From 408880a11879b1a57a450e25c77ef2e310bdffd5 Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Mon, 18 Mar 2019 16:45:54 +0100

Subject: [PATCH 2/2] create-user: try to find NIS domain if needed

Related to https://gitlab.freedesktop.org/realmd/adcli/issues/2

---

 doc/adcli.xml     |  4 +++-

 library/adentry.c | 44 ++++++++++++++++++++++++++++++++++++++++++++

 library/adentry.h |  2 ++

 tools/entry.c     | 16 ++++++++++++++++

 4 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/doc/adcli.xml b/doc/adcli.xml

index 18620c0..af73433 100644

--- a/doc/adcli.xml

+++ b/doc/adcli.xml

@@ -537,7 +537,9 @@ $ adcli create-user Fry --domain=domain.example.com \

 			the new created user account, which should be the user's

 			NIS domain is the NIS/YP service of Active Directory's Services for Unix (SFU)

 			are used. This is needed to let the 'UNIX attributes' tab of older Active

-			Directoy versions show the set UNIX specific attributes.</para></listitem>

+			Directoy versions show the set UNIX specific attributes. If not specified

+			adcli will try to determine the NIS domain automatically if needed.

+			</para></listitem>

 		</varlistentry>

 	</variablelist>

diff --git a/library/adentry.c b/library/adentry.c

index 9b9e1c6..1cc0518 100644

--- a/library/adentry.c

+++ b/library/adentry.c

@@ -484,3 +484,47 @@ adcli_entry_new_group (adcli_conn *conn,

 	return_val_if_fail (sam_name != NULL, NULL);

 	return entry_new (conn, "group", group_entry_builder, sam_name);

 }

+

+adcli_result

+adcli_get_nis_domain (adcli_entry *entry,

+                      adcli_attrs *attrs)

+{

+	LDAP *ldap;

+	const char *ldap_attrs[] = { "cn", NULL };

+	LDAPMessage *results;

+	LDAPMessage *ldap_entry;

+	char *base;

+	const char *filter = "objectClass=msSFU30DomainInfo";

+	char *cn;

+	int ret;

+

+	ldap = adcli_conn_get_ldap_connection (entry->conn);

+	return_unexpected_if_fail (ldap != NULL);

+

+	if (asprintf (&base, "CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,%s",

+	              adcli_conn_get_default_naming_context (entry->conn)) < 0) {

+		return_unexpected_if_reached ();

+	}

+

+	ret = ldap_search_ext_s (ldap, base, LDAP_SCOPE_SUB, filter, (char **)ldap_attrs,

+	                         0, NULL, NULL, NULL, -1, &results);

+

+	free (base);

+

+	if (ret != LDAP_SUCCESS) {

+		/* No NIS domain available */

+		ldap_msgfree (results);

+		return ADCLI_SUCCESS;

+	}

+

+	ldap_entry = ldap_first_entry (ldap, results);

+	if (ldap_entry != NULL) {

+		cn = _adcli_ldap_parse_value (ldap, ldap_entry, "cn");

+		return_unexpected_if_fail (cn != NULL);

+

+		adcli_attrs_add (attrs, "msSFU30NisDomain", cn, NULL);

+	}

+	ldap_msgfree (results);

+

+	return ADCLI_SUCCESS;

+}

diff --git a/library/adentry.h b/library/adentry.h

index eb8bc00..ae90689 100644

--- a/library/adentry.h

+++ b/library/adentry.h

@@ -58,4 +58,6 @@ const char *       adcli_entry_get_sam_name             (adcli_entry *entry);

 const char *       adcli_entry_get_dn                   (adcli_entry *entry);

+adcli_result       adcli_get_nis_domain                 (adcli_entry *entry,

+                                                         adcli_attrs *attrs);

 #endif /* ADENTRY_H_ */

diff --git a/tools/entry.c b/tools/entry.c

index 69ce62c..de56586 100644

--- a/tools/entry.c

+++ b/tools/entry.c

@@ -153,6 +153,8 @@ adcli_tool_user_create (adcli_conn *conn,

 	adcli_attrs *attrs;

 	const char *ou = NULL;

 	int opt;

+	bool has_unix_attr = false;

+	bool has_nis_domain = false;

 	struct option options[] = {

 		{ "display-name", required_argument, NULL, opt_display_name },

@@ -193,18 +195,23 @@ adcli_tool_user_create (adcli_conn *conn,

 			break;

 		case opt_unix_home:

 			adcli_attrs_add (attrs, "unixHomeDirectory", optarg, NULL);

+			has_unix_attr = true;

 			break;

 		case opt_unix_uid:

 			adcli_attrs_add (attrs, "uidNumber", optarg, NULL);

+			has_unix_attr = true;

 			break;

 		case opt_unix_gid:

 			adcli_attrs_add (attrs, "gidNumber", optarg, NULL);

+			has_unix_attr = true;

 			break;

 		case opt_unix_shell:

 			adcli_attrs_add (attrs, "loginShell", optarg, NULL);

+			has_unix_attr = true;

 			break;

 		case opt_nis_domain:

 			adcli_attrs_add (attrs, "msSFU30NisDomain", optarg, NULL);

+			has_nis_domain = true;

 			break;

 		case opt_domain_ou:

 			ou = optarg;

@@ -242,6 +249,15 @@ adcli_tool_user_create (adcli_conn *conn,

 		      adcli_get_last_error ());

 	}

+	if (has_unix_attr && !has_nis_domain) {

+		res = adcli_get_nis_domain (entry, attrs);

+		if (res != ADCLI_SUCCESS) {

+			adcli_entry_unref (entry);

+			adcli_attrs_free (attrs);

+			errx (-res, "couldn't get NIS domain");

+		}

+	}

+

 	res = adcli_entry_create (entry, attrs);

 	if (res != ADCLI_SUCCESS) {

 		errx (-res, "creating user %s in domain %s failed: %s",

-- 

2.20.1