73
70
const char *lu_attribute;
74
71
const char *ldap_attribute;
75
72
const char *objectclass;
73
enum lu_entity_type type;
77
74
} ldap_attribute_map[] = {
78
{LU_USERNAME, "uid", POSIXACCOUNT, LU_LDAP_USER},
79
{LU_USERPASSWORD, "userPassword", POSIXACCOUNT, LU_LDAP_USER},
80
{LU_UIDNUMBER, "uidNumber", POSIXACCOUNT, LU_LDAP_USER},
81
{LU_GIDNUMBER, "gidNumber", POSIXACCOUNT, LU_LDAP_USER},
82
{LU_GECOS, "gecos", POSIXACCOUNT, LU_LDAP_USER},
83
{LU_HOMEDIRECTORY, "homeDirectory", POSIXACCOUNT, LU_LDAP_USER},
84
{LU_LOGINSHELL, "loginShell", POSIXACCOUNT, LU_LDAP_USER},
85
{LU_COMMONNAME, "cn", POSIXACCOUNT, LU_LDAP_USER},
87
{LU_GROUPNAME, "cn", POSIXGROUP, LU_LDAP_GROUP},
88
{LU_GROUPPASSWORD, "userPassword", POSIXGROUP, LU_LDAP_GROUP},
89
{LU_GIDNUMBER, "gidNumber", POSIXGROUP, LU_LDAP_GROUP},
90
{LU_MEMBERNAME, "memberUid", POSIXGROUP, LU_LDAP_GROUP},
92
{LU_SHADOWLASTCHANGE, "shadowLastChange", SHADOWACCOUNT,
94
{LU_SHADOWMIN, "shadowMin", SHADOWACCOUNT, LU_LDAP_SHADOW},
95
{LU_SHADOWMAX, "shadowMax", SHADOWACCOUNT, LU_LDAP_SHADOW},
96
{LU_SHADOWWARNING, "shadowWarning", SHADOWACCOUNT, LU_LDAP_SHADOW},
97
{LU_SHADOWINACTIVE, "shadowInactive", SHADOWACCOUNT, LU_LDAP_SHADOW},
98
{LU_SHADOWEXPIRE, "shadowExpire", SHADOWACCOUNT, LU_LDAP_SHADOW},
99
{LU_SHADOWFLAG, "shadowFlag", SHADOWACCOUNT, LU_LDAP_SHADOW},
101
{LU_GIVENNAME, "givenName", INETORGPERSON, LU_LDAP_USER},
102
{LU_SN, "sn", INETORGPERSON, LU_LDAP_USER},
103
{LU_ROOMNUMBER, "roomNumber", INETORGPERSON, LU_LDAP_USER},
104
{LU_TELEPHONENUMBER, "telephoneNumber", INETORGPERSON, LU_LDAP_USER},
105
{LU_HOMEPHONE, "homePhone", INETORGPERSON, LU_LDAP_USER},
75
{LU_USERNAME, "uid", POSIXACCOUNT, lu_user},
76
{LU_USERPASSWORD, "userPassword", POSIXACCOUNT, lu_user},
77
{LU_UIDNUMBER, "uidNumber", POSIXACCOUNT, lu_user},
78
{LU_GIDNUMBER, "gidNumber", POSIXACCOUNT, lu_user},
79
{LU_GECOS, "gecos", POSIXACCOUNT, lu_user},
80
{LU_HOMEDIRECTORY, "homeDirectory", POSIXACCOUNT, lu_user},
81
{LU_LOGINSHELL, "loginShell", POSIXACCOUNT, lu_user},
82
{LU_COMMONNAME, "cn", POSIXACCOUNT, lu_user},
84
{LU_GROUPNAME, "cn", POSIXGROUP, lu_group},
85
{LU_GROUPPASSWORD, "userPassword", POSIXGROUP, lu_group},
86
{LU_GIDNUMBER, "gidNumber", POSIXGROUP, lu_group},
87
{LU_MEMBERNAME, "memberUid", POSIXGROUP, lu_group},
89
{LU_SHADOWLASTCHANGE, "shadowLastChange", SHADOWACCOUNT, lu_user},
90
{LU_SHADOWMIN, "shadowMin", SHADOWACCOUNT, lu_user},
91
{LU_SHADOWMAX, "shadowMax", SHADOWACCOUNT, lu_user},
92
{LU_SHADOWWARNING, "shadowWarning", SHADOWACCOUNT, lu_user},
