summaryrefslogtreecommitdiffstats
path: root/source/groupdb
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-12-07 22:52:49 +0000
committerLuke Leighton <lkcl@samba.org>1998-12-07 22:52:49 +0000
commit2bc031e8fafeafdc58c6a8056597b647d00657ae (patch)
tree2c7bd8333111763cdbeb13db73f16ef8796d1729 /source/groupdb
parent8b36c7c08ffa408506c35219e6453a595cbc3a4f (diff)
downloadsamba-2bc031e8fafeafdc58c6a8056597b647d00657ae.tar.gz
samba-2bc031e8fafeafdc58c6a8056597b647d00657ae.tar.xz
samba-2bc031e8fafeafdc58c6a8056597b647d00657ae.zip
added ldap files by Matthew Chapman.
Diffstat (limited to 'source/groupdb')
-rw-r--r--source/groupdb/aliasldap.c316
-rw-r--r--source/groupdb/builtinldap.c317
-rw-r--r--source/groupdb/groupldap.c318
3 files changed, 951 insertions, 0 deletions
diff --git a/source/groupdb/aliasldap.c b/source/groupdb/aliasldap.c
new file mode 100644
index 00000000000..35d810dabc2
--- /dev/null
+++ b/source/groupdb/aliasldap.c
@@ -0,0 +1,316 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 2.0.
+ LDAP local group database for SAMBA
+ Copyright (C) Matthew Chapman 1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+*/
+
+#include "includes.h"
+
+#ifdef WITH_LDAP
+
+#include <lber.h>
+#include <ldap.h>
+
+extern int DEBUGLEVEL;
+
+/* Internal state */
+extern LDAP *ldap_struct;
+extern LDAPMessage *ldap_results;
+extern LDAPMessage *ldap_entry;
+
+/* Static structure filled for requests */
+static LOCAL_GRP localgrp;
+
+
+/***************************************************************
+ Get group and membership information.
+ ****************************************************************/
+
+static LOCAL_GRP *ldapalias_getgrp(LOCAL_GRP *group,
+ LOCAL_GRP_MEMBER **members, int *num_membs)
+{
+ fstring temp;
+ char **values;
+ LOCAL_GRP_MEMBER *memblist;
+ char *value, *sep;
+ int i;
+
+ if(!ldap_entry)
+ return NULL;
+
+ if(!ldap_get_attribute("cn", group->name)) {
+ DEBUG(0, ("Missing cn\n"));
+ return NULL; }
+
+ DEBUG(2,("Retrieving alias [%s]\n", group->name));
+
+ if(ldap_get_attribute("rid", temp)) {
+ group->rid = atoi(temp);
+ } else {
+ DEBUG(0, ("Missing rid\n"));
+ return NULL;
+ }
+
+ if(!ldap_get_attribute("description", group->comment))
+ group->comment[0] = 0;
+
+ if(!members || !num_membs) {
+ ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
+ return group;
+ }
+
+ if(values = ldap_get_values(ldap_struct, ldap_entry, "member")) {
+
+ *num_membs = i = ldap_count_values(values);
+ *members = memblist = malloc(i * sizeof(LOCAL_GRP_MEMBER));
+
+ do {
+ value = values[--i];
+
+ if(!(sep = strchr(value, ','))) {
+ DEBUG(0, ("Malformed alias member\n"));
+ return NULL;
+ }
+ *(sep++) = 0;
+ fstrcpy(memblist[i].name, value);
+
+ if(!(value = strchr(sep, ','))) {
+ DEBUG(0, ("Malformed alias member\n"));
+ return NULL;
+ }
+ *(value++) = 0;
+ string_to_sid(&memblist[i].sid, sep);
+
+ if((memblist[i].sid_use = atoi(value))
+ >= SID_NAME_UNKNOWN)
+ DEBUG(0, ("Invalid SID use in alias"));
+
+ } while(i > 0);
+
+ ldap_value_free(values);
+
+ } else {
+ *num_membs = 0;
+ *members = NULL;
+ }
+
+ return group;
+}
+
+
+/************************************************************************
+ Queues the necessary modifications to save a LOCAL_GRP structure
+ ************************************************************************/
+
+static void ldapalias_grpmods(LOCAL_GRP *group, LDAPMod ***mods, int operation)
+{
+ fstring temp;
+
+ *mods = NULL;
+
+ if(operation == LDAP_MOD_ADD) { /* immutable attributes */
+ ldap_make_mod(mods, LDAP_MOD_ADD, "objectClass", "sambaAlias");
+ ldap_make_mod(mods, LDAP_MOD_ADD, "cn", group->name);
+
+ slprintf(temp, sizeof(temp)-1, "%d", (gid_t)(-1));
+ ldap_make_mod(mods, LDAP_MOD_ADD, "gidNumber", temp);
+
+ slprintf(temp, sizeof(temp)-1, "%d", group->rid);
+ ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
+ }
+
+ ldap_make_mod(mods, operation, "description", group->comment);
+}
+
+
+/***************************************************************
+ Begin/end smbgrp enumeration.
