Implement delete users and groups

Implement adding a group to a group Some other small fixups Add new cmd-line tool ipa-delgroup
author: rcritten@redhat.com <rcritten@redhat.com> 2007-08-28 13:52:08 -0400
committer: rcritten@redhat.com <rcritten@redhat.com> 2007-08-28 13:52:08 -0400
commit: eebaa73d3df425e309893d30f1f9dd6f43124439 (patch)
tree: 6573ea718a36cf5306fd36cc13059d3523038c27
parent: 6eea6664e079d187c3b0420b4283af35205d3b03 (diff)
download: freeipa-eebaa73d3df425e309893d30f1f9dd6f43124439.tar.gz
freeipa-eebaa73d3df425e309893d30f1f9dd6f43124439.tar.xz
freeipa-eebaa73d3df425e309893d30f1f9dd6f43124439.zip
8 files changed, 227 insertions, 10 deletions
diff --git a/ipa-admintools/ipa-delgroup b/ipa-admintools/ipa-delgroup
new file mode 100644
index 000000000..50967a49b
--- /dev/null
+++ b/ipa-admintools/ipa-delgroup
@@ -0,0 +1,69 @@
+#! /usr/bin/python -E
+# Authors: Rob Crittenden <rcritten@redhat.com>
+#
+# Copyright (C) 2007  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+from optparse import OptionParser
+import ipa
+import ipa.ipaclient as ipaclient
+import ipa.config
+
+import xmlrpclib
+import kerberos
+
+def usage():
+    print "ipa-delgroup group"
+    sys.exit(1)
+
+def parse_options():
+    parser = OptionParser()
+    parser.add_option("--usage", action="store_true",
+                      help="Program usage")
+
+    args = ipa.config.init_config(sys.argv)
+    options, args = parser.parse_args(args)
+
+    return options, args
+
+def main():
+    options, args = parse_options()
+
+    if len(args) != 2:
+        usage()
+
+    try:
+        client = ipaclient.IPAClient()
+        ret = client.delete_group(args[1])
+        if (ret == "Success"):
+            print args[1] + " successfully deleted"
+        else:
+            print args[1] + " " + ret
+    except xmlrpclib.Fault, f:
+        print f.faultString
+        return 1
+    except kerberos.GSSError, e:
+        print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+        return 1
+    except xmlrpclib.ProtocolError, e:
+        print "Unable to connect to IPA server: %s" % (e.errmsg)
+        return 1
+
+    return 0
+
+main()
diff --git a/ipa-admintools/ipa-deluser b/ipa-admintools/ipa-deluser
index 10d248062..bcee2afd9 100644
--- a/ipa-admintools/ipa-deluser
+++ b/ipa-admintools/ipa-deluser
@@ -28,7 +28,7 @@ import xmlrpclib
 import kerberos
 
 def usage():
-    print "ipa-adduser user"
+    print "ipa-deluser user"
     sys.exit(1)
 
 def parse_options():
diff --git a/ipa-admintools/ipa-groupmod b/ipa-admintools/ipa-groupmod
index eea96b43a..f3de92637 100644
--- a/ipa-admintools/ipa-groupmod
+++ b/ipa-admintools/ipa-groupmod
@@ -58,7 +58,6 @@ def main():
     group=ipa.group.Group()
     options, args = parse_options()
 
-    print "len = ", len(args)
     if (options.add or options.remove) and (len(args) != 3):
         usage()
     if (options.desc and (len(args) != 2)):
@@ -68,7 +67,7 @@ def main():
         client = ipaclient.IPAClient()
         if options.add:
             client.add_user_to_group(args[1], args[2])
-            print args[1] + " successfully added"
+            print args[1] + " successfully added to " + args[2]
         elif options.remove:
             client.remove_user_from_group(args[1], args[2])
             print args[1] + " successfully removed"
diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py
index 71def70fd..9fd51db36 100644
--- a/ipa-python/ipaclient.py
+++ b/ipa-python/ipaclient.py
@@ -113,6 +113,14 @@ class IPAClient:
         result = self.transport.update_user(user.origDataDict(), user.toDict())
         return result
 
+    def delete_user(self,uid):
+        """Delete a user entry."""
+
+        realm = config.config.get_realm()
+
+        result = self.transport.delete_user(uid)
+        return result
+
     def mark_user_deleted(self,uid):
         """Set a user as inactive by uid."""
 
@@ -202,7 +210,17 @@ class IPAClient:
     def update_group(self,group):
         """Update a group entry."""
 
-        realm = config.config.get_realm()
+        return self.transport.update_group(group.origDataDict(), group.toDict())
 
-        result = self.transport.update_group(group.origDataDict(), group.toDict())
-        return result
+    def delete_group(self,group_cn):
+        """Delete a group entry."""
+
+        return self.transport.delete_group(group_cn)
+
+    def add_group_to_group(self, group_cn, tgroup_cn):
+        """Add a group to an existing group.
+           group_cn is a cn of the group to add
+           tgroup_cn is the cn of the group to be added to
+        """
+
+        return self.transport.add_group_to_group(group_cn, tgroup_cn)
diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py
index 3e5bb113a..7d41caee1 100644
--- a/ipa-python/rpcclient.py
+++ b/ipa-python/rpcclient.py
@@ -181,6 +181,19 @@ class RPCClient:
 
         return ipautil.unwrap_binary_data(result)
 