93
{LU_SHADOWINACTIVE, "shadowInactive", SHADOWACCOUNT, lu_user},
94
{LU_SHADOWEXPIRE, "shadowExpire", SHADOWACCOUNT, lu_user},
95
{LU_SHADOWFLAG, "shadowFlag", SHADOWACCOUNT, lu_user},
97
{LU_GIVENNAME, "givenName", INETORGPERSON, lu_user},
98
{LU_SN, "sn", INETORGPERSON, lu_user},
99
{LU_ROOMNUMBER, "roomNumber", INETORGPERSON, lu_user},
100
{LU_TELEPHONENUMBER, "telephoneNumber", INETORGPERSON, lu_user},
101
{LU_HOMEPHONE, "homePhone", INETORGPERSON, lu_user},
108
104
static const char *const lu_ldap_user_attributes[] = {
419
/* Check if there are any supported SASL mechanisms. */
420
if (ldap_search_ext_s(ldap, LDAP_ROOT_DSE, LDAP_SCOPE_BASE,
421
NULL, saslmechs, FALSE,
423
NULL, 0, &results) != LDAP_SUCCESS) {
424
lu_error_new(error, lu_error_init,
425
_("could not search LDAP server"));
430
/* Get the DSE entry. */
431
entry = ldap_first_entry(ldap, results);
433
lu_error_new(error, lu_error_init,
434
_("LDAP server appears to have no root DSE"));
439
/* Get the list of supported mechanisms. */
440
values = ldap_get_values(ldap, entry, saslmechs[0]);
441
if ((values != NULL) && (strlen(values[0]) > 0)) {
445
if (ldap_sasl_interactive_bind_s(ldap, NULL, NULL, NULL, NULL,
446
LDAP_SASL_AUTOMATIC |
447
LDAP_SASL_QUIET, interact,
448
context) != LDAP_SUCCESS)
449
if (ldap_simple_bind_s
450
(ldap, context->prompts[LU_LDAP_BINDDN].value,
451
context->prompts[LU_LDAP_PASSWORD].value) !=
453
if (ldap_simple_bind_s
454
(ldap, generated_binddn,
455
context->prompts[LU_LDAP_PASSWORD].value) !=
463
420
/* Map an attribute name from an internal name to an LDAP atribute name. */
480
437
/* Generate the distinguished name which corresponds to the container where
481
438
* the lu_ent structure's entry would be found. */
482
439
static const char *
483
lu_ldap_base(struct lu_module *module, const char *configKey,
440
lu_ldap_base(struct lu_module *module, const char *branch)
486
struct lu_ldap_context *context = module->module_context;
487
const char *branch = NULL;
488
char *tmp = NULL, *ret = NULL;
442
struct lu_ldap_context *context;
490
445
g_assert(module != NULL);
491
g_assert(configKey != NULL);
492
g_assert(strlen(configKey) > 0);
494
/* Read the branch of the tree we want to look in. */
495
tmp = g_strdup_printf("%s/%s", module->name, configKey);
496
branch = lu_cfg_read_single(module->lu_context, tmp, def);
446
context = module->module_context;
499
448
/* Generate the branch DN. */
449
if (strlen(branch) != 0)
501
450
tmp = g_strdup_printf("%s,%s", branch,
502
context->prompts[LU_LDAP_BASEDN].
