Merge pull request #7535 from RussWhitehead/LDAPGroup

HPCC-13832 Add description and owner to LDAP Group creation

Reviewed-By: Kevin Wang <kevin.wang@lexisnexis.com>
Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>

esp/scm/ws_access.ecm

@@ -26,6 +26,8 @@ ESPstruct GroupInfo
 {
     string name;
     bool deletable;
+    [min_ver("1.09")] string groupOwner;
+    [min_ver("1.09")] string groupDesc;
 };
 
 ESPstruct AccountPermission
@@ -261,6 +263,8 @@ ESPresponse GroupResponse
 ESPrequest GroupAddRequest
 {
     string groupname;
+    [min_ver("1.09")] string groupOwner;
+    [min_ver("1.09")] string groupDesc;
 };
 
 ESPresponse GroupAddResponse
@@ -691,7 +695,7 @@ ESPresponse [nil_remove] UserAccountExportResponse
 };
 
 
-ESPservice [version("1.08"), exceptions_inline("./smc_xslt/exceptions.xslt")] ws_access
+ESPservice [version("1.09"), exceptions_inline("./smc_xslt/exceptions.xslt")] ws_access
 {
     ESPmethod [client_xslt("/esp/xslt/access_users.xslt")] Users(UserRequest, UserResponse);
     ESPmethod [client_xslt("/esp/xslt/access_useredit.xslt")] UserEdit(UserEditRequest, UserEditResponse);

esp/services/ws_access/ws_accessService.cpp

@@ -532,7 +532,9 @@ bool Cws_accessEx::onUserGroupEditInput(IEspContext &context, IEspUserGroupEditI
         }
 
         StringArray groupnames;
-        ldapsecmgr->getAllGroups(groupnames);
+        StringArray managedBy;
+        StringArray descriptions;
+        ldapsecmgr->getAllGroups(groupnames, managedBy, descriptions);
         IArrayOf<IEspGroupInfo> groups;
         for(i = 0; i < groupnames.length(); i++)
         {
@@ -543,6 +545,8 @@ bool Cws_accessEx::onUserGroupEditInput(IEspContext &context, IEspUserGroupEditI
             {
                 Owned<IEspGroupInfo> onegrp = createGroupInfo();
                 onegrp->setName(grpname);
+                onegrp->setGroupDesc(descriptions.item(i));
+                onegrp->setGroupOwner(managedBy.item(i));
                 groups.append(*onegrp.getLink());
             }
         }
@@ -632,11 +636,13 @@ bool Cws_accessEx::onGroups(IEspContext &context, IEspGroupRequest &req, IEspGro
         checkUser(context);
 
         StringArray groupnames;
+        StringArray groupManagedBy;
+        StringArray groupDescriptions;
         ISecManager* secmgr = context.querySecManager();
         if(secmgr == NULL)
             throw MakeStringException(ECLWATCH_INVALID_SEC_MANAGER, MSG_SEC_MANAGER_IS_NULL);
 
-        secmgr->getAllGroups(groupnames);
+        secmgr->getAllGroups(groupnames, groupManagedBy, groupDescriptions);
         ///groupnames.append("Administrators");
         ///groupnames.append("Full_Access_TestingOnly");
         //groupnames.kill();
@@ -651,6 +657,8 @@ bool Cws_accessEx::onGroups(IEspContext &context, IEspGroupRequest &req, IEspGro
                     continue;
                 Owned<IEspGroupInfo> onegrp = createGroupInfo();
                 onegrp->setName(grpname);
+                onegrp->setGroupDesc(groupDescriptions.item(i));
+                onegrp->setGroupOwner(groupManagedBy.item(i));
                 groups.append(*onegrp.getLink());
             }
 
@@ -821,9 +829,18 @@ bool Cws_accessEx::onGroupAdd(IEspContext &context, IEspGroupAddRequest &req, IE
 
         resp.setGroupname(groupname);
 
