search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
preparing for release of alpha-2.6
[Samba/gbeck.git] / source / groupdb / builtinnt5ldap.c
blob20b8c296a3f5e710562db3ba065e816b4f1d74b8
1
2 /*
3 Unix SMB/Netbios implementation.
4 Version 2.0.
5 LDAP builtin group database for SAMBA
6 Copyright (C) Matthew Chapman 1998
7 Copyright (C) Luke Howard 2000
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22
23 */
24
25 #include "includes.h"
26
27 #ifdef WITH_NT5LDAP
28
29 #include <lber.h>
30 #include <ldap.h>
31 #include "ldapdb.h"
32 #include "sids.h"
33
34 extern int DEBUGLEVEL;
35
36 /* Static structure filled for requests */
37 static LOCAL_GRP localgrp;
38
39
40 /***************************************************************
41 Begin/end smbgrp enumeration.
42 ****************************************************************/
43
44 static void *
45 nt5ldapbuiltin_enumfirst (BOOL update)
46 {
47 LDAPDB_DECLARE_HANDLE (hds);
48 fstring filter;
49
50 if (!ldapdb_open (&hds))
51 {
52 return NULL;
53 }
54
55 slprintf (filter, sizeof (filter) - 1, "(&(objectClass=Group)(groupType=%d))",
56 NTDS_GROUP_TYPE_BUILTIN_GROUP | NTDS_GROUP_TYPE_DOMAIN_LOCAL_GROUP | NTDS_GROUP_TYPE_SECURITY_ENABLED);
57 if (!ldapdb_search (hds, NULL, filter, NULL, LDAP_NO_LIMIT))
58 {
59 ldapdb_close (&hds);
60 return NULL;
61 }
62
63 return hds;
64 }
65
66 static void
67 nt5ldapbuiltin_enumclose (void *vp)
68 {
69 LDAPDB *hds = (LDAPDB *) vp;
70
71 ldapdb_close (&hds);
72 return;
73 }
74
75
76 /*************************************************************************
77 Save/restore the current position in a query
78 *************************************************************************/
79
80 static SMB_BIG_UINT
81 nt5ldapbuiltin_getdbpos (void *vp)
82 {
83 return 0;
84 }
85
86 static BOOL
87 nt5ldapbuiltin_setdbpos (void *vp, SMB_BIG_UINT tok)
88 {
89 return False;
90 }
91
92
93 /*************************************************************************
94 Return limited smb_passwd information, and group membership.
95 *************************************************************************/
96
97 static LOCAL_GRP *
98 nt5ldapbuiltin_getgrpbynam (const char *name,
99 LOCAL_GRP_MEMBER ** members, int *num_membs)
100 {
101 fstring filter;
102 BOOL ret;
103 LDAPDB_DECLARE_HANDLE (hds);
104
105 if (!ldapdb_open (&hds))
106 {
107 return (NULL);
108 }
109
110 slprintf (filter, sizeof (filter) - 1,
111 "(&(objectClass=Group)(sAMAccountName=%s)(groupType=%d))", name,
112 NTDS_GROUP_TYPE_BUILTIN_GROUP | NTDS_GROUP_TYPE_DOMAIN_LOCAL_GROUP | NTDS_GROUP_TYPE_SECURITY_ENABLED);
113 if (!ldapdb_search (hds, NULL, filter, NULL, 1))
114 {
115 ldapdb_close (&hds);
116 return NULL;
117 }
118
119 ret = nt5ldap_make_local_grp (hds, &localgrp, members, num_membs, NTDS_GROUP_TYPE_BUILTIN_GROUP);
120
121 ldapdb_close (&hds);
122
123 return ret ? &localgrp : NULL;
124 }
125
126 static LOCAL_GRP *
127 nt5ldapbuiltin_getgrpbygid (gid_t grp_id,
128 LOCAL_GRP_MEMBER ** members, int *num_membs)
129 {
130 fstring filter;
131 BOOL ret;
132 LDAPDB_DECLARE_HANDLE (hds);
133
134 if (!ldapdb_open (&hds))
135 {
136 return (NULL);
137 }
138
139 slprintf (filter, sizeof (filter) - 1,
140 "(&(objectClass=Group)(gidNumber=%d)(groupType=%d))", grp_id,
141 NTDS_GROUP_TYPE_BUILTIN_GROUP | NTDS_GROUP_TYPE_DOMAIN_LOCAL_GROUP | NTDS_GROUP_TYPE_SECURITY_ENABLED);