451
context->prompts[LU_LDAP_BASEDN].value);
505
453
tmp = g_strdup(context->prompts[LU_LDAP_BASEDN].value);
508
455
ret = module->scache->cache(module->scache, tmp);
515
462
/* Discover the distinguished name which corresponds to an account. */
516
463
static const char *
517
464
lu_ldap_ent_to_dn(struct lu_module *module, const char *namingAttr,
518
const char *name, const char *configKey, const char *def)
465
const char *name, const char *branch)
520
const char *branch = NULL;
521
char *tmp = NULL, *ret = NULL, *filter;
522
char *noattrs[] = {NULL};
523
const char *base = NULL;
524
struct lu_ldap_context *ctx = NULL;
525
LDAPMessage *messages = NULL, *entry = NULL;
467
static char *noattrs[] = { NULL };
469
const char *base, *mapped_naming_attr;
470
char *tmp, *ret = NULL, *filter;
471
struct lu_ldap_context *ctx;
472
LDAPMessage *messages = NULL;
527
474
g_assert(module != NULL);
528
475
g_assert(namingAttr != NULL);
529
476
g_assert(strlen(namingAttr) > 0);
530
477
g_assert(name != NULL);
531
478
g_assert(strlen(name) > 0);
532
g_assert(configKey != NULL);
533
g_assert(strlen(configKey) > 0);
535
480
/* Search for the right object using the entity's current name. */
536
branch = lu_ldap_base(module, configKey, def);
481
base = lu_ldap_base(module, branch);
537
482
ctx = module->module_context;
538
base = ctx->prompts[LU_LDAP_BASEDN].value;
540
filter = g_strdup_printf("(%s=%s)",
541
map_to_ldap(module->scache, namingAttr),
543
if (ldap_search_s(ctx->ldap, branch, LDAP_SCOPE_SUBTREE, filter,
544
noattrs, FALSE, &messages) == LDAP_SUCCESS) {
484
mapped_naming_attr = map_to_ldap(module->scache, namingAttr);
485
filter = g_strdup_printf("(%s=%s)", mapped_naming_attr, name);
486
if (ldap_search_ext_s(ctx->ldap, base, LDAP_SCOPE_SUBTREE, filter,
487
noattrs, FALSE, NULL, NULL, NULL, LDAP_NO_LIMIT,
488
&messages) == LDAP_SUCCESS) {
545
491
entry = ldap_first_entry(ctx->ldap, messages);
546
492
if (entry != NULL) {
547
493
tmp = ldap_get_dn(ctx->ldap, entry);
548
494
ret = module->scache->cache(module->scache, tmp);
552
498
ldap_msgfree(messages);
605
540
ctx = module->module_context;
607
542
if (ent != NULL) {
608
544
/* Try to use the dn the object already knows about. */
612
array = lu_ent_get(ent, DISTINGUISHED_NAME);
614
val = g_value_array_get_nth(array, 0);
615
if (G_VALUE_HOLDS_STRING(val))
616
dn = g_value_get_string(val);
546
array = lu_ent_get(ent, DISTINGUISHED_NAME);
550
val = g_value_array_get_nth(array, 0);
551
if (G_VALUE_HOLDS_STRING(val))
552
dn = g_value_get_string(val);
621
556
/* Map the user or group name to an LDAP object name. */
622
557
dn = lu_ldap_ent_to_dn(module, namingAttr, name,
626
lu_error_new(error, lu_error_generic,
627
_("error mapping name to LDAP distinguished name"));
632
561
/* Get the entry in the directory under which we'll search for this
634
base = lu_ldap_base(module, configKey, def);
636
lu_error_new(error, lu_error_generic,
637
_("error mapping name to LDAP base distinguished name"));
563
base = lu_ldap_base(module, branch);
641
565
/* Generate an LDAP filter, optionally including a filter supplied
642
566
* by the caller. */
719
642
/* Read each of the attributes we asked for. */
720
643
for (i = 0; attributes[i]; i++) {
721
647
/* Get the values which correspond to this attribute. */
722
648
attr = attributes[i];
723
values = ldap_get_values(ctx->ldap, entry,
724
mapped_attributes[i]);
649
values = ldap_get_values_len(ctx->ldap, entry,
650
mapped_attributes[i]);
725
651
/* If we got answers, add them. */
727
655
lu_ent_clear_current(ent, attr);
728
656
for (j = 0; values[j]; j++) {
660
val = g_strndup(values[j]->bv_val,
732
g_print("Got `%s' = `%s'.\n",
663
g_print("Got `%s' = `%s'.\n", attr,
735
666
/* Check if the value is numeric. */
737
