summaryrefslogtreecommitdiff
path: root/source3/groupdb/groupldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/groupdb/groupldap.c')
-rw-r--r--source3/groupdb/groupldap.c158
1 files changed, 138 insertions, 20 deletions
diff --git a/source3/groupdb/groupldap.c b/source3/groupdb/groupldap.c
index df0d755240..4411ead14c 100644
--- a/source3/groupdb/groupldap.c
+++ b/source3/groupdb/groupldap.c
@@ -28,6 +28,7 @@
#include <ldap.h>
extern int DEBUGLEVEL;
+extern DOM_SID global_sam_sid;
/* Internal state */
extern LDAP *ldap_struct;
@@ -48,6 +49,7 @@ static DOMAIN_GRP *ldapgroup_getgrp(DOMAIN_GRP *group,
fstring temp;
char **values;
DOMAIN_GRP_MEMBER *memblist;
+ char *value, *sep;
int i;
if(!ldap_entry)
@@ -60,7 +62,7 @@ static DOMAIN_GRP *ldapgroup_getgrp(DOMAIN_GRP *group,
DEBUG(2,("Retrieving group [%s]\n", group->name));
if(ldap_get_attribute("rid", temp)) {
- group->rid = atoi(temp);
+ group->rid = strtol(temp, NULL, 16);
} else {
DEBUG(0, ("Missing rid\n"));
return NULL;
@@ -76,16 +78,33 @@ static DOMAIN_GRP *ldapgroup_getgrp(DOMAIN_GRP *group,
return group;
}
- if(values = ldap_get_values(ldap_struct, ldap_entry, "uidMember")) {
-
- DEBUG(0, ("Need to return NT names here\n"));
+ if(values = ldap_get_values(ldap_struct, ldap_entry, "member")) {
*num_membs = i = ldap_count_values(values);
*members = memblist = malloc(i * sizeof(DOMAIN_GRP_MEMBER));
do {
- fstrcpy(memblist[--i].name, values[i]);
+ value = values[--i];
+
+ if(!(sep = strchr(value, ','))) {
+ DEBUG(0, ("Malformed group member\n"));
+ return NULL;
+ }
+ *(sep++) = 0;
+ fstrcpy(memblist[i].name, value);
+
+ if(!(value = strchr(sep, ','))) {
+ DEBUG(0, ("Malformed group member\n"));
+ return NULL;
+ }
+ memblist[i].rid = strtol(sep, &value, 16);
+
+ if((memblist[i].sid_use = atoi(value+1))
+ >= SID_NAME_UNKNOWN)
+ DEBUG(0, ("Invalid SID use in group"));
+
memblist[i].attr = 0x7;
+
} while(i > 0);
ldap_value_free(values);
@@ -115,10 +134,7 @@ static void ldapgroup_grpmods(DOMAIN_GRP *group, LDAPMod ***mods,
ldap_make_mod(mods, LDAP_MOD_ADD, "objectClass", "sambaGroup");
ldap_make_mod(mods, LDAP_MOD_ADD, "cn", group->name);
- slprintf(temp, sizeof(temp)-1, "%d", (gid_t)(-1));
- ldap_make_mod(mods, LDAP_MOD_ADD, "gidNumber", temp);
-
- slprintf(temp, sizeof(temp)-1, "%d", group->rid);
+ slprintf(temp, sizeof(temp)-1, "%x", group->rid);
ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
}
@@ -126,6 +142,30 @@ static void ldapgroup_grpmods(DOMAIN_GRP *group, LDAPMod ***mods,
}
+/************************************************************************
+ Create a group member entry
+ ************************************************************************/
+
+static BOOL ldapgroup_memmods(uint32 user_rid, LDAPMod ***mods, int operation)
+{
+ pstring member;
+ fstring name;
+ DOM_SID sid;
+ uint8 type;
+
+ sid_copy(&sid, &global_sam_sid);
+ sid_append_rid(&sid, user_rid);
+ if (lookup_sid(&sid, name, &type))
+ return (False);
+
+ slprintf(member, sizeof(member)-1, "%s,%x,%d", name, user_rid, type);
+
+ *mods = NULL;
+ ldap_make_mod(mods, operation, "member", member);
+ return True;
+}
+
+
/***************************************************************
Begin/end domain group enumeration.