142 if (!ldapdb_search (hds, NULL, filter, NULL, 1))
143 {
144 ldapdb_close (&hds);
145 return NULL;
146 }
147
148 ret = nt5ldap_make_local_grp (hds, &localgrp, members, num_membs, NTDS_GROUP_TYPE_BUILTIN_GROUP);
149
150 ldapdb_close (&hds);
151
152 return ret ? &localgrp : NULL;
153 }
154
155 static LOCAL_GRP *
156 nt5ldapbuiltin_getgrpbyrid (uint32 grp_rid,
157 LOCAL_GRP_MEMBER ** members, int *num_membs)
158 {
159 fstring filter;
160 fstring sidfilter;
161 BOOL ret;
162 LDAPDB_DECLARE_HANDLE (hds);
163
164 if (!ldapdb_make_rid_filter ("objectSid", grp_rid, sidfilter))
165 {
166 return NULL;
167 }
168
169 if (!ldapdb_open (&hds))
170 {
171 return NULL;
172 }
173
174 slprintf (filter, sizeof (filter) - 1,
175 "(&(objectClass=Group)(%s)(groupType=%d))", sidfilter,
176 NTDS_GROUP_TYPE_BUILTIN_GROUP | NTDS_GROUP_TYPE_DOMAIN_LOCAL_GROUP | NTDS_GROUP_TYPE_SECURITY_ENABLED);
177 if (!ldapdb_search (hds, NULL, filter, NULL, 1))
178 {
179 ldapdb_close (&hds);
180 return NULL;
181 }
182
183 ret = nt5ldap_make_local_grp (hds, &localgrp, members, num_membs, NTDS_GROUP_TYPE_BUILTIN_GROUP);
184
185 ldapdb_close (&hds);
186
187 return ret ? &localgrp : NULL;
188 }
189
190 static LOCAL_GRP *
191 nt5ldapbuiltin_getcurrentgrp (void *vp,
192 LOCAL_GRP_MEMBER ** members, int *num_membs)
193 {
194 BOOL ret = False;
195
196 do
197 {
198 if ((ret = nt5ldap_make_local_grp ((LDAPDB *)vp, &localgrp, members, num_membs, NTDS_GROUP_TYPE_BUILTIN_GROUP)))
199 break;
200 }
201 while (ldapdb_seq((LDAPDB *)vp) == True);
202
203 return ret ? &localgrp : NULL;
204 }
205
206
207 /*************************************************************************
208 Add/modify/delete builtin aliases.
209 *************************************************************************/
210
211 static BOOL
212 nt5ldapbuiltin_addgrp (LOCAL_GRP * group)
213 {
214 LDAPMod **mods = NULL;
215 LDAPDB_DECLARE_HANDLE (hds);
216 BOOL ret;
217
218 if (!ldapdb_open (&hds))
219 {
220 return False;
221 }
222
223 if (!ldapdb_allocate_rid (hds, &group->rid))
224 {
225 DEBUG (0, ("RID generation failed\n"));
226 return False;
227 }
228
229 if (!nt5ldap_local_grp_mods (group, &mods, LDAP_MOD_ADD, NTDS_GROUP_TYPE_BUILTIN_GROUP))
230 {
231 ret = False;
232 }
233 else
234 {
235 ret = ldapdb_update (hds, lp_ldap_builtin_subcontext (), "cn", group->name, mods, True);
236 }
237
238 ldapdb_close (&hds);
239
240 return ret;
241 }
242
243 static BOOL
244 nt5ldapbuiltin_modgrp (LOCAL_GRP * group)
245 {
246 LDAPMod **mods = NULL;
247 LDAPDB_DECLARE_HANDLE (hds);
248 BOOL ret;
249
250 if (!ldapdb_open (&hds))
251 {
252 return False;
253 }
254
255 if (!nt5ldap_local_grp_mods (group, &mods, LDAP_MOD_REPLACE, NTDS_GROUP_TYPE_BUILTIN_GROUP))
256 {
257 ret = False;
258 }
259 else
260 {
261 ret = ldapdb_update (hds, lp_ldap_builtin_subcontext (), "cn", group->name, mods, False);
262 }
263
264 ldapdb_close (&hds);
265
266 return ret;
267 }
268
269 static BOOL
270 nt5ldapbuiltin_delgrp (uint32 grp_rid)
271 {
272 pstring dn;
273 LDAPDB_DECLARE_HANDLE (hds);
274 BOOL ret;
275
276 if (!ldapdb_open (&hds))
277 {
278 return False;
279 }
280
281 if (!ldapdb_rid_to_dn (hds, grp_rid, dn))
282 {
283 ldapdb_close (&hds);
284 return False;
285 }
286
287 ret = ldapdb_delete (hds, dn);
288
289 ldapdb_close (&hds);
290
291 return ret;