imax = strtoimax(values[j], &p, 10);
668
imax = strtoimax(val, &p, 10);
738
669
if (errno == 0 && *p == '\0'
740
671
&& (long)imax == imax) {
741
672
/* If it's a number, use a
743
674
g_value_init(&value, G_TYPE_LONG);
744
675
g_value_set_long(&value, imax);
745
676
} else if (errno == 0 && *p == '\0'
747
678
&& (id_t)imax == imax)
748
679
lu_value_init_set_id(&value,
751
682
/* Otherwise it's a string. */
752
683
g_value_init(&value, G_TYPE_STRING);
753
g_value_set_string(&value, values[j]);
684
g_value_set_string(&value, val);
755
686
/* Add this value, and then clear the
756
687
* value structure. */
757
688
lu_ent_add_current(ent, attr, &value);
758
689
g_value_unset(&value);
760
ldap_value_free(values);
692
ldap_value_free_len(values);
763
695
/* Stash the data in the array if we need to. */
890
823
/* Check whether class is among old_values or new_values */
892
objectclass_present(const char *dn, const char *class, char *const *old_values,
893
size_t old_count, char *const *new_values,
825
objectclass_present(const char *dn, const char *class,
826
BerValue *const *old_values, size_t old_count,
827
BerValue *const *new_values, size_t new_count)
898
833
for (i = 0; i < old_count; i++) {
899
if (strcmp(class, old_values[i]) == 0) {
837
if (val->bv_len == len
838
&& memcmp(class, val->bv_val, len) == 0) {
901
g_print("Entity `%s' is already a `%s'.\n", dn,
840
g_print("Entity `%s' is already a `%.*s'.\n", dn,
841
(int)val->bv_len, val->bv_val);
907
846
for (i = 0; i < new_count; i++) {
908
if (strcmp(class, new_values[i]) == 0) {
850
if (val->bv_len == len
851
&& memcmp(class, val->bv_val, len) == 0) {
910
853
g_print("Entity `%s' was already determined to be a "
911
"`%s'.\n", dn, new_values[i]);
854
"`%.*s'.\n", dn, (int)val->bv_len,
1717
1654
/* Convert the name to a distinguished name. */
1718
1655
value = g_value_array_get_nth(name, 0);
1719
1656
name_string = lu_value_strdup(value);
1720
dn = lu_ldap_ent_to_dn(module, namingAttr, name_string, configKey,
1657
dn = lu_ldap_ent_to_dn(module, namingAttr, name_string, branch);
1722
1658
g_free(name_string);
1724
lu_error_new(error, lu_error_generic,
1726
("error mapping name to LDAP distinguished name"));
1730
1660
g_print("Looking up `%s'.\n", dn);
1733
mapped_password = map_to_ldap(module->scache, ent->type == lu_user
1734
? LU_USERPASSWORD : LU_GROUPPASSWORD);
1736
1663
/* Read the entry data. */
1737
1664
attributes[0] = (char *)mapped_password;
1738
if (ldap_search_s(ctx->ldap, dn, LDAP_SCOPE_BASE, ent->type == lu_user
1739
? "("OBJECTCLASS"="POSIXACCOUNT")"
1740
: "("OBJECTCLASS"="POSIXGROUP")", attributes,
1741
FALSE, &messages) == LDAP_SUCCESS) {
1665
if (ldap_search_ext_s(ctx->ldap, dn, LDAP_SCOPE_BASE,
1666
ent->type == lu_user
1667
? "("OBJECTCLASS"="POSIXACCOUNT")"
1668
: "("OBJECTCLASS"="POSIXGROUP")", attributes,
1669
FALSE, NULL, NULL, NULL, LDAP_NO_LIMIT,
1670
&messages) == LDAP_SUCCESS) {
1742
1671
entry = ldap_first_entry(ctx->ldap, messages);
1744
1673
if (entry == NULL) {
1781
1718
/* Set the password for an account. */
1782
1719
static gboolean
1783
1720
lu_ldap_setpass(struct lu_module *module, const char *namingAttr,
1784
struct lu_ent *ent, const char *configKey, const char *def,
1721
struct lu_ent *ent, const char *branch,
1785
1722
const char *password, struct lu_error **error)
1787
const char *dn, *mapped_password;
1724
static const char mapped_password[] = "userPassword";
1788
1727
GValueArray *name;
1790
1729
char *name_string;
1791
1730
struct lu_ldap_context *ctx = module->module_context;
1792
1731
char *attributes[] = { NULL, NULL };
1793
char **values, *addvalues[] = { NULL, NULL }, *rmvalues[] = {
1795
char *tmp = NULL, *previous;
1732
char *addvalues[] = { NULL, NULL }, *rmvalues[] = { NULL, NULL };
1798
LDAPMessage *entry = NULL, *messages = NULL;