****************************************************************/
@@ -138,7 +178,7 @@ static void *ldapgroup_enumfirst(BOOL update)
server_role == ROLE_DOMAIN_MEMBER)
return NULL;
- if (!ldap_open_connection(False))
+ if (!ldap_connect())
return NULL;
ldap_search_for("objectclass=sambaGroup");
@@ -148,7 +188,7 @@ static void *ldapgroup_enumfirst(BOOL update)
static void ldapgroup_enumclose(void *vp)
{
- ldap_close_connection();
+ ldap_disconnect();
}
@@ -178,7 +218,7 @@ static DOMAIN_GRP *ldapgroup_getgrpbynam(const char *name,
fstring filter;
DOMAIN_GRP *ret;
- if(!ldap_open_connection(False))
+ if(!ldap_connect())
return (False);
slprintf(filter, sizeof(filter)-1,
@@ -187,7 +227,7 @@ static DOMAIN_GRP *ldapgroup_getgrpbynam(const char *name,
ret = ldapgroup_getgrp(&domgrp, members, num_membs);
- ldap_close_connection();
+ ldap_disconnect();
return ret;
}
@@ -197,7 +237,7 @@ static DOMAIN_GRP *ldapgroup_getgrpbygid(gid_t grp_id,
fstring filter;
DOMAIN_GRP *ret;
- if(!ldap_open_connection(False))
+ if(!ldap_connect())
return (False);
slprintf(filter, sizeof(filter)-1,
@@ -206,7 +246,7 @@ static DOMAIN_GRP *ldapgroup_getgrpbygid(gid_t grp_id,
ret = ldapgroup_getgrp(&domgrp, members, num_membs);
- ldap_close_connection();
+ ldap_disconnect();
return ret;
}
@@ -216,16 +256,16 @@ static DOMAIN_GRP *ldapgroup_getgrpbyrid(uint32 grp_rid,
fstring filter;
DOMAIN_GRP *ret;
- if(!ldap_open_connection(False))
+ if(!ldap_connect())
return (False);
slprintf(filter, sizeof(filter)-1,
- "(&(rid=%d)(objectClass=sambaGroup))", grp_rid);
+ "(&(rid=%x)(objectClass=sambaGroup))", grp_rid);
ldap_search_for(filter);
ret = ldapgroup_getgrp(&domgrp, members, num_membs);
- ldap_close_connection();
+ ldap_disconnect();
return ret;
}
@@ -237,13 +277,19 @@ static DOMAIN_GRP *ldapgroup_getcurrentgrp(void *vp,
/*************************************************************************
- Add/modify domain groups.
+ Add/modify/delete domain groups.
*************************************************************************/
static BOOL ldapgroup_addgrp(DOMAIN_GRP *group)
{
LDAPMod **mods;
+ if (!ldap_allocaterid(&group->rid))
+ {
+ DEBUG(0,("RID generation failed\n"));
+ return (False);
+ }
+
ldapgroup_grpmods(group, &mods, LDAP_MOD_ADD);
return ldap_makemods("cn", group->name, mods, True);
}
@@ -256,6 +302,69 @@ static BOOL ldapgroup_modgrp(DOMAIN_GRP *group)
return ldap_makemods("cn", group->name, mods, False);
}
+static BOOL ldapgroup_delgrp(uint32 grp_rid)
+{
+ fstring filter;
+ char *dn;
+ int err;
+
+ if (!ldap_connect())
+ return (False);
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(rid=%x)(objectClass=sambaGroup))", grp_rid);
+ ldap_search_for(filter);
+
+ if (!ldap_entry || !(dn = ldap_get_dn(ldap_struct, ldap_entry)))
+ {
+ ldap_disconnect();
+ return (False);
+ }
+
+ err = ldap_delete_s(ldap_struct, dn);
+ free(dn);
+ ldap_disconnect();
+
+ if (err != LDAP_SUCCESS)
+ {
+ DEBUG(0, ("delete: %s\n", ldap_err2string(err)));
+ return (False);
+ }
+
+ return True;
+}
+
+
+/*************************************************************************
+ Add users to/remove users from groups.
+ *************************************************************************/
+
+static BOOL ldapgroup_addmem(uint32 grp_rid, uint32 user_rid)
+{
+ LDAPMod **mods;
+ fstring rid_str;
+
+ slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
+
+ if(!ldapgroup_memmods(user_rid, &mods, LDAP_MOD_ADD))
+ return (False);
+
+ return ldap_makemods("rid", rid_str, mods, False);
+}
+
+static BOOL ldapgroup_delmem(uint32 grp_rid, uint32 user_rid)
+{
+ LDAPMod **mods;
+ fstring rid_str;
+
+ slprintf(rid_str, sizeof(rid_str)-1, "%x", grp_rid);
+
+ if(!ldapgroup_memmods(user_rid, &mods, LDAP_MOD_DELETE))
+ return (False);
+
+ return ldap_makemods("rid", rid_str, mods, False);
+}
+
/*************************************************************************
Return domain groups that a user is in.
@@ -268,14 +377,18 @@ static BOOL ldapgroup_getusergroups(const char *name, DOMAIN_GRP **groups,
fstring filter;
int i;
+ if(!ldap_connect())
+ return (False);
+
slprintf(filter, sizeof(pstring)-1,
- "(&(uidMember=%s)(objectclass=sambaGroup))", name);
+ "(&(member=%s,*)(objectclass=sambaGroup))", name);
ldap_search_for(filter);
*num_grps = i = ldap_count_entries(ldap_struct, ldap_results);
if(!i) {
*groups = NULL;
+ ldap_disconnect();
return (True);
}
@@ -284,6 +397,7 @@ static BOOL ldapgroup_getusergroups(const char *name, DOMAIN_GRP **groups,
i--;
} while(ldapgroup_getgrp(&grouplist[i], NULL, NULL) && (i > 0));
+ ldap_disconnect();
return (True);
}
@@ -302,6 +416,10 @@ static struct groupdb_ops ldapgroup_ops =
ldapgroup_addgrp,
ldapgroup_modgrp,
+ ldapgroup_delgrp,
+
+ ldapgroup_addmem,
+ ldapgroup_delmem,
ldapgroup_getusergroups
};