1/* 2 Unix SMB/CIFS implementation. 3 ads (active directory) utility library 4 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 3 of the License, or 9 (at your option) any later version. 10 11 This program is distributed in the hope that it will be useful, 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 GNU General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with this program. If not, see <http://www.gnu.org/licenses/>. 18*/ 19 20#include "includes.h" 21 22#ifdef HAVE_ADS 23 24/* 25 find a user account 26*/ 27 ADS_STATUS ads_find_user_acct(ADS_STRUCT *ads, LDAPMessage **res, 28 const char *user) 29{ 30 ADS_STATUS status; 31 char *ldap_exp; 32 const char *attrs[] = {"*", NULL}; 33 char *escaped_user = escape_ldap_string(talloc_tos(), user); 34 if (!escaped_user) { 35 return ADS_ERROR(LDAP_NO_MEMORY); 36 } 37 38 if (asprintf(&ldap_exp, "(samAccountName=%s)", escaped_user) == -1) { 39 TALLOC_FREE(escaped_user); 40 return ADS_ERROR(LDAP_NO_MEMORY); 41 } 42 status = ads_search(ads, res, ldap_exp, attrs); 43 SAFE_FREE(ldap_exp); 44 TALLOC_FREE(escaped_user); 45 return status; 46} 47 48ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user, 49 const char *container, const char *fullname) 50{ 51 TALLOC_CTX *ctx; 52 ADS_MODLIST mods; 53 ADS_STATUS status; 54 const char *upn, *new_dn, *name, *controlstr; 55 char *name_escaped = NULL; 56 const char *objectClass[] = {"top", "person", "organizationalPerson", 57 "user", NULL}; 58 59 if (fullname && *fullname) name = fullname; 60 else name = user; 61 62 if (!(ctx = talloc_init("ads_add_user_acct"))) 63 return ADS_ERROR(LDAP_NO_MEMORY); 64 65 status = ADS_ERROR(LDAP_NO_MEMORY); 66 67 if (!(upn = talloc_asprintf(ctx, "%s@%s", user, ads->config.realm))) 68 goto done; 69 if (!(name_escaped = escape_rdn_val_string_alloc(name))) 70 goto done; 71 if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name_escaped, container, 72 ads->config.bind_path))) 73 goto done; 74 if (!(controlstr = talloc_asprintf(ctx, "%u", (UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE)))) 75 goto done; 76 if (!(mods = ads_init_mods(ctx))) 77 goto done; 78 79 ads_mod_str(ctx, &mods, "cn", name); 80 ads_mod_strlist(ctx, &mods, "objectClass", objectClass); 81 ads_mod_str(ctx, &mods, "userPrincipalName", upn); 82 ads_mod_str(ctx, &mods, "name", name); 83 ads_mod_str(ctx, &mods, "displayName", name); 84 ads_mod_str(ctx, &mods, "sAMAccountName", user); 85 ads_mod_str(ctx, &mods, "userAccountControl", controlstr); 86 status = ads_gen_add(ads, new_dn, mods); 87 88 done: 89 SAFE_FREE(name_escaped); 90 talloc_destroy(ctx); 91 return status; 92} 93 94ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group, 95 const char *container, const char *comment) 96{ 97 TALLOC_CTX *ctx; 98 ADS_MODLIST mods; 99 ADS_STATUS status; 100 char *new_dn; 101 char *name_escaped = NULL; 102 const char *objectClass[] = {"top", "group", NULL}; 103 104 if (!(ctx = talloc_init("ads_add_group_acct"))) 105 return ADS_ERROR(LDAP_NO_MEMORY); 106 107 status = ADS_ERROR(LDAP_NO_MEMORY); 108 109 if (!(name_escaped = escape_rdn_val_string_alloc(group))) 110 goto done; 111 if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name_escaped, container, 112 ads->config.bind_path))) 113 goto done; 114 if (!(mods = ads_init_mods(ctx))) 115 goto done; 116 117 ads_mod_str(ctx, &mods, "cn", group); 118 ads_mod_strlist(ctx, &mods, "objectClass",objectClass); 119 ads_mod_str(ctx, &mods, "name", group); 120 if (comment && *comment) 121 ads_mod_str(ctx, &mods, "description", comment); 122 ads_mod_str(ctx, &mods, "sAMAccountName", group); 123 status = ads_gen_add(ads, new_dn, mods); 124 125 done: 126 SAFE_FREE(name_escaped); 127 talloc_destroy(ctx); 128 return status; 129} 130#endif 131