Blame SOURCES/0002-create-user-try-to-find-NIS-domain-if-needed.patch

f441eb
From 408880a11879b1a57a450e25c77ef2e310bdffd5 Mon Sep 17 00:00:00 2001
f441eb
From: Sumit Bose <sbose@redhat.com>
f441eb
Date: Mon, 18 Mar 2019 16:45:54 +0100
f441eb
Subject: [PATCH 2/2] create-user: try to find NIS domain if needed
f441eb
f441eb
Related to https://gitlab.freedesktop.org/realmd/adcli/issues/2
f441eb
---
f441eb
 doc/adcli.xml     |  4 +++-
f441eb
 library/adentry.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
f441eb
 library/adentry.h |  2 ++
f441eb
 tools/entry.c     | 16 ++++++++++++++++
f441eb
 4 files changed, 65 insertions(+), 1 deletion(-)
f441eb
f441eb
diff --git a/doc/adcli.xml b/doc/adcli.xml
f441eb
index 18620c0..af73433 100644
f441eb
--- a/doc/adcli.xml
f441eb
+++ b/doc/adcli.xml
f441eb
@@ -537,7 +537,9 @@ $ adcli create-user Fry --domain=domain.example.com \
f441eb
 			the new created user account, which should be the user's
f441eb
 			NIS domain is the NIS/YP service of Active Directory's Services for Unix (SFU)
f441eb
 			are used. This is needed to let the 'UNIX attributes' tab of older Active
f441eb
-			Directoy versions show the set UNIX specific attributes.</para></listitem>
f441eb
+			Directoy versions show the set UNIX specific attributes. If not specified
f441eb
+			adcli will try to determine the NIS domain automatically if needed.
f441eb
+			</para></listitem>
f441eb
 		</varlistentry>
f441eb
 	</variablelist>
f441eb
 
f441eb
diff --git a/library/adentry.c b/library/adentry.c
f441eb
index 9b9e1c6..1cc0518 100644
f441eb
--- a/library/adentry.c
f441eb
+++ b/library/adentry.c
f441eb
@@ -484,3 +484,47 @@ adcli_entry_new_group (adcli_conn *conn,
f441eb
 	return_val_if_fail (sam_name != NULL, NULL);
f441eb
 	return entry_new (conn, "group", group_entry_builder, sam_name);
f441eb
 }
f441eb
+
f441eb
+adcli_result
f441eb
+adcli_get_nis_domain (adcli_entry *entry,
f441eb
+                      adcli_attrs *attrs)
f441eb
+{
f441eb
+	LDAP *ldap;
f441eb
+	const char *ldap_attrs[] = { "cn", NULL };
f441eb
+	LDAPMessage *results;
f441eb
+	LDAPMessage *ldap_entry;
f441eb
+	char *base;
f441eb
+	const char *filter = "objectClass=msSFU30DomainInfo";
f441eb
+	char *cn;
f441eb
+	int ret;
f441eb
+
f441eb
+	ldap = adcli_conn_get_ldap_connection (entry->conn);
f441eb
+	return_unexpected_if_fail (ldap != NULL);
f441eb
+
f441eb
+	if (asprintf (&base, "CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,%s",
f441eb
+	              adcli_conn_get_default_naming_context (entry->conn)) < 0) {
f441eb
+		return_unexpected_if_reached ();
f441eb
+	}
f441eb
+
f441eb
+	ret = ldap_search_ext_s (ldap, base, LDAP_SCOPE_SUB, filter, (char **)ldap_attrs,
f441eb
+	                         0, NULL, NULL, NULL, -1, &results);
f441eb
+
f441eb
+	free (base);
f441eb
+
f441eb
+	if (ret != LDAP_SUCCESS) {
f441eb
+		/* No NIS domain available */
f441eb
+		ldap_msgfree (results);
f441eb
+		return ADCLI_SUCCESS;
f441eb
+	}
f441eb
+
f441eb
+	ldap_entry = ldap_first_entry (ldap, results);
f441eb
+	if (ldap_entry != NULL) {
f441eb
+		cn = _adcli_ldap_parse_value (ldap, ldap_entry, "cn");
f441eb
+		return_unexpected_if_fail (cn != NULL);
f441eb
+
f441eb
+		adcli_attrs_add (attrs, "msSFU30NisDomain", cn, NULL);
f441eb
+	}
f441eb
+	ldap_msgfree (results);
f441eb
+
f441eb
+	return ADCLI_SUCCESS;
f441eb
+}
f441eb
diff --git a/library/adentry.h b/library/adentry.h
f441eb
index eb8bc00..ae90689 100644
f441eb
--- a/library/adentry.h
f441eb
+++ b/library/adentry.h
f441eb
@@ -58,4 +58,6 @@ const char *       adcli_entry_get_sam_name             (adcli_entry *entry);
f441eb
 