+        double version = context.getClientVersion();
+        const char * groupDesc = NULL;
+        const char * groupOwner = NULL;
+        if (version >= 1.09)
+        {
+            groupDesc = req.getGroupDesc();
+            groupOwner = req.getGroupOwner();
+        }
+
         try
         {
-            secmgr->addGroup(groupname);
+            secmgr->addGroup(groupname, groupOwner, groupDesc);
         }
         catch(IException* e)
         {
@@ -1932,7 +1949,9 @@ bool Cws_accessEx::onPermissionsResetInput(IEspContext &context, IEspPermissions
             groups.append(*onegrp.getLink());
         }
         StringArray grpnames;
-        secmgr->getAllGroups(grpnames);
+        StringArray managedBy;
+        StringArray descriptions;
+        secmgr->getAllGroups(grpnames, managedBy, descriptions);
         for(unsigned i = 0; i < grpnames.length(); i++)
         {
             const char* grpname = grpnames.item(i);
@@ -1940,6 +1959,8 @@ bool Cws_accessEx::onPermissionsResetInput(IEspContext &context, IEspPermissions
                 continue;
             Owned<IEspGroupInfo> onegrp = createGroupInfo();
             onegrp->setName(grpname);
+            onegrp->setGroupDesc(descriptions.item(i));
+            onegrp->setGroupOwner(managedBy.item(i));
             groups.append(*onegrp.getLink());
         }
 
@@ -2343,7 +2364,9 @@ bool Cws_accessEx::permissionAddInputOnResource(IEspContext &context, IEspPermis
         groups.append(*onegrp.getLink());
     }
     StringArray grpnames;
-    secmgr->getAllGroups(grpnames);
+    StringArray managedBy;
+    StringArray descriptions;
+    secmgr->getAllGroups(grpnames, managedBy, descriptions);
     for(unsigned i = 0; i < grpnames.length(); i++)
     {
         const char* grpname = grpnames.item(i);
@@ -2351,6 +2374,8 @@ bool Cws_accessEx::permissionAddInputOnResource(IEspContext &context, IEspPermis
             continue;
         Owned<IEspGroupInfo> onegrp = createGroupInfo();
         onegrp->setName(grpname);
+        onegrp->setGroupDesc(descriptions.item(i));
+        onegrp->setGroupOwner(managedBy.item(i));
         groups.append(*onegrp.getLink());
     }
 
@@ -3415,7 +3440,9 @@ bool Cws_accessEx::onFilePermission(IEspContext &context, IEspFilePermissionRequ
 
         //Get all groups for input form
         StringArray groupnames;
-        secmgr->getAllGroups(groupnames);
+        StringArray managedBy;
+        StringArray descriptions;
+        secmgr->getAllGroups(groupnames, managedBy, descriptions);
         ///groupnames.append("Authenticated Users");
         ///groupnames.append("Administrators");
         if (groupnames.length() > 0)
@@ -3428,6 +3455,8 @@ bool Cws_accessEx::onFilePermission(IEspContext &context, IEspFilePermissionRequ
                     continue;
                 Owned<IEspGroupInfo> onegrp = createGroupInfo();
                 onegrp->setName(grpname);
+                onegrp->setGroupDesc(descriptions.item(i));
+                onegrp->setGroupOwner(managedBy.item(i));
                 groups.append(*onegrp.getLink());
             }
 

system/security/LdapSecurity/ldapconnection.cpp

@@ -1132,7 +1132,7 @@ public:
             }
             try
             {
-                addGroup("Directory Administrators", m_ldapconfig->getBasedn());
+                addGroup("Directory Administrators", NULL, NULL, m_ldapconfig->getBasedn());
             }
             catch(...)
             {
@@ -3056,16 +3056,22 @@ public:
         return true;
     }
 
-    virtual void getAllGroups(StringArray & groups)
+    virtual void getAllGroups(StringArray & groups, StringArray & managedBy, StringArray & descriptions)
     {
         if(m_ldapconfig->getServerType() == ACTIVE_DIRECTORY)
         {
             groups.append("Authenticated Users");
+            managedBy.append("");
+            descriptions.append("");
             groups.append("Administrators");
+            managedBy.append("");
+            descriptions.append("");
         }
         else
         {
             groups.append("Directory Administrators");
+            managedBy.append("");
+            descriptions.append("");
         }
 
         char        *attribute;
@@ -3082,8 +3088,7 @@ public:
 
         Owned<ILdapConnection> lconn = m_connections->getConnection();
         LDAP* ld = ((CLdapConnection*)lconn.get())->getLd();
-
-        char        *attrs[] = {"cn", NULL};
+        char *attrs[] = {"cn", "managedBy", "description", NULL};
         CLDAPMessage searchResult;
         int rc = ldap_search_ext_s(ld, (char*)m_ldapconfig->getGroupBasedn(), LDAP_SCOPE_SUBTREE, (char*)filter.str(), attrs, 0, NULL, NULL, &timeOut, LDAP_NO_LIMIT,   &searchResult.msg );
 
