-
Notifications
You must be signed in to change notification settings - Fork 29
/
group.go
88 lines (72 loc) · 2.3 KB
/
group.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
package auth
import (
"encoding/binary"
"errors"
"fmt"
"strconv"
"strings"
)
const LDAPMatchingRuleInChain = "1.2.840.113556.1.4.1941"
//GroupDN returns the DN of the group with the given cn or an error if one occurred.
func (c *Conn) GroupDN(group string) (string, error) {
if strings.HasSuffix(group, c.Config.BaseDN) {
return group, nil
}
return c.GetDN("cn", group)
}
//ObjectGroups returns which of the given groups (referenced by DN) the object with the given attribute value is in,
//if any, or an error if one occurred.
//Setting attr to "dn" and value to the DN of an object will avoid an extra LDAP search to get the object's DN.
func (c *Conn) ObjectGroups(attr, value string, groups []string) ([]string, error) {
dn := value
if attr != "dn" {
entry, err := c.GetAttributes(attr, value, []string{""})
if err != nil {
return nil, err
}
dn = entry.DN
}
objectGroups, err := c.getGroups(dn)
if err != nil {
return nil, err
}
var matchedGroups []string
for _, objectGroup := range objectGroups {
for _, parentGroup := range groups {
if objectGroup.DN == parentGroup {
matchedGroups = append(matchedGroups, parentGroup)
continue
}
}
}
return matchedGroups, nil
}
//ObjectPrimaryGroup returns the DN of the primary group of the object with the given attribute value
//or an error if one occurred. Not all LDAP objects have a primary group.
func (c *Conn) ObjectPrimaryGroup(attr, value string) (string, error) {
entry, err := c.GetAttributes(attr, value, []string{"objectSid", "primaryGroupID"})
if err != nil {
return "", err
}
gidStr := entry.GetAttributeValue("primaryGroupID")
if gidStr == "" {
return "", errors.New("Search error: primaryGroupID not found")
}
gid, err := strconv.Atoi(entry.GetAttributeValue("primaryGroupID"))
if err != nil {
return "", fmt.Errorf(`Parse error: invalid primaryGroupID ("%s"): %w`, gidStr, err)
}
uSID := entry.GetRawAttributeValue("objectSid")
gSID := make([]byte, len(uSID))
copy(gSID, uSID)
binary.LittleEndian.PutUint32(gSID[len(gSID)-4:], uint32(gid))
encoded := ""
for _, b := range gSID {
encoded += fmt.Sprintf(`\%02x`, b)
}
entry, err = c.SearchOne(fmt.Sprintf("(objectSid=%s)", encoded), nil)
if err != nil {
return "", fmt.Errorf("Search error: primary group not found: %w", err)
}
return entry.DN, nil
}