From cd84888b1f67a3e5e6f766473ac94559a1b7dc72 Mon Sep 17 00:00:00 2001
From: Michael Spang <mspang@csclub.uwaterloo.ca>
Date: Fri, 30 Jan 2009 22:11:38 -0500
Subject: [PATCH] Forbid adding users who have a group's name

---
 src/addclub.c   |  2 ++
 src/addmember.c |  2 ++
 src/ldap.c      | 22 ++++++++++++++++++++++
 src/ldap.h      |  1 +
 4 files changed, 27 insertions(+)

diff --git a/src/addclub.c b/src/addclub.c
index 0c14c4321..f8d8016be 100644
--- a/src/addclub.c
+++ b/src/addclub.c
@@ -63,6 +63,8 @@ int addclub() {
 
     if (ceo_user_exists(userid))
         deny("user %s already exists in LDAP", userid);
+    if (ceo_group_exists(userid))
+        deny("group %s already exists in LDAP", userid);
 
     if ((id = ceo_new_uid(club_min_id, club_max_id)) <= 0)
         fatal("no available uids in range [%d, %d]", club_min_id, club_max_id);
diff --git a/src/addmember.c b/src/addmember.c
index c2586abff..7decb9ac9 100644
--- a/src/addmember.c
+++ b/src/addmember.c
@@ -72,6 +72,8 @@ int addmember() {
 
     if (ceo_user_exists(userid))
         deny("user %s already exists in LDAP", userid);
+    if (ceo_group_exists(userid))
+        deny("group %s already exists in LDAP", userid);
 
     if ((id = ceo_new_uid(member_min_id, member_max_id)) <= 0)
         fatal("no available uids in range [%d, %d]", member_min_id, member_max_id);
diff --git a/src/ldap.c b/src/ldap.c
index 55334e85b..07bc1448f 100644
--- a/src/ldap.c
+++ b/src/ldap.c
@@ -310,6 +310,28 @@ int ceo_user_exists(char *uid) {
     return count > 0;
 }
 
+int ceo_group_exists(char *cn) {
+    char *attrs[] = { LDAP_NO_ATTRS, NULL };
+    LDAPMessage *msg = NULL;
+    char filter[128];
+    int count;
+
+    if (!cn)
+        fatal("null cd");
+
+    snprintf(filter, sizeof(filter), "cn=%s", cn);
+
+    if (ldap_search_s(ld, groups_base, LDAP_SCOPE_SUBTREE, filter, attrs, 0, &msg) != LDAP_SUCCESS) {
+        ldap_err("group_exists");
+        return -1;
+    }
+
+    count = ldap_count_entries(ld, msg);
+    ldap_msgfree(msg);
+
+    return count > 0;
+}
+
 static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *in) {
     sasl_interact_t *interact = in;
 
diff --git a/src/ldap.h b/src/ldap.h
index 717d4bd6d..b29b68bda 100644
--- a/src/ldap.h
+++ b/src/ldap.h
@@ -9,3 +9,4 @@ void ceo_ldap_init();
 void ceo_ldap_cleanup();
 
 int ceo_user_exists(char *);
+int ceo_group_exists(char *);