@@ -3101,12 +3106,19 @@ public:
                   attribute != NULL;
                   attribute = atts.getNext())
             {
+                CLDAPGetValuesWrapper vals(ld, message, attribute);
+                if (!vals.hasValues())
+                    continue;
                 if(stricmp(attribute, "cn") == 0)
                 {
-                    CLDAPGetValuesWrapper vals(ld, message, attribute);
-                    if (vals.hasValues())
-                        groups.append(vals.queryValues()[0]);
+                    groups.append(vals.queryValues()[0]);
+                    managedBy.append("");
+                    descriptions.append("");
                 }
+                else if(stricmp(attribute, "managedBy") == 0)
+                    managedBy.replace(vals.queryValues()[0], groups.length() - 1);
+                else if(stricmp(attribute, "description") == 0)
+                    descriptions.replace(vals.queryValues()[0], groups.length() - 1);
             }
         }
     }
@@ -3288,7 +3300,9 @@ public:
         else
         {
             StringArray allgroups;
-            getAllGroups(allgroups);
+            StringArray allgroupManagedBy;
+            StringArray allgroupDescription;
+            getAllGroups(allgroups, allgroupManagedBy, allgroupDescription);
             for(unsigned i = 0; i < allgroups.length(); i++)
             {
                 const char* grp = allgroups.item(i);
@@ -3352,15 +3366,15 @@ public:
         return true;
     }
 
-    virtual void addGroup(const char* groupname)
+    virtual void addGroup(const char* groupname, const char * groupOwner, const char * groupDesc)
     {
         if(groupname == NULL || *groupname == '\0')
             throw MakeStringException(-1, "Can't add group, groupname is empty");
 
-        addGroup(groupname, m_ldapconfig->getGroupBasedn());
+        addGroup(groupname, groupOwner, groupDesc, m_ldapconfig->getGroupBasedn());
     }
 
-    virtual void addGroup(const char* groupname, const char* basedn)
+    virtual void addGroup(const char* groupname, const char * groupOwner, const char * groupDesc, const char* basedn)
     {
         if(groupname == NULL || *groupname == '\0')
             return;
@@ -3413,11 +3427,29 @@ public:
             member_values
         };
 
-        LDAPMod *attrs[5];
+        char *owner_values[] = {(char*)groupOwner, NULL};
+        LDAPMod owner_attr =
+        {
+            LDAP_MOD_ADD,
+            "managedBy",
+            owner_values
+        };
+        char *desc_values[] = {(char*)groupDesc, NULL};
+        LDAPMod desc_attr =
+        {
+            LDAP_MOD_ADD,
+            "description",
+            desc_values
+        };
+        LDAPMod *attrs[6];
         int ind = 0;
         
         attrs[ind++] = &cn_attr;
         attrs[ind++] = &oc_attr;
+        if (groupOwner && *groupOwner)
+            attrs[ind++] = &owner_attr;
+        if (groupDesc && *groupDesc)
+            attrs[ind++] = &desc_attr;
         attrs[ind] = NULL;
 
         Owned<ILdapConnection> lconn = m_connections->getConnection();

system/security/LdapSecurity/ldapconnection.hpp

@@ -162,7 +162,7 @@ interface ILdapClient : extends IInterface
     virtual void setPermissionProcessor(IPermissionProcessor* pp) = 0;
     virtual bool retrieveUsers(IUserArray& users) = 0;
     virtual bool retrieveUsers(const char* searchstr, IUserArray& users) = 0;
-    virtual void getAllGroups(StringArray & groups) = 0;
+    virtual void getAllGroups(StringArray & groups, StringArray & managedBy, StringArray & descriptions) = 0;
     virtual void setResourceBasedn(const char* rbasedn, SecResourceType rtype = RT_DEFAULT) = 0;
     virtual ILdapConfig* getLdapConfig() = 0;
     virtual bool userInGroup(const char* userdn, const char* groupdn) = 0;
@@ -175,7 +175,7 @@ interface ILdapClient : extends IInterface
     virtual bool changePermission(CPermissionAction& action) = 0;
     virtual void changeUserGroup(const char* action, const char* username, const char* groupname) = 0;
     virtual bool deleteUser(ISecUser* user) = 0;
-    virtual void addGroup(const char* groupname) = 0;
+    virtual void addGroup(const char* groupname, const char * groupOwner, const char * groupDesc) = 0;
     virtual void deleteGroup(const char* groupname) = 0;
     virtual void getGroupMembers(const char* groupname, StringArray & users) = 0;
     virtual void deleteResource(SecResourceType rtype, const char* name, const char* basedn) = 0;