1737
LDAPMessage *messages = NULL;
1799
1738
LDAPMod addmod, rmmod;
1800
1739
LDAPMod *mods[3];
1801
LDAPControl *server = NULL, *client = NULL;
1802
1740
char filter[LINE_MAX];
1804
1742
/* Get the user or group's name. */
1831
1761
snprintf(filter, sizeof(filter), "(%s=%s)",
1832
1762
map_to_ldap(module->scache, namingAttr), name_string);
1833
1763
g_free(name_string);
1834
mapped_password = map_to_ldap(module->scache, ent->type == lu_user
1835
? LU_USERPASSWORD : LU_GROUPPASSWORD);
1837
1765
previous = NULL;
1839
1767
attributes[0] = (char *)mapped_password;
1840
if ((i = ldap_search_s(ctx->ldap, dn, LDAP_SCOPE_BASE, filter,
1842
&messages)) == LDAP_SUCCESS) {
1768
i = ldap_search_ext_s(ctx->ldap, dn, LDAP_SCOPE_BASE, filter,
1769
attributes, FALSE, NULL, NULL, NULL,
1770
LDAP_NO_LIMIT, &messages);
1771
if (i == LDAP_SUCCESS) {
1843
1774
entry = ldap_first_entry(ctx->ldap, messages);
1844
1775
if (entry != NULL) {
1845
values = ldap_get_values(ctx->ldap, entry,
1776
values = ldap_get_values_len(ctx->ldap, entry,
1848
1779
for (j = 0; values[j] != NULL; j++) {
1782
val = g_strndup(values[j]->bv_val,
1850
1785
g_print("Got `%s' = `%s'.\n",
1851
mapped_password, values[j]);
1786
mapped_password, val);
1854
(values[j], LU_CRYPTED,
1855
strlen(LU_CRYPTED)) == 0) {
1788
if (g_str_has_prefix(val,
1858
1792
("Previous entry was `%s'.\n",
1861
previous = g_strdup(values[j]);
1865
ldap_value_free(values);
1800
ldap_value_free_len(values);
1929
1865
lu_ldap_user_removepass(struct lu_module *module, struct lu_ent *ent,
1930
1866
struct lu_error **error)
1868
struct lu_ldap_context *ctx;
1932
1870
LU_ERROR_CHECK(error);
1933
return lu_ldap_setpass(module, LU_USERNAME, ent, "userBranch",
1934
USERBRANCH, LU_CRYPTED, error);
1871
ctx = module->module_context;
1872
return lu_ldap_setpass(module, LU_USERNAME, ent, ctx->user_branch,
1937
1876
static gboolean
1938
1877
lu_ldap_group_removepass(struct lu_module *module, struct lu_ent *ent,
1939
1878
struct lu_error **error)
1880
struct lu_ldap_context *ctx;
1941
1882
LU_ERROR_CHECK(error);
1942
return lu_ldap_setpass(module, LU_GROUPNAME, ent, "groupBranch",
1943
GROUPBRANCH, LU_CRYPTED, error);
1883
ctx = module->module_context;
1884
return lu_ldap_setpass(module, LU_GROUPNAME, ent, ctx->group_branch,
1946
1888
static GValueArray *
1947
1889
lu_ldap_enumerate(struct lu_module *module,
1948
1890
const char *searchAttr, const char *pattern,
1949
const char *returnAttr,
1950
const char *configKey, const char *def,
1891
const char *returnAttr, const char *branch,
1951
1892
struct lu_error **error)
1953
LDAPMessage *messages = NULL, *entry = NULL;
1954
char **values = NULL;
1955
char *base = NULL, *filt = NULL;
1894
LDAPMessage *messages = NULL;
1959
GValueArray *ret = NULL;
1960
1898
struct lu_ldap_context *ctx;
1961
1899
char *attributes[] = { (char *) returnAttr, NULL };
1964
1901
g_assert(module != NULL);
1965
1902
g_assert(searchAttr != NULL);
1966
1903
g_assert(strlen(searchAttr) > 0);
1967
1904
g_assert(returnAttr != NULL);
1968
1905
g_assert(strlen(returnAttr) > 0);
1969
g_assert(configKey != NULL);
1970
g_assert(strlen(configKey) > 0);
1971
g_assert(attributes != NULL);
1972
g_assert(attributes[0] != NULL);
1973
1906
LU_ERROR_CHECK(error);
1975
1908
ctx = module->module_context;
1977
/* Get the name of the key which tells us where to search. */
1978
tmp = g_strdup_printf("%s/%s", module->name, configKey);
1979
branch = lu_cfg_read_single(module->lu_context, tmp, def);
1982
1910
/* Generate the base DN to search under. */
1911
/* FIXME: this is inconsistent with lu_ldap_base() usage elsewhere */
1983
1912
base = g_strdup_printf("%s,%s", branch,
1984
1913
ctx->prompts[LU_LDAP_BASEDN].value &&
1985
1914
strlen(ctx->prompts[LU_LDAP_BASEDN].value) ?
