From d6232129b33b7e7bd0b052b1e436b742080ca264 Mon Sep 17 00:00:00 2001 From: zacheiss Date: Thu, 28 May 2009 16:13:54 +0000 Subject: [PATCH] Check group membership before doing anything. --- incremental/ldap/winad.c | 71 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/incremental/ldap/winad.c b/incremental/ldap/winad.c index 1672688d..54894d44 100755 --- a/incremental/ldap/winad.c +++ b/incremental/ldap/winad.c @@ -535,6 +535,8 @@ int member_add(LDAP *ldap_handle, char *dn_path, char *group_name, int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name, char *group_ou, char *group_membership, char *user_name, char *pUserOu, char *MoiraId); +int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name, + char *UserOu, char *member); int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name, char *group_ou, char *group_membership, int group_security_flag, char *MoiraId, int synchronize); @@ -2644,6 +2646,7 @@ int group_create(int ac, char **av, void *ptr) char *mitMoiraId_v[] = {NULL, NULL}; char *mitMoiraPublic_v[] = {NULL, NULL}; char *mitMoiraHidden_v[] = {NULL, NULL}; + char *mitMoiraActive_v[] = {NULL, NULL}; char *groupTypeControl_v[] = {NULL, NULL}; char *mail_v[] = {NULL, NULL}; char *proxy_address_v[] = {NULL, NULL}; @@ -2722,9 +2725,11 @@ int group_create(int ac, char **av, void *ptr) { mitMoiraPublic_v[0] = av[L_PUBLIC]; mitMoiraHidden_v[0] = av[L_HIDDEN]; + mitMoiraActive_v[0] = av[L_ACTIVE]; ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD); ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD); ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD); + ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_ADD); if(atoi(av[L_GROUP])) { @@ -2860,8 +2865,10 @@ int group_create(int ac, char **av, void *ptr) { mitMoiraPublic_v[0] = av[L_PUBLIC]; mitMoiraHidden_v[0] = av[L_HIDDEN]; + mitMoiraActive_v[0] = av[L_ACTIVE]; ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE); ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE); + ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_REPLACE); if(atoi(av[L_GROUP])) { @@ -3536,6 +3543,9 @@ int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name, if (!check_string(group_name)) return(AD_INVALID_NAME); + if(!contains_member(ldap_handle, dn_path, group_name, UserOu, user_name)) + return(0); + memset(filter, '\0', sizeof(filter)); group_base = NULL; group_count = 0; @@ -3666,6 +3676,9 @@ int member_add(LDAP *ldap_handle, char *dn_path, char *group_name, if (!check_string(group_name)) return(AD_INVALID_NAME); + if(contains_member(ldap_handle, dn_path, group_name, UserOu, user_name) > 0) + return(0); + rc = 0; memset(filter, '\0', sizeof(filter)); group_base = NULL; @@ -9096,3 +9109,61 @@ int save_fsgroup_info(int argc, char **argv, void *hint) return MR_CONT; } + +int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name, + char *UserOu, char *user_name) +{ + char search_filter[1024]; + char *attr_array[3]; + LK_ENTRY *group_base; + int group_count; + int rc; + char temp[256]; + + if(ActiveDirectory) + { + sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path); + } + else + { + if(!strcmp(UserOu, user_ou)) + sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path); + else + sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path); + } + + group_base = NULL; + group_count = 0; + + sprintf(search_filter, "(&(objectClass=group)(cn=%s)(member=%s))", + group_name, temp); + + attr_array[0] = "mitMoiraId"; + attr_array[1] = NULL; + + if ((rc = linklist_build(ldap_handle, dn_path, search_filter, + attr_array, &group_base, &group_count, + LDAP_SCOPE_SUBTREE)) != 0) + { + com_err(whoami, 0, "Unable to check group %s for membership of %s : %s", + group_name, user_name, ldap_err2string(rc)); + return(-1); + } + + if (group_count) + { + com_err(whoami, 0, "Group %s contains member %s", group_name, user_name); + rc = 1; + } + else + { + com_err(whoami, 0, "Group %s does not contain member %s", group_name, user_name); + rc = 0; + } + + linklist_free(group_base); + group_count = 0; + group_base = NULL; + + return(rc); +} -- 2.45.1