292 }
293
294
295 /*************************************************************************
296 Add users to/remove users from aliases.
297 *************************************************************************/
298
299 static BOOL
300 nt5ldapbuiltin_addmem (uint32 grp_rid, const DOM_SID * user_sid)
301 {
302 LDAPMod **mods = NULL;
303 LDAPDB_DECLARE_HANDLE (hds);
304 BOOL ret;
305 pstring userdn, groupdn;
306
307 if (!ldapdb_open (&hds))
308 {
309 return False;
310 }
311
312 if (!ldapdb_rid_to_dn (hds, grp_rid, groupdn))
313 {
314 ldapdb_close (&hds);
315 return False;
316 }
317
318 if (!nt5ldap_local_grp_member_mods (user_sid, &mods, LDAP_MOD_ADD, userdn))
319 {
320 ret = False;
321 }
322 else
323 {
324 ret = ldapdb_commit (hds, groupdn, mods, False);
325 }
326
327 if (ret == True)
328 {
329 mods = NULL;
330 ret = ldapdb_queue_mod (&mods, LDAP_MOD_ADD, "memberOf", groupdn) &&
331 ldapdb_commit (hds, userdn, mods, False);
332 }
333
334 ldapdb_close (&hds);
335
336 return ret;
337 }
338
339 static BOOL
340 nt5ldapbuiltin_delmem (uint32 grp_rid, const DOM_SID * user_sid)
341 {
342 LDAPMod **mods = NULL;
343 LDAPDB_DECLARE_HANDLE (hds);
344 BOOL ret;
345 pstring userdn, groupdn;
346
347 if (!ldapdb_open (&hds))
348 {
349 return False;
350 }
351
352 if (!ldapdb_rid_to_dn (hds, grp_rid, groupdn))
353 {
354 ldapdb_close (&hds);
355 return False;
356 }
357
358 if (!nt5ldap_local_grp_member_mods (user_sid, &mods, LDAP_MOD_DELETE, userdn))
359 {
360 ret = False;
361 }
362 else
363 {
364 ret = ldapdb_commit (hds, groupdn, mods, False);
365 }
366
367 if (ret == True)
368 {
369 mods = NULL;
370 ret = ldapdb_queue_mod (&mods, LDAP_MOD_DELETE, "memberOf", groupdn) &&
371 ldapdb_commit (hds, userdn, mods, False);
372 }
373
374 ldapdb_close (&hds);
375
376 return ret;
377 }
378
379
380 /*************************************************************************
381 Return builtin aliases that a user is in.
382 *************************************************************************/
383
384 static BOOL
385 nt5ldapbuiltin_getusergroups (const char *name, LOCAL_GRP ** groups,
386 int *num_grps)
387 {
388 LOCAL_GRP *grouplist;
389 fstring filter;
390 int i, ngroups;
391 pstring dn;
392 LDAPDB_DECLARE_HANDLE (hds);
393
394 if (!ldapdb_open (&hds))
395 {
396 return False;
397 }
398
399 if (!ldapdb_ntname_to_dn (hds, name, dn))
400 {
401 ldapdb_close (&hds);
402 return False;
403 }
404
405 slprintf (filter, sizeof (pstring) - 1, "(&(objectclass=Group)(member=%s)(groupType=%d))", dn,
406 NTDS_GROUP_TYPE_BUILTIN_GROUP | NTDS_GROUP_TYPE_DOMAIN_LOCAL_GROUP | NTDS_GROUP_TYPE_SECURITY_ENABLED);
407
408 (void) ldapdb_set_synchronous (hds, True);
409 if (!ldapdb_search (hds, NULL, filter, NULL, LDAP_NO_LIMIT))
410 {
411 ldapdb_close (&hds);
412 return False;
413 }
414
415 if (!ldapdb_count_entries (hds, &ngroups))
416 {
417 ldapdb_close (&hds);
418 return False;
419 }
420
421 grouplist = calloc (ngroups, sizeof (LOCAL_GRP));
422 if (grouplist == NULL)
423 {
424 ldapdb_close (&hds);
425 return False;
426 }
427
428 *num_grps = 0;
429
430 for (i = 0; i < ngroups; i++)
431 {
432 if (nt5ldap_make_local_grp (hds, &grouplist[*num_grps], NULL, NULL, NTDS_GROUP_TYPE_BUILTIN_GROUP))
433 {
434 (*num_grps)++;
435 }
436 if (!ldapdb_seq (hds))
437 {
438 break;
439 }
440 }
441
442 ldapdb_close (&hds);
443
444 *groups = grouplist;
445
446 return True;
447 }
448
449
450 static struct aliasdb_ops nt5ldapbuiltin_ops =
451 {
452 nt5ldapbuiltin_enumfirst,
453 nt5ldapbuiltin_enumclose,
454 nt5ldapbuiltin_getdbpos,
455 nt5ldapbuiltin_setdbpos,
456
457 nt5ldapbuiltin_getgrpbynam,
458 nt5ldapbuiltin_getgrpbygid,
459 nt5ldapbuiltin_getgrpbyrid,
460 nt5ldapbuiltin_getcurrentgrp,
461
462 nt5ldapbuiltin_addgrp,
463 nt5ldapbuiltin_modgrp,
464 nt5ldapbuiltin_delgrp,
465
466 nt5ldapbuiltin_addmem,
467 nt5ldapbuiltin_delmem,
468
469 nt5ldapbuiltin_getusergroups
470 };
471
472 struct aliasdb_ops *
473 nt5ldap_initialise_builtin_db (void)
474 {
475 return &nt5ldapbuiltin_ops;
476 }
477
478 #else
479 void builtinnt5ldap_dummy_function (void);
480 void
481 builtinnt5ldap_dummy_function (void)
482 {
483 } /* stop some compilers complaining */
484 #endif
WIP