1995
1924
ret = g_value_array_new(0);
1996
1925
memset(&value, 0, sizeof(value));
1997
1926
g_value_init(&value, G_TYPE_STRING);
1998
if (ldap_search_s(ctx->ldap, base, LDAP_SCOPE_SUBTREE, filt, attributes,
1999
FALSE, &messages) == LDAP_SUCCESS) {
1927
if (ldap_search_ext_s(ctx->ldap, base, LDAP_SCOPE_SUBTREE, filt,
1928
attributes, FALSE, NULL, NULL, NULL,
1929
LDAP_NO_LIMIT, &messages) == LDAP_SUCCESS) {
2000
1932
entry = ldap_first_entry(ctx->ldap, messages);
2001
1933
if (entry != NULL) {
2002
1934
while (entry != NULL) {
2003
values = ldap_get_values(ctx->ldap, entry,
1938
values = ldap_get_values_len(ctx->ldap, entry,
2006
1941
(values != NULL) && (values[i] != NULL);
1945
val = g_strndup(values[i]->bv_val,
2009
1948
g_print("Got `%s' = `%s'.\n",
2010
returnAttr, values[i]);
2012
g_value_set_string(&value, values[i]);
1951
g_value_take_string(&value, val);
2013
1952
g_value_array_append(ret, &value);
2015
if (values != NULL) {
2016
ldap_value_free(values);
1954
ldap_value_free_len(values);
2018
1955
entry = ldap_next_entry(ctx->ldap, entry);
2238
2217
lu_ldap_users_enumerate(struct lu_module *module, const char *pattern,
2239
2218
struct lu_error **error)
2220
struct lu_ldap_context *ctx;
2241
2222
LU_ERROR_CHECK(error);
2242
return lu_ldap_enumerate(module,
2243
map_to_ldap(module->scache, LU_USERNAME),
2245
map_to_ldap(module->scache, LU_USERNAME),
2246
"userBranch", USERBRANCH, error);
2223
ctx = module->module_context;
2224
return lu_ldap_enumerate(module, "uid", pattern, "uid",
2225
ctx->user_branch, error);
2249
2228
static GPtrArray *
2250
2229
lu_ldap_users_enumerate_full(struct lu_module *module, const char *pattern,
2251
2230
struct lu_error **error)
2232
struct lu_ldap_context *ctx;
2253
2233
GPtrArray *array = g_ptr_array_new();
2254
2235
LU_ERROR_CHECK(error);
2255
lu_ldap_lookup(module,
2256
map_to_ldap(module->scache, LU_USERNAME), pattern,
2258
"userBranch", USERBRANCH,
2236
ctx = module->module_context;
2237
lu_ldap_lookup(module, "uid", pattern, NULL, array, ctx->user_branch,
2259
2238
"("OBJECTCLASS"="POSIXACCOUNT")",
2260
lu_ldap_user_attributes, LU_LDAP_USER | LU_LDAP_SHADOW,
2239
lu_ldap_user_attributes, lu_user, error);
2267
2245
lu_ldap_groups_enumerate(struct lu_module *module, const char *pattern,
2268
2246
struct lu_error **error)
2248
struct lu_ldap_context *ctx;
2270
2250
LU_ERROR_CHECK(error);
2271
return lu_ldap_enumerate(module,
2272
map_to_ldap(module->scache, LU_GROUPNAME),
2274
map_to_ldap(module->scache, LU_GROUPNAME),
2275
"groupBranch", GROUPBRANCH, error);
2251
ctx = module->module_context;
2252
return lu_ldap_enumerate(module, "cn", pattern, "cn",
2253
ctx->group_branch, error);
2278
2256
static GPtrArray *
2279
2257
lu_ldap_groups_enumerate_full(struct lu_module *module, const char *pattern,
2280
2258
