svn commit: samba r13698 - in trunk/source/passdb: .

idra at samba.org idra at samba.org
Sun Feb 26 19:23:11 GMT 2006 

Author: idra
Date: 2006-02-26 19:23:09 +0000 (Sun, 26 Feb 2006)
New Revision: 13698

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13698

Log:

Add editposix special set primary group call
General fixes


Modified:
   trunk/source/passdb/pdb_ldap.c


Changeset:
Modified: trunk/source/passdb/pdb_ldap.c
===================================================================
--- trunk/source/passdb/pdb_ldap.c	2006-02-26 16:21:30 UTC (rev 13697)
+++ trunk/source/passdb/pdb_ldap.c	2006-02-26 19:23:09 UTC (rev 13698)
@@ -2375,14 +2375,14 @@
 		}
 
 		for (memberuid = values; *memberuid != NULL; memberuid += 1) {
-			filter = talloc_asprintf(mem_ctx, "%s(uidNumber=%s)", filter, *memberuid);
+			filter = talloc_asprintf_append(filter, "(uid=%s)", *memberuid);
 			if (filter == NULL) {
 				ret = NT_STATUS_NO_MEMORY;
 				goto done;
 			}
 		}
 
-		filter = talloc_asprintf(mem_ctx, "%s))", filter);
+		filter = talloc_asprintf_append(filter, "))");
 		if (filter == NULL) {
 			ret = NT_STATUS_NO_MEMORY;
 			goto done;
@@ -3754,13 +3754,12 @@
 			continue;
 		}
 
-		attr = smbldap_talloc_single_attribute(ld, entry, "cn", names);
+		attr = smbldap_talloc_single_attribute(ld, entry, "displayName", names);
 
 		if (attr == NULL) {
-			DEBUG(10, ("Could not retrieve 'cn' attribute from %s\n",
+			DEBUG(10, ("Could not retrieve 'displayName' attribute from %s\n",
 				   dn));
-			attr = smbldap_talloc_single_attribute(
-				ld, entry, "displayName", names);
+			attr = smbldap_talloc_single_attribute(ld, entry, "cn", names);
 		}
 
 		if (attr == NULL) {
@@ -4738,6 +4737,8 @@
 
 	DEBUG(2,("ldapsam_create_user: added account [%s] in the LDAP database\n", name));
 
+	flush_pwnam_cache();
+
 	return NT_STATUS_OK;
 }
 
@@ -4753,7 +4754,11 @@
 
 	DEBUG(0,("ldapsam_delete_user: Attempt to delete user [%s]\n", pdb_get_username(sam_acct)));
 	
-	filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass=posixAccount))", pdb_get_username(sam_acct));
+	filter = talloc_asprintf(tmp_ctx,
+				 "(&(uid=%s)"
+				 "(objectClass=posixAccount)"
+				 "(objectClass=sambaSamAccount))",
+				 pdb_get_username(sam_acct));
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
 	if (rc != LDAP_SUCCESS) {
@@ -4791,6 +4796,8 @@
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
+	flush_pwnam_cache();
+
 	return NT_STATUS_OK;
 }
 
@@ -5005,7 +5012,11 @@
 	}
 
 	/* check no user have this group marked as primary group */
-	filter = talloc_asprintf(tmp_ctx, "(&(gidNumber=%s)(objectClass=posixAccount))", gidstr);
+	filter = talloc_asprintf(tmp_ctx,
+				 "(&(gidNumber=%s)"
+				 "(objectClass=posixAccount)"
+				 "(objectClass=sambaSamAccount))",
+				 gidstr);
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
 	if (rc != LDAP_SUCCESS) {
@@ -5062,9 +5073,14 @@
 	sid_copy(&member_sid, get_global_sam_sid());
 	sid_append_rid(&member_sid, member_rid);
 
+	/* get the group sid */
+	sid_copy(&group_sid, get_global_sam_sid());
+	sid_append_rid(&group_sid, group_rid);
+
 	filter = talloc_asprintf(tmp_ctx,
 				 "(&(sambaSID=%s)"
-				 "(objectClass=posixAccount))",
+				 "(objectClass=posixAccount)"
+				 "(objectClass=sambaSamAccount))",
 				 sid_string_static(&member_sid));
 
 	/* get the member uid */
@@ -5092,17 +5108,37 @@
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
+	if (modop == LDAP_MOD_DELETE) {
+		/* check if we are trying to remove the member from his primary group */
+		char *gidstr;
+		gid_t user_gid, group_gid;
+		
+		gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", tmp_ctx);
+		if (!gidstr) {
+			DEBUG (0, ("ldapsam_change_groupmem: Unable to find the member's gid!\n"));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		user_gid = strtoul(gidstr, NULL, 10);
+	
+		if (!sid_to_gid(&group_sid, &group_gid)) {
+			DEBUG (0, ("ldapsam_change_groupmem: Unable to get group gid from SID!\n"));
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		if (user_gid == group_gid) {
+			DEBUG (3, ("ldapsam_change_groupmem: can't remove user from it's own primary group!\n"));
+			return NT_STATUS_MEMBERS_PRIMARY_GROUP;
+		}
+	}
+
 	/* here it is, retrieve the uid for later use */
-	uidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "uidNumber", tmp_ctx);
+	uidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "uid", tmp_ctx);
 	if (!uidstr) {
-		DEBUG (0, ("ldapsam_change_groupmem: Unable to find the member's uid!\n"));
+		DEBUG (0, ("ldapsam_change_groupmem: Unable to find the member's name!\n"));
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
-	/* get the group sid */
-	sid_copy(&group_sid, get_global_sam_sid());
-	sid_append_rid(&group_sid, group_rid);
-
 	filter = talloc_asprintf(tmp_ctx,
 				 "(&(sambaSID=%s)"
 				 "(objectClass=posixGroup)"
@@ -5147,15 +5183,14 @@
 
