modules: Add dependency on tirpc to vfs_nfs4acl_xattr

[samba.git] / source3 / libads / ldap_user.c

diff --git a/source3/libads/ldap_user.c b/source3/libads/ldap_user.c
index b6e3d189c514e0146182558d496d9e922f44b9d4..55421009a7b9ac348e25f9ac7a2d047c1a8cfcc9 100644 (file)
--- a/source3/libads/ldap_user.c
+++ b/source3/libads/ldap_user.c
@@ -1,11 +1,11 @@
 /* 
    Unix SMB/CIFS implementation.
    ads (active directory) utility library
-   Copyright (C) Jim McDonough 2002
+   Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    
    This program is distributed in the hope that it will be useful,
@@ -14,53 +14,66 @@
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "includes.h"
+#include "ads.h"
+#include "../libds/common/flags.h"
 
 #ifdef HAVE_ADS
 
 /*
   find a user account
 */
-ADS_STATUS ads_find_user_acct(ADS_STRUCT *ads, void **res, const char *user)
+ ADS_STATUS ads_find_user_acct(ADS_STRUCT *ads, LDAPMessage **res,
+                              const char *user)
 {
        ADS_STATUS status;
-       char *exp;
+       char *ldap_exp;
        const char *attrs[] = {"*", NULL};
+       char *escaped_user = escape_ldap_string(talloc_tos(), user);
+       if (!escaped_user) {
+               return ADS_ERROR(LDAP_NO_MEMORY);
+       }
 
-       asprintf(&exp, "(samAccountName=%s)", user);
-       status = ads_search(ads, res, exp, attrs);
-       free(exp);
+       if (asprintf(&ldap_exp, "(samAccountName=%s)", escaped_user) == -1) {
+               TALLOC_FREE(escaped_user);
+               return ADS_ERROR(LDAP_NO_MEMORY);
+       }
+       status = ads_search(ads, res, ldap_exp, attrs);
+       SAFE_FREE(ldap_exp);
+       TALLOC_FREE(escaped_user);
        return status;
 }
 
 ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user, 
-                            const char *fullname)
+                            const char *container, const char *fullname)
 {
        TALLOC_CTX *ctx;
        ADS_MODLIST mods;
        ADS_STATUS status;
        const char *upn, *new_dn, *name, *controlstr;
+       char *name_escaped = NULL;
        const char *objectClass[] = {"top", "person", "organizationalPerson",
                                     "user", NULL};
 
        if (fullname && *fullname) name = fullname;
        else name = user;
 
-       if (!(ctx = talloc_init_named("ads_add_user_acct")))
+       if (!(ctx = talloc_init("ads_add_user_acct")))
                return ADS_ERROR(LDAP_NO_MEMORY);
 
        status = ADS_ERROR(LDAP_NO_MEMORY);
 
-       if (!(upn = talloc_asprintf(ctx, "%s@%s", user, ads->realm)))
+       if (!(upn = talloc_asprintf(ctx, "%s@%s", user, ads->config.realm)))
                goto done;
-       if (!(new_dn = talloc_asprintf(ctx, "cn=%s,cn=Users,%s", name, 
-                                      ads->bind_path)))
+       if (!(name_escaped = escape_rdn_val_string_alloc(name)))
                goto done;
-       if (!(controlstr = talloc_asprintf(ctx, "%u", UF_NORMAL_ACCOUNT)))
+       if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name_escaped, container,
+                                      ads->config.bind_path)))
+               goto done;
+       if (!(controlstr = talloc_asprintf(ctx, "%u", (UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE))))
                goto done;
        if (!(mods = ads_init_mods(ctx)))
                goto done;
@@ -75,26 +88,30 @@ ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
        status = ads_gen_add(ads, new_dn, mods);
 
  done:
+       SAFE_FREE(name_escaped);
        talloc_destroy(ctx);
        return status;
 }
 
 ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group, 
-                             const char *comment)
+                             const char *container, const char *comment)
 {
        TALLOC_CTX *ctx;
        ADS_MODLIST mods;
        ADS_STATUS status;
        char *new_dn;
+       char *name_escaped = NULL;
        const char *objectClass[] = {"top", "group", NULL};
 
-       if (!(ctx = talloc_init_named("ads_add_group_acct")))
+       if (!(ctx = talloc_init("ads_add_group_acct")))
                return ADS_ERROR(LDAP_NO_MEMORY);
 
        status = ADS_ERROR(LDAP_NO_MEMORY);
 
-       if (!(new_dn = talloc_asprintf(ctx, "cn=%s,cn=Users,%s", group, 
-                                      ads->bind_path)))
+       if (!(name_escaped = escape_rdn_val_string_alloc(group)))
+               goto done;
+       if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name_escaped, container,
+                                      ads->config.bind_path)))
                goto done;
        if (!(mods = ads_init_mods(ctx)))
                goto done;
@@ -102,12 +119,13 @@ ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group,
        ads_mod_str(ctx, &mods, "cn", group);
        ads_mod_strlist(ctx, &mods, "objectClass",objectClass);
        ads_mod_str(ctx, &mods, "name", group);
-       if (comment)
+       if (comment && *comment) 
                ads_mod_str(ctx, &mods, "description", comment);
        ads_mod_str(ctx, &mods, "sAMAccountName", group);
        status = ads_gen_add(ads, new_dn, mods);
 
  done:
+       SAFE_FREE(name_escaped);
        talloc_destroy(ctx);
        return status;
 }