+ ****************************************************************/
+
+static void *ldapalias_enumfirst(BOOL update)
+{
+ if (lp_server_role() == ROLE_DOMAIN_NONE)
+ return NULL;
+
+ if (!ldap_open_connection(False))
+ return NULL;
+
+ ldap_search_for("objectClass=sambaAlias");
+
+ return ldap_struct;
+}
+
+static void ldapalias_enumclose(void *vp)
+{
+ ldap_close_connection();
+}
+
+
+/*************************************************************************
+ Save/restore the current position in a query
+ *************************************************************************/
+
+static SMB_BIG_UINT ldapalias_getdbpos(void *vp)
+{
+ return (SMB_BIG_UINT)((ulong)ldap_entry);
+}
+
+static BOOL ldapalias_setdbpos(void *vp, SMB_BIG_UINT tok)
+{
+ ldap_entry = (LDAPMessage *)((ulong)tok);
+ return (True);
+}
+
+
+/*************************************************************************
+ Return limited smb_passwd information, and group membership.
+ *************************************************************************/
+
+static LOCAL_GRP *ldapalias_getgrpbynam(const char *name,
+ LOCAL_GRP_MEMBER **members, int *num_membs)
+{
+ fstring filter;
+ LOCAL_GRP *ret;
+
+ if(!ldap_open_connection(False))
+ return (False);
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(cn=%s)(objectClass=sambaAlias))", name);
+ ldap_search_for(filter);
+
+ ret = ldapalias_getgrp(&localgrp, members, num_membs);
+
+ ldap_close_connection();
+ return ret;
+}
+
+static LOCAL_GRP *ldapalias_getgrpbygid(gid_t grp_id,
+ LOCAL_GRP_MEMBER **members, int *num_membs)
+{
+ fstring filter;
+ LOCAL_GRP *ret;
+
+ if(!ldap_open_connection(False))
+ return (False);
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(gidNumber=%d)(objectClass=sambaAlias))", grp_id);
+ ldap_search_for(filter);
+ ret = ldapalias_getgrp(&localgrp, members, num_membs);
+
+ ldap_close_connection();
+ return ret;
+}
+
+static LOCAL_GRP *ldapalias_getgrpbyrid(uint32 grp_rid,
+ LOCAL_GRP_MEMBER **members, int *num_membs)
+{
+ fstring filter;
+ LOCAL_GRP *ret;
+
+ if(!ldap_open_connection(False))
+ return (False);
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(rid=%d)(objectClass=sambaAlias))", grp_rid);
+ ldap_search_for(filter);
+ ret = ldapalias_getgrp(&localgrp, members, num_membs);
+
+ ldap_close_connection();
+ return ret;
+}
+
+static LOCAL_GRP *ldapalias_getcurrentgrp(void *vp,
