add missing active_directory functions

ad_mod_rename ad_rename_group ad_move closes #32
2025-04-02 10:50:15 +03:00 · 2020-06-04 19:06:32 +04:00 · 2020-06-04 19:06:32 +04:00 · fe36fc35e3
commit fe36fc35e3
parent 6e9eac31b8
2 changed files with 86 additions and 38 deletions
--- a/adldap/active_directory.c
+++ b/adldap/active_directory.c
@ -803,12 +803,22 @@ char **ad_get_attribute(const char *dn, const char *attribute, const char* uri)
    return out;
 }

-/* 
-  rename a user
-  changes samaccountname, userprincipalname and rdn/cn
-    return AD_SUCCESS on success 
-*/
-int ad_rename_user(const char *dn, const char *new_username, const char* uri) {
+int ad_mod_rename(const char *dn, const char *new_rdn, const char* uri) {
+    LDAP *ds = ad_login(uri);
+    if (ds == NULL) {
+         return ad_error_code;
+    }
+
+    int result = ldap_rename_s(ds, dn, new_rdn, NULL, 1, NULL, NULL);
+    if (result != LDAP_SUCCESS) {
+        snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ldap_rename_s for ad_mod_rename: %s\n", ldap_err2string(result));
+        return ad_error_code;
+    }
+
+    return ad_error_code;
+}
+
+int ad_rename_user(const char *dn, const char *new_name, const char* uri) {
    LDAP *ds;
    int result;
    char *new_rdn;
@ -817,40 +827,54 @@ int ad_rename_user(const char *dn, const char *new_username, const char* uri) {
    ds=ad_login(uri);
    if(!ds) return ad_error_code;

-    result=ad_mod_replace(dn, "sAMAccountName", new_username, uri);
+    result=ad_mod_replace(dn, "sAMAccountName", new_name, uri);
    if(!result) return ad_error_code;

    domain=dn2domain(dn);
-    upn=malloc(strlen(new_username)+strlen(domain)+2);
-    sprintf(upn, "%s@%s", new_username, domain);
+    upn=malloc(strlen(new_name)+strlen(domain)+2);
+    sprintf(upn, "%s@%s", new_name, domain);
    free(domain);
    result=ad_mod_replace(dn, "userPrincipalName", upn, uri);
    free(upn);
    if(!result) return ad_error_code;

-    new_rdn=malloc(strlen(new_username)+4);
-    sprintf(new_rdn, "cn=%s", new_username);
+    new_rdn=malloc(strlen(new_name)+4);
+    sprintf(new_rdn, "cn=%s", new_name);

-    result=ldap_modrdn2_s(ds, dn, new_rdn, 1);
-    if(result!=LDAP_SUCCESS) {
-        snprintf(ad_error_msg, MAX_ERR_LENGTH,
-          "Error in ldap_modrdn2_s for ad_rename_user: %s\n",
-          ldap_err2string(result));
-        ad_error_code=AD_LDAP_OPERATION_FAILURE;
-        free(new_rdn);
+    result = ldap_rename_s(ds, dn, new_rdn, NULL, 1, NULL, NULL);
+    if (result != LDAP_SUCCESS) {
+        snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ldap_rename_s for ad_rename_user: %s\n", ldap_err2string(result));
+        return ad_error_code;
+    }
+
+    free(new_rdn);
+    return ad_error_code;
+}
+
+int ad_rename_group(const char *dn, const char *new_name, const char* uri) {
+    LDAP *ds;
+    int result;
+    char *new_rdn;
+
+    ds=ad_login(uri);
+    if(!ds) return ad_error_code;
+
+    result=ad_mod_replace(dn, "sAMAccountName", new_name, uri);
+    if(!result) return ad_error_code;
+
+    new_rdn=malloc(strlen(new_name)+4);
+    sprintf(new_rdn, "cn=%s", new_name);
+
+    result = ldap_rename_s(ds, dn, new_rdn, NULL, 1, NULL, NULL);
+    if (result != LDAP_SUCCESS) {
+        snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ldap_rename_s for ad_rename_group: %s\n", ldap_err2string(result));
        return ad_error_code;
    }