system/security/LdapSecurity/ldapsecurity.cpp

@@ -1124,9 +1124,9 @@ bool CLdapSecManager::updateUserPassword(const char* username, const char* newPa
     return m_ldap_client->updateUserPassword(username, newPassword);
 }
 
-void CLdapSecManager::getAllGroups(StringArray & groups)
+void CLdapSecManager::getAllGroups(StringArray & groups, StringArray & managedBy, StringArray & descriptions)
 {
-    m_ldap_client->getAllGroups(groups);
+    m_ldap_client->getAllGroups(groups, managedBy, descriptions);
 }
 
 bool CLdapSecManager::getPermissionsArray(const char* basedn, SecResourceType rtype, const char* name, IArrayOf<CPermission>& permissions)
@@ -1134,9 +1134,9 @@ bool CLdapSecManager::getPermissionsArray(const char* basedn, SecResourceType rt
     return m_ldap_client->getPermissionsArray(basedn, rtype, name, permissions);
 }
 
-void CLdapSecManager::addGroup(const char* groupname)
+void CLdapSecManager::addGroup(const char* groupname, const char * groupOwner, const char * groupDesc)
 {
-    m_ldap_client->addGroup(groupname);
+    m_ldap_client->addGroup(groupname, groupOwner, groupDesc);
 }
 
 void CLdapSecManager::deleteGroup(const char* groupname)

system/security/LdapSecurity/ldapsecurity.ipp

@@ -387,12 +387,12 @@ public:
     virtual void cacheSwitch(SecResourceType rtype, bool on);
 
     virtual bool getPermissionsArray(const char* basedn, SecResourceType rtype, const char* name, IArrayOf<CPermission>& permissions);
-    virtual void getAllGroups(StringArray & groups);
+    virtual void getAllGroups(StringArray & groups, StringArray & managedBy, StringArray & descriptions);
     virtual void getGroups(const char* username, StringArray & groups);
     virtual bool changePermission(CPermissionAction& action);
     virtual void changeUserGroup(const char* action, const char* username, const char* groupname);
     virtual bool deleteUser(ISecUser* user);
-    virtual void addGroup(const char* groupname);
+    virtual void addGroup(const char* groupname, const char * groupOwner, const char * groupDesc);
     virtual void deleteGroup(const char* groupname);
     virtual void getGroupMembers(const char* groupname, StringArray & users);
     virtual void deleteResource(SecResourceType rtype, const char * name, const char * basedn);

system/security/shared/basesecurity.hpp

@@ -244,7 +244,7 @@ public:
 
     virtual bool updateUserPassword(ISecUser& user, const char* newPassword, const char* currPassword = NULL);
     virtual bool IsPasswordExpired(ISecUser& user){return false;}
-    void getAllGroups(StringArray & groups) { UNIMPLEMENTED;}
+    void getAllGroups(StringArray & groups, StringArray & managedBy, StringArray & descriptions) { UNIMPLEMENTED;}
     
     virtual void deleteResource(SecResourceType rtype, const char * name, const char * basedn)
     {

system/security/shared/seclib.hpp

@@ -289,7 +289,7 @@ interface ISecManager : extends IInterface
     virtual ISecUser * findUser(const char * username) = 0;
     virtual ISecUser * lookupUser(unsigned uid) = 0;
     virtual ISecUserIterator * getAllUsers() = 0;
-    virtual void getAllGroups(StringArray & groups) = 0;
+    virtual void getAllGroups(StringArray & groups, StringArray & managedBy, StringArray & descriptions ) = 0;
     virtual bool updateUserPassword(ISecUser & user, const char * newPassword, const char* currPassword = 0) = 0;
     virtual bool initUser(ISecUser & user) = 0;
     virtual void setExtraParam(const char * name, const char * value) = 0;