+ LOCAL_GRP_MEMBER **members, int *num_membs)
+{
+ return ldapalias_getgrp(&localgrp, members, num_membs);
+}
+
+static BOOL ldapalias_addgrp(LOCAL_GRP *group)
+{
+ LDAPMod **mods;
+
+ ldapalias_grpmods(group, &mods, LDAP_MOD_ADD);
+ return ldap_makemods("cn", group->name, mods, True);
+}
+
+static BOOL ldapalias_modgrp(LOCAL_GRP *group)
+{
+ LDAPMod **mods;
+
+ ldapalias_grpmods(group, &mods, LDAP_MOD_REPLACE);
+ return ldap_makemods("cn", group->name, mods, False);
+}
+
+static BOOL ldapalias_getusergroups(const char *name, LOCAL_GRP **groups,
+ int *num_grps)
+{
+ LOCAL_GRP *grouplist;
+ fstring filter;
+ int i;
+
+ slprintf(filter, sizeof(pstring)-1,
+ "(&(member=%s,*)(objectclass=sambaAlias))", name);
+ ldap_search_for(filter);
+
+ *num_grps = i = ldap_count_entries(ldap_struct, ldap_results);
+
+ if(!i) {
+ *groups = NULL;
+ return (True);
+ }
+
+ *groups = grouplist = malloc(i * sizeof(LOCAL_GRP));
+ do {
+ i--;
+ } while(ldapalias_getgrp(&grouplist[i], NULL, NULL) && (i > 0));
+
+ return (True);
+}
+
+
+static struct aliasdb_ops ldapalias_ops =
+{
+ ldapalias_enumfirst,
+ ldapalias_enumclose,
+ ldapalias_getdbpos,
+ ldapalias_setdbpos,
+
+ ldapalias_getgrpbynam,
+ ldapalias_getgrpbygid,
+ ldapalias_getgrpbyrid,
+ ldapalias_getcurrentgrp,
+
+ ldapalias_addgrp,
+ ldapalias_modgrp,
+
+ ldapalias_getusergroups
+};
+
+struct aliasdb_ops *ldap_initialise_alias_db(void)
+{
+ return &ldapalias_ops;
+}
+
+#else
+ void aliasldap_dummy_function(void);
+ void aliasldap_dummy_function(void) { } /* stop some compilers complaining */
+#endif
+
diff --git a/source/groupdb/builtinldap.c b/source/groupdb/builtinldap.c
new file mode 100644
index 00000000000..f2a530cbb95
--- /dev/null
+++ b/source/groupdb/builtinldap.c
@@ -0,0 +1,317 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 2.0.
+ LDAP builtin group database for SAMBA
+ Copyright (C) Matthew Chapman 1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+*/
+
+#include "includes.h"
+
+#ifdef WITH_LDAP
+
+#include <lber.h>
+#include <ldap.h>
+
+extern int DEBUGLEVEL;
+
+/* Internal state */
+extern LDAP *ldap_struct;
+extern LDAPMessage *ldap_results;
+extern LDAPMessage *ldap_entry;
+
+/* Static structure filled for requests */
+static LOCAL_GRP localgrp;
+
+
+/***************************************************************
+ Get group and membership information.
