ret;
 }