struct lu_error **error)
2260
struct lu_ldap_context *ctx;
2282
2262
GPtrArray *array = g_ptr_array_new();
2283
2263
LU_ERROR_CHECK(error);
2284
lu_ldap_lookup(module,
2285
map_to_ldap(module->scache, LU_GROUPNAME), pattern,
2287
"groupBranch", GROUPBRANCH,
2264
ctx = module->module_context;
2265
lu_ldap_lookup(module, "cn", pattern, NULL, array, ctx->group_branch,
2288
2266
"("OBJECTCLASS"="POSIXGROUP")",
2289
lu_ldap_group_attributes, LU_LDAP_GROUP | LU_LDAP_SHADOW,
2267
lu_ldap_group_attributes, lu_group, error);
2298
2275
const char *group, gid_t gid,
2299
2276
struct lu_error **error)
2301
GValueArray *primaries = NULL, *secondaries = NULL;
2278
struct lu_ldap_context *ctx;
2279
GValueArray *primaries;
2306
2284
LU_ERROR_CHECK(error);
2285
ctx = module->module_context;
2307
2286
grp = g_strdup_printf("%jd", (intmax_t)gid);
2309
primaries = lu_ldap_enumerate(module,
2310
map_to_ldap(module->scache, LU_GIDNUMBER),
2312
map_to_ldap(module->scache, LU_USERNAME),
2313
"userBranch", USERBRANCH,
2288
primaries = lu_ldap_enumerate(module, "gidNumber", grp, "uid",
2289
ctx->user_branch, error);
2315
2290
if ((error == NULL) || (*error == NULL)) {
2316
secondaries = lu_ldap_enumerate(module,
2317
map_to_ldap(module->scache, LU_GROUPNAME),
2319
map_to_ldap(module->scache, LU_MEMBERNAME),
2320
"groupBranch", GROUPBRANCH,
2291
GValueArray *secondaries;
2293
secondaries = lu_ldap_enumerate(module, "cn", group,
2294
"memberUid", ctx->group_branch,
2322
2296
for (i = 0; i < secondaries->n_values; i++) {
2323
2297
value = g_value_array_get_nth(secondaries, i);
2358
2332
struct lu_error **error)
2360
GValueArray *primaries = NULL, *secondaries = NULL, *values, *gids;
2334
struct lu_ldap_context *ctx;
2335
GValueArray *primaries, *gids;
2364
struct lu_ent *ent = NULL;
2367
2340
LU_ERROR_CHECK(error);
2341
ctx = module->module_context;
2369
2343
/* Create an array to hold the values returned. */
2370
2344
primaries = g_value_array_new(0);
2372
2346
/* Get the user's primary GID(s). */
2373
gids = lu_ldap_enumerate(module,
2374
map_to_ldap(module->scache, LU_USERNAME),
2376
map_to_ldap(module->scache, LU_GIDNUMBER),
2377
"userBranch", USERBRANCH, error);
2347
gids = lu_ldap_enumerate(module, "uid", user, "gidNumber",
2348
ctx->user_branch, error);
2378
2349
/* For each GID, look up the group. Which has this GID. */
2379
2350
for (i = 0; (gids != NULL) && (i < gids->n_values); i++) {
2380
2354
value = g_value_array_get_nth(gids, i);
2381
2355
gid = lu_value_get_id(value);
2382
2356
g_assert (gid != LU_VALUE_INVALID_ID);
2383
2357
ent = lu_ent_new();
2384
2358
if (lu_group_lookup_id(module->lu_context, gid,
2360
GValueArray *values;
2386
2363
/* Get the group's names and add them to the list
2387
2364
* of values to return. */
2388
2365
values = lu_ent_get(ent, LU_GROUPNAME);