+ ****************************************************************/
+
+static LOCAL_GRP *ldapbuiltin_getgrp(LOCAL_GRP *group,
+ LOCAL_GRP_MEMBER **members, int *num_membs)
+{
+ fstring temp;
+ char **values;
+ LOCAL_GRP_MEMBER *memblist;
+ char *value, *sep;
+ int i;
+
+ if(!ldap_entry)
+ return NULL;
+
+ if(!ldap_get_attribute("cn", group->name)) {
+ DEBUG(0, ("Missing cn\n"));
+ return NULL; }
+
+ DEBUG(2,("Retrieving alias [%s]\n", group->name));
+
+ if(ldap_get_attribute("rid", temp)) {
+ group->rid = atoi(temp);
+ } else {
+ DEBUG(0, ("Missing rid\n"));
+ return NULL;
+ }
+
+ if(!ldap_get_attribute("description", group->comment))
+ group->comment[0] = 0;
+
+ if(!members || !num_membs) {
+ ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
+ return group;
+ }
+
+ if(values = ldap_get_values(ldap_struct, ldap_entry, "member")) {
+
+ *num_membs = i = ldap_count_values(values);
+ *members = memblist = malloc(i * sizeof(LOCAL_GRP_MEMBER));
+
+ do {
+ value = values[--i];
+
+ if(!(sep = strchr(value, ','))) {
+ DEBUG(0, ("Malformed alias member\n"));
+ return NULL;
+ }
+ *(sep++) = 0;
+ fstrcpy(memblist[i].name, value);
+
+ if(!(value = strchr(sep, ','))) {
+ DEBUG(0, ("Malformed alias member\n"));
+ return NULL;
+ }
+ *(value++) = 0;
+ string_to_sid(&memblist[i].sid, sep);
+
+ if((memblist[i].sid_use = atoi(value))
+ >= SID_NAME_UNKNOWN)
+ DEBUG(0, ("Invalid SID use in alias"));
+
+ } while(i > 0);
+
+ ldap_value_free(values);
+
+ } else {
+ *num_membs = 0;
+ *members = NULL;
+ }
+
+ return group;
+}
+
+
+/************************************************************************
+ Queues the necessary modifications to save a LOCAL_GRP structure
+ ************************************************************************/
+
+static void ldapbuiltin_grpmods(LOCAL_GRP *group, LDAPMod ***mods,
+ int operation)
+{
+ fstring temp;
+
+ *mods = NULL;
+
+ if(operation == LDAP_MOD_ADD) { /* immutable attributes */
+ ldap_make_mod(mods, LDAP_MOD_ADD, "objectClass", "sambaBuiltin");
+ ldap_make_mod(mods, LDAP_MOD_ADD, "cn", group->name);
+
+ slprintf(temp, sizeof(temp)-1, "%d", (gid_t)(-1));
+ ldap_make_mod(mods, LDAP_MOD_ADD, "gidNumber", temp);
+
+ slprintf(temp, sizeof(temp)-1, "%d", group->rid);
+ ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
+ }
+
+ ldap_make_mod(mods, operation, "description", group->comment);
+}
+
+
+/***************************************************************
+ Begin/end smbgrp enumeration.
+ ****************************************************************/
+
+static void *ldapbuiltin_enumfirst(BOOL update)
+{
+ if (lp_server_role() == ROLE_DOMAIN_NONE)
+ return NULL;
+
+ if (!ldap_open_connection(False))
+ return NULL;
+
+ ldap_search_for("objectClass=sambaBuiltin");
+
+ return ldap_struct;
+}
+
+static void ldapbuiltin_enumclose(void *vp)
+{
+ ldap_close_connection();
+}
+
+
+/*************************************************************************
+ Save/restore the current position in a query
+ *************************************************************************/
+
+static SMB_BIG_UINT ldapbuiltin_getdbpos(void *vp)
+{
+ return (SMB_BIG_UINT)((ulong)ldap_entry);
+}
+
+static BOOL ldapbuiltin_setdbpos(void *vp, SMB_BIG_UINT tok)
+{
+ ldap_entry = (LDAPMessage *)((ulong)tok);
+ return (True);
+}
+
+
+/*************************************************************************
+ Return limited smb_passwd information, and group membership.