-    ad_error_code=AD_SUCCESS;
    free(new_rdn);
    return ad_error_code;
 }

-/* 
-  move a user to another container
-  sets userprincipalname based on the destination container
-    return AD_SUCCESS on success 
-*/
 int ad_move_user(const char *current_dn, const char *new_container, const char* uri) {
    LDAP *ds;
    int result;
@ -860,6 +884,7 @@ int ad_move_user(const char *current_dn, const char *new_container, const char*
    ds=ad_login(uri);
    if(!ds) return ad_error_code;

+    // Modify userPrincipalName in case of domain change
    username=ad_get_attribute(current_dn, "sAMAccountName", uri);;
    if(username==NULL) {
        snprintf(ad_error_msg, MAX_ERR_LENGTH,
@ -876,10 +901,24 @@ int ad_move_user(const char *current_dn, const char *new_container, const char*
    free(upn);
    if(!result) return ad_error_code;

+    ad_error_code=ad_move(current_dn, new_container, uri);
+
+    return ad_error_code;
+}
+
+int ad_move(const char *current_dn, const char *new_container, const char* uri) {
+    LDAP *ds;
+    int result;
+    char **exdn;
+    char **username, *domain, *upn;
+
+    ds=ad_login(uri);
+    if(!ds) return ad_error_code;
+
    exdn=ldap_explode_dn(current_dn, 0);
    if(exdn==NULL) {
        snprintf(ad_error_msg, MAX_ERR_LENGTH,
-          "Error exploding dn %s for ad_move_user\n",
+          "Error exploding dn %s for ad_move\n",
          current_dn);
        ad_error_code=AD_INVALID_DN;
        return ad_error_code;
@ -890,7 +929,7 @@ int ad_move_user(const char *current_dn, const char *new_container, const char*
    ldap_memfree(exdn);
    if(result!=LDAP_SUCCESS) {
        snprintf(ad_error_msg, MAX_ERR_LENGTH,
-          "Error in ldap_rename_s for ad_move_user: %s\n",
+          "Error in ldap_rename_s for ad_move: %s\n",
          ldap_err2string(result));
        ad_error_code=AD_LDAP_OPERATION_FAILURE;
    } else {
--- a/adldap/include/active_directory.h
+++ b/adldap/include/active_directory.h
@ -165,19 +165,28 @@ int ad_mod_delete(const char *dn, const char *attribute, const char *value, cons
 */
 char **ad_get_attribute(const char *dn, const char *attribute, const char* uri);

-/* ad_rename_user() changes the given user's name
-| Modifies cn, sAMAccountName and userPrincipalName
-|to the new username.  Assumes that the first part of the dn
-|is composed of cn=username.
-|  Returns AD_SUCCESS or AD_LDAP_OPERATION_FAILURE;
-*/
-int ad_rename_user(const char *dn, const char *new_username, const char* uri);
+// Renames object at dn
+// new_rdn has to have appropriate prefix and be of the form "CN=name"
+// Modifies name
+// Use specialized functions to rename users and groups
+int ad_mod_rename(const char *dn, const char *new_rdn, const char* uri);

-/* ad_move_user() moves a user into a different container/organizational
-| unit.
-|  Changes dn and fixes userPrincipalName in case of domain change.
-|  Returns AD_SUCCESS, AD_INVALID_DN or AD_LDAP_OPERATION_FAILURE.
-*/
+// Change given user's dn
+// Modifies cn, name, sAMAccountName and userPrincipalName
+// new_name should be without prefix "CN="
+int ad_rename_user(const char *dn, const char *new_name, const char* uri);
+
+// Change given group's dn
+// Modifies cn, name and sAMAccountName
+// new_name should be without prefix "CN="
+int ad_rename_group(const char *dn, const char *new_name, const char* uri);
+
+// Moves object to new container
+// Use specialized functions to rename users and groups
+int ad_move(const char *current_dn, const char *new_container, const char* uri);
+
+// Moves user to new container
+// Modifies userPrincipalName
 int ad_move_user(const char *current_dn, const char *new_container, const char* uri);

 /* ad_group_create() creates a new user group (of type global security)