f441eb
 const char *       adcli_entry_get_dn                   (adcli_entry *entry);
f441eb
 
f441eb
+adcli_result       adcli_get_nis_domain                 (adcli_entry *entry,
f441eb
+                                                         adcli_attrs *attrs);
f441eb
 #endif /* ADENTRY_H_ */
f441eb
diff --git a/tools/entry.c b/tools/entry.c
f441eb
index 69ce62c..de56586 100644
f441eb
--- a/tools/entry.c
f441eb
+++ b/tools/entry.c
f441eb
@@ -153,6 +153,8 @@ adcli_tool_user_create (adcli_conn *conn,
f441eb
 	adcli_attrs *attrs;
f441eb
 	const char *ou = NULL;
f441eb
 	int opt;
f441eb
+	bool has_unix_attr = false;
f441eb
+	bool has_nis_domain = false;
f441eb
 
f441eb
 	struct option options[] = {
f441eb
 		{ "display-name", required_argument, NULL, opt_display_name },
f441eb
@@ -193,18 +195,23 @@ adcli_tool_user_create (adcli_conn *conn,
f441eb
 			break;
f441eb
 		case opt_unix_home:
f441eb
 			adcli_attrs_add (attrs, "unixHomeDirectory", optarg, NULL);
f441eb
+			has_unix_attr = true;
f441eb
 			break;
f441eb
 		case opt_unix_uid:
f441eb
 			adcli_attrs_add (attrs, "uidNumber", optarg, NULL);
f441eb
+			has_unix_attr = true;
f441eb
 			break;
f441eb
 		case opt_unix_gid:
f441eb
 			adcli_attrs_add (attrs, "gidNumber", optarg, NULL);
f441eb
+			has_unix_attr = true;
f441eb
 			break;
f441eb
 		case opt_unix_shell:
f441eb
 			adcli_attrs_add (attrs, "loginShell", optarg, NULL);
f441eb
+			has_unix_attr = true;
f441eb
 			break;
f441eb
 		case opt_nis_domain:
f441eb
 			adcli_attrs_add (attrs, "msSFU30NisDomain", optarg, NULL);
f441eb
+			has_nis_domain = true;
f441eb
 			break;
f441eb
 		case opt_domain_ou:
f441eb
 			ou = optarg;
f441eb
@@ -242,6 +249,15 @@ adcli_tool_user_create (adcli_conn *conn,
f441eb
 		      adcli_get_last_error ());
f441eb
 	}
f441eb
 
f441eb
+	if (has_unix_attr && !has_nis_domain) {
f441eb
+		res = adcli_get_nis_domain (entry, attrs);
f441eb
+		if (res != ADCLI_SUCCESS) {
f441eb
+			adcli_entry_unref (entry);
f441eb
+			adcli_attrs_free (attrs);
f441eb
+			errx (-res, "couldn't get NIS domain");
f441eb
+		}
f441eb
+	}
f441eb
+
f441eb
 	res = adcli_entry_create (entry, attrs);
f441eb
 	if (res != ADCLI_SUCCESS) {
f441eb
 		errx (-res, "creating user %s in domain %s failed: %s",
f441eb
-- 
f441eb
2.20.1
f441eb