+ *************************************************************************/
+
+static LOCAL_GRP *ldapbuiltin_getgrpbynam(const char *name,
+ LOCAL_GRP_MEMBER **members, int *num_membs)
+{
+ fstring filter;
+ LOCAL_GRP *ret;
+
+ if(!ldap_open_connection(False))
+ return (False);
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(cn=%s)(objectClass=sambaBuiltin))", name);
+ ldap_search_for(filter);
+
+ ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
+
+ ldap_close_connection();
+ return ret;
+}
+
+static LOCAL_GRP *ldapbuiltin_getgrpbygid(gid_t grp_id,
+ LOCAL_GRP_MEMBER **members, int *num_membs)
+{
+ fstring filter;
+ LOCAL_GRP *ret;
+
+ if(!ldap_open_connection(False))
+ return (False);
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(gidNumber=%d)(objectClass=sambaBuiltin))", grp_id);
+ ldap_search_for(filter);
+ ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
+
+ ldap_close_connection();
+ return ret;
+}
+
+static LOCAL_GRP *ldapbuiltin_getgrpbyrid(uint32 grp_rid,
+ LOCAL_GRP_MEMBER **members, int *num_membs)
+{
+ fstring filter;
+ LOCAL_GRP *ret;
+
+ if(!ldap_open_connection(False))
+ return (False);
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(rid=%d)(objectClass=sambaBuiltin))", grp_rid);
+ ldap_search_for(filter);
+ ret = ldapbuiltin_getgrp(&localgrp, members, num_membs);
+
+ ldap_close_connection();
+ return ret;
+}
+
+static LOCAL_GRP *ldapbuiltin_getcurrentgrp(void *vp,
+ LOCAL_GRP_MEMBER **members, int *num_membs)
+{
+ return ldapbuiltin_getgrp(&localgrp, members, num_membs);
+}
+
+static BOOL ldapbuiltin_addgrp(LOCAL_GRP *group)
+{
+ LDAPMod **mods;
+
+ ldapbuiltin_grpmods(group, &mods, LDAP_MOD_ADD);
+ return ldap_makemods("cn", group->name, mods, True);
+}
+
+static BOOL ldapbuiltin_modgrp(LOCAL_GRP *group)
+{
+ LDAPMod **mods;
+
+ ldapbuiltin_grpmods(group, &mods, LDAP_MOD_REPLACE);
+ return ldap_makemods("cn", group->name, mods, False);
+}
+
+static BOOL ldapbuiltin_getusergroups(const char *name,
+ LOCAL_GRP **groups, int *num_grps)
+{
+ LOCAL_GRP *grouplist;
+ fstring filter;
+ int i;
+
+ slprintf(filter, sizeof(pstring)-1,
+ "(&(member=%s,*)(objectclass=sambaBuiltin))", name);
+ ldap_search_for(filter);
+
+ *num_grps = i = ldap_count_entries(ldap_struct, ldap_results);
+
+ if(!i) {
+ *groups = NULL;
+ return (True);
+ }
+
+ *groups = grouplist = malloc(i * sizeof(LOCAL_GRP));
+ do {
+ i--;
+ } while(ldapbuiltin_getgrp(&grouplist[i], NULL, NULL) && (i > 0));
+
+ return (True);
+}
+
+
+static struct aliasdb_ops ldapbuiltin_ops =
+{
+ ldapbuiltin_enumfirst,
+ ldapbuiltin_enumclose,
+ ldapbuiltin_getdbpos,
+ ldapbuiltin_setdbpos,
+
+ ldapbuiltin_getgrpbynam,
+ ldapbuiltin_getgrpbygid,
+ ldapbuiltin_getgrpbyrid,
+ ldapbuiltin_getcurrentgrp,
+
+ ldapbuiltin_addgrp,
+ ldapbuiltin_modgrp,
+
+ ldapbuiltin_getusergroups
+};
+
+struct aliasdb_ops *ldap_initialise_builtin_db(void)
+{
+ return &ldapbuiltin_ops;
+}
+
+#else
+ void builtinldap_dummy_function(void);
+ void builtinldap_dummy_function(void) { } /* stop some compilers complaining */
+#endif
+
diff --git a/source/groupdb/groupldap.c b/source/groupdb/groupldap.c
new file mode 100644
index 00000000000..df0d7552402
--- /dev/null
+++ b/source/groupdb/groupldap.c
@@ -0,0 +1,318 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 2.0.
+ LDAP domain group database for SAMBA
+ Copyright (C) Matthew Chapman 1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+*/
+
+#include "includes.h"
+
+#ifdef WITH_LDAP
+
+#include <lber.h>
+#include <ldap.h>
+
+extern int DEBUGLEVEL;
+
+/* Internal state */
+extern LDAP *ldap_struct;
+extern LDAPMessage *ldap_results;
+extern LDAPMessage *ldap_entry;
+
+/* Static structure filled for requests */
+static DOMAIN_GRP domgrp;
+
+
+/***************************************************************
+ Get group and membership information.