 	rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
 	if (rc != LDAP_SUCCESS) {
-		if (rc == LDAP_TYPE_OR_VALUE_EXISTS) {
-			if (modop == LDAP_MOD_ADD) {
-				DEBUG(1,("ldapsam_change_groupmem: member is already in group, add failed!\n"));
-				return NT_STATUS_MEMBER_IN_GROUP;
-			} else {
-				DEBUG(1,("ldapsam_change_groupmem: member is not in group, delete failed!\n"));
-				return NT_STATUS_MEMBER_NOT_IN_GROUP;
-			}
+		if (rc == LDAP_TYPE_OR_VALUE_EXISTS && modop == LDAP_MOD_ADD) {
+			DEBUG(1,("ldapsam_change_groupmem: member is already in group, add failed!\n"));
+			return NT_STATUS_MEMBER_IN_GROUP;
 		}
+		if (rc == LDAP_NO_SUCH_ATTRIBUTE && modop == LDAP_MOD_DELETE) {
+			DEBUG(1,("ldapsam_change_groupmem: member is not in group, delete failed!\n"));
+			return NT_STATUS_MEMBER_NOT_IN_GROUP;
+		}
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 	
@@ -5177,6 +5212,95 @@
 	return ldapsam_change_groupmem(my_methods, tmp_ctx, group_rid, member_rid, LDAP_MOD_DELETE);
 }
 
+static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
+					  TALLOC_CTX *mem_ctx,
+					  struct samu *sampass)
+{
+	struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
+	LDAPMessage *entry = NULL;
+	LDAPMessage *result = NULL;
+	uint32 num_result;
+	LDAPMod **mods = NULL;
+	char *filter;
+	char *gidstr;
+	char *newgidstr;
+	const char *dn = NULL;
+	gid_t gid;
+	int rc;
+
+	DEBUG(0,("ldapsam_set_primary_group: Attempt to set primary group for user [%s]\n", pdb_get_username(sampass)));
+
+	if (!sid_to_gid(pdb_get_group_sid(sampass), &gid)) {
+		DEBUG(0,("ldapsam_set_primary_group: failed to retieve gid from user's group SID!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	newgidstr = talloc_asprintf(mem_ctx, "%d", gid);
+	if (!newgidstr) {
+		DEBUG(0,("ldapsam_set_primary_group: Out of Memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	filter = talloc_asprintf(mem_ctx,
+				 "(&(uid=%s)"
+				 "(objectClass=posixAccount)"
+				 "(objectClass=sambaSamAccount))",
+				 pdb_get_username(sampass));
+
+	rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
+	if (rc != LDAP_SUCCESS) {
+		DEBUG(0,("ldapsam_set_primary_group: user search failed!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	talloc_autofree_ldapmsg(mem_ctx, result);
+
+	num_result = ldap_count_entries(priv2ld(ldap_state), result);
+
+	if (num_result == 0) {
+		DEBUG(0,("ldapsam_set_primary_group: user not found!\n"));
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	if (num_result > 1) {
+		DEBUG (0, ("ldapsam_set_primary_group: More than one user with name [%s] ?!\n", pdb_get_username(sampass)));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	entry = ldap_first_entry(priv2ld(ldap_state), result);
+	if (!entry) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* retrieve the dn for later use */
+	dn = smbldap_talloc_dn(mem_ctx, priv2ld(ldap_state), entry);
+	if (!dn) {
+		DEBUG(0,("ldapsam_set_primary_group: Out of memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* retrieve the current gid */
+	gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", mem_ctx);
+	if (!gidstr) {
+		DEBUG (0, ("ldapsam_set_primary_group: Unable to find the user's gid!\n"));
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* remove the old one, and add the new one, this way we do not risk races */
+	smbldap_set_mod(&mods, LDAP_MOD_DELETE, "gidNumber", gidstr);
+	smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", newgidstr);
+
+	rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
+
+	if (rc != LDAP_SUCCESS) {
+		DEBUG(0,("ldapsam_set_primary_group: failed to modify [%s] primary group [%s] -> [%s]\n",
+			 pdb_get_username(sampass), gidstr, newgidstr));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	flush_pwnam_cache();
+
+	return NT_STATUS_OK;
+}
+
 /**********************************************************************
  Housekeeping
  *********************************************************************/
@@ -5250,6 +5374,7 @@
 		(*pdb_method)->delete_dom_group = ldapsam_delete_dom_group;
 		(*pdb_method)->add_groupmem = ldapsam_add_groupmem;
 		(*pdb_method)->del_groupmem = ldapsam_del_groupmem;
+		(*pdb_method)->set_unix_primary_group = ldapsam_set_primary_group;
 	}
 	/* TODO: Setup private data and free */

More information about the samba-cvs mailing list