+ ****************************************************************/
+
+static DOMAIN_GRP *ldapgroup_getgrp(DOMAIN_GRP *group,
+ DOMAIN_GRP_MEMBER **members, int *num_membs)
+{
+ fstring temp;
+ char **values;
+ DOMAIN_GRP_MEMBER *memblist;
+ int i;
+
+ if(!ldap_entry)
+ return NULL;
+
+ if(!ldap_get_attribute("cn", group->name)) {
+ DEBUG(0, ("Missing cn\n"));
+ return NULL; }
+
+ DEBUG(2,("Retrieving group [%s]\n", group->name));
+
+ if(ldap_get_attribute("rid", temp)) {
+ group->rid = atoi(temp);
+ } else {
+ DEBUG(0, ("Missing rid\n"));
+ return NULL;
+ }
+
+ if(!ldap_get_attribute("description", group->comment))
+ group->comment[0] = 0;
+
+ group->attr = 0x7;
+
+ if(!members || !num_membs) {
+ ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
+ return group;
+ }
+
+ if(values = ldap_get_values(ldap_struct, ldap_entry, "uidMember")) {
+
+ DEBUG(0, ("Need to return NT names here\n"));
+
+ *num_membs = i = ldap_count_values(values);
+ *members = memblist = malloc(i * sizeof(DOMAIN_GRP_MEMBER));
+
+ do {
+ fstrcpy(memblist[--i].name, values[i]);
+ memblist[i].attr = 0x7;
+ } while(i > 0);
+
+ ldap_value_free(values);
+
+ } else {
+ *num_membs = 0;
+ *members = NULL;
+ }
+
+ ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
+ return group;
+}
+
+
+/************************************************************************
+ Queues the necessary modifications to save a DOMAIN_GRP structure
+ ************************************************************************/
+
+static void ldapgroup_grpmods(DOMAIN_GRP *group, LDAPMod ***mods,
+ int operation)
+{
+ fstring temp;
+
+ *mods = NULL;
+
+ if(operation == LDAP_MOD_ADD) { /* immutable attributes */
+ ldap_make_mod(mods, LDAP_MOD_ADD, "objectClass", "sambaGroup");
+ ldap_make_mod(mods, LDAP_MOD_ADD, "cn", group->name);
+
+ slprintf(temp, sizeof(temp)-1, "%d", (gid_t)(-1));
+ ldap_make_mod(mods, LDAP_MOD_ADD, "gidNumber", temp);
+
+ slprintf(temp, sizeof(temp)-1, "%d", group->rid);
+ ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
+ }
+
+ ldap_make_mod(mods, operation, "description", group->comment);
+}
+
+
+/***************************************************************
+ Begin/end domain group enumeration.
+ ****************************************************************/
+
+static void *ldapgroup_enumfirst(BOOL update)
+{
+ int server_role = lp_server_role();
+
+ if (server_role == ROLE_DOMAIN_NONE ||
+ server_role == ROLE_DOMAIN_MEMBER)
+ return NULL;
+
+ if (!ldap_open_connection(False))
+ return NULL;
+
+ ldap_search_for("objectclass=sambaGroup");
+
+ return ldap_struct;
+}
+
+static void ldapgroup_enumclose(void *vp)
+{
+ ldap_close_connection();
+}
+
+
+/*************************************************************************
+ Save/restore the current position in a query
+ *************************************************************************/
+
+static SMB_BIG_UINT ldapgroup_getdbpos(void *vp)
+{
+ return (SMB_BIG_UINT)((ulong)ldap_entry);
+}
+
+static BOOL ldapgroup_setdbpos(void *vp, SMB_BIG_UINT tok)
+{
+ ldap_entry = (LDAPMessage *)((ulong)tok);
+ return (True);
+}
+
+
+/*************************************************************************
+ Return information about domain groups and their members.
+ *************************************************************************/
+
+static DOMAIN_GRP *ldapgroup_getgrpbynam(const char *name,
+ DOMAIN_GRP_MEMBER **members, int *num_membs)
+{
+ fstring filter;
+ DOMAIN_GRP *ret;
+
+ if(!ldap_open_connection(False))
+ return (False);
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(cn=%s)(objectClass=sambaGroup))", name);
+ ldap_search_for(filter);
+
+ ret = ldapgroup_getgrp(&domgrp, members, num_membs);
+
+ ldap_close_connection();
+ return ret;
+}
+
+static DOMAIN_GRP *ldapgroup_getgrpbygid(gid_t grp_id,
+ DOMAIN_GRP_MEMBER **members, int *num_membs)
+{
+ fstring filter;
+ DOMAIN_GRP *ret;
+
+ if(!ldap_open_connection(False))
+ return (False);
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(gidNumber=%d)(objectClass=sambaGroup))", grp_id);
+ ldap_search_for(filter);
+
+ ret = ldapgroup_getgrp(&domgrp, members, num_membs);
+
+ ldap_close_connection();
+ return ret;
+}
+
+static DOMAIN_GRP *ldapgroup_getgrpbyrid(uint32 grp_rid,
+ DOMAIN_GRP_MEMBER **members, int *num_membs)
+{
+ fstring filter;
+ DOMAIN_GRP *ret;
+
+ if(!ldap_open_connection(False))
+ return (False);
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(rid=%d)(objectClass=sambaGroup))", grp_rid);
+ ldap_search_for(filter);
+
+ ret = ldapgroup_getgrp(&domgrp, members, num_membs);
+
+ ldap_close_connection();
+ return ret;
+}
+
+static DOMAIN_GRP *ldapgroup_getcurrentgrp(void *vp,
+ DOMAIN_GRP_MEMBER **members, int *num_membs)
+{
+ return ldapgroup_getgrp(&domgrp, members, num_membs);
+}
+
+
+/*************************************************************************
+ Add/modify domain groups.
+ *************************************************************************/
+
+static BOOL ldapgroup_addgrp(DOMAIN_GRP *group)
+{
+ LDAPMod **mods;
+
+ ldapgroup_grpmods(group, &mods, LDAP_MOD_ADD);
+ return ldap_makemods("cn", group->name, mods, True);
+}
+
+static BOOL ldapgroup_modgrp(DOMAIN_GRP *group)
+{
+ LDAPMod **mods;
+
+ ldapgroup_grpmods(group, &mods, LDAP_MOD_REPLACE);
+ return ldap_makemods("cn", group->name, mods, False);
+}
+
+
+/*************************************************************************
+ Return domain groups that a user is in.
+ *************************************************************************/
+
+static BOOL ldapgroup_getusergroups(const char *name, DOMAIN_GRP **groups,
+ int *num_grps)
+{
+ DOMAIN_GRP *grouplist;
+ fstring filter;
+ int i;
+
+ slprintf(filter, sizeof(pstring)-1,
+ "(&(uidMember=%s)(objectclass=sambaGroup))", name);
+ ldap_search_for(filter);
+
+ *num_grps = i = ldap_count_entries(ldap_struct, ldap_results);
+
+ if(!i) {
+ *groups = NULL;
+ return (True);
+ }
+
+ *groups = grouplist = malloc(i * sizeof(DOMAIN_GRP));
+ do {
+ i--;
+ } while(ldapgroup_getgrp(&grouplist[i], NULL, NULL) && (i > 0));
+
+ return (True);
+}
+
+
+static struct groupdb_ops ldapgroup_ops =
+{
+ ldapgroup_enumfirst,
+ ldapgroup_enumclose,
+ ldapgroup_getdbpos,
+ ldapgroup_setdbpos,
+
+ ldapgroup_getgrpbynam,
+ ldapgroup_getgrpbygid,
+ ldapgroup_getgrpbyrid,
+ ldapgroup_getcurrentgrp,
+
+ ldapgroup_addgrp,
+ ldapgroup_modgrp,
+
+ ldapgroup_getusergroups
+};
+
+struct groupdb_ops *ldap_initialise_group_db(void)
+{
+ return &ldapgroup_ops;
+}
+
+#else
+ void groupldap_dummy_function(void);
+ void groupldap_dummy_function(void) { } /* stop some compilers complaining */
+#endif
+