+    def delete_user(self,uid):
+        """Delete a user. uid is the uid of the user to delete."""
+        server = self.setup_server()
+    
+        try:
+            result = server.delete_user(uid)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+
+        return result
+
     def mark_user_deleted(self,uid):
         """Mark a user as deleted/inactive"""
         server = self.setup_server()
@@ -344,3 +357,31 @@ class RPCClient:
             raise xmlrpclib.Fault(value, msg)
 
         return ipautil.unwrap_binary_data(result)
+
+    def delete_group(self,group_cn):
+        """Delete a group. group_cn is the cn of the group to be deleted."""
+        server = self.setup_server()
+    
+        try:
+            result = server.delete_group(group_cn)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+
+        return ipautil.unwrap_binary_data(result)
+
+    def add_group_to_group(self, group_cn, tgroup_cn):
+        """Add a group to an existing group.
+           group_cn is a cn of the group to add
+           tgroup_cn is the cn of the group to be added to
+        """
+        server = self.setup_server()
+        try:
+            result = server.add_group_to_group(group_cn, tgroup_cn)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+    
+        return ipautil.unwrap_binary_data(result)
diff --git a/ipa-server/ipaserver/ipaldap.py b/ipa-server/ipaserver/ipaldap.py
index 344e6dc3a..188d9be53 100644
--- a/ipa-server/ipaserver/ipaldap.py
+++ b/ipa-server/ipaserver/ipaldap.py
@@ -389,6 +389,18 @@ class IPAdmin(SimpleLDAPObject):
             raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
         return "Success"
 
+    def deleteEntry(self,*args):
+        """This wraps the delete function. Use with caution."""
+
+        sctrl = self.__get_server_controls__()
+
+        try:
+            self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
+            self.delete_s(*args)
+        except ldap.LDAPError, e:
+            raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
+        return "Success"
+
     def __wrapmethods(self):
         """This wraps all methods of SimpleLDAPObject, so that we can intercept
         the methods that deal with entries.  Instead of using a raw list of tuples
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index fe48a1ffa..0a8952b05 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -466,6 +466,29 @@ class IPAServer:
             _LDAPPool.releaseConn(m1)
         return res
 
+    def delete_user (self, uid, opts=None):
+        """Delete a user. Not to be confused with inactivate_user. This
+           makes the entry go away completely.
+
+           uid is the uid of the user to delete
+
+           The memberOf plugin handles removing the user from any other
+           groups.
+        """
+        if opts:
+            self.set_principal(opts['remoteuser'])
+
+        dn = self.get_dn_from_principal(self.princ)
+
+        user_dn = self.get_user_by_uid(uid, ['dn', 'uid', 'objectclass'], opts)
+        if user_dn is None:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+        m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn)
+        res = m1.deleteEntry(user_dn['dn'])
+        _LDAPPool.releaseConn(m1)
+        return res
+
 # Group support
 
     def __is_group_unique(self, cn, opts):
@@ -473,11 +496,10 @@ class IPAServer:
         cn = self.__safe_filter(cn)
         filter = "(&(cn=%s)(objectclass=posixGroup))" % cn
  
-        entry = self.__get_entry(self.basedn, filter, ['dn','cn'], opts)
-
-        if entry is not None:
+        try:
+            entry = self.__get_entry(self.basedn, filter, ['dn','cn'], opts)
             return 0
-        else:
+        except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
             return 1
 
     def get_group_by_cn (self, cn, sattrs=None, opts=None):
@@ -681,6 +703,59 @@ class IPAServer:
         """Update a group in LDAP"""
         return self.__update_entry(oldgroup, newgroup, opts)
 
+    def delete_group (self, group_cn, opts=None):
+        """Delete a group
+           group_cn is the cn of the group to delete
+
+           The memberOf plugin handles removing the group from any other
+           groups.
+        """
+        if opts:
+            self.set_principal(opts['remoteuser'])
+
+        dn = self.get_dn_from_principal(self.princ)
+
+        group = self.get_group_by_cn(group_cn, ['dn', 'cn'], opts)
+
+        if len(group) != 1:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+        m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn)
+        res = m1.deleteEntry(group[0]['dn'])
+        _LDAPPool.releaseConn(m1)
+        return res
+
+    def add_group_to_group(self, group, tgroup, opts=None):
+        """Add a user to an existing group.
+           group is a cn of the group to add
+           tgroup is the cn of the group to be added to
+        """
+
+        if opts:
+            self.set_principal(opts['remoteuser'])
+
+        old_group = self.get_group_by_cn(tgroup, None, opts)
+        if old_group is None:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+        new_group = copy.deepcopy(old_group)
+
+        group_dn = self.get_group_by_cn(group, ['dn', 'cn', 'objectclass'], opts)
+        if group_dn is None:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+        if new_group.get('uniquemember') is not None:
+            if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))):
+                new_group['uniquemember'] = [new_group['uniquemember']]
+            new_group['uniquemember'].append(group_dn['dn'])
+        else:
+            new_group['uniquemember'] = group_dn['dn']
+
+        try:
+            ret = self.__update_entry(old_group, new_group, opts)
+        except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST):
+            raise
+        return ret
+
 def ldap_search_escape(match):
     """Escapes out nasty characters from the ldap search.
     See RFC 2254."""
diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py
index 16ced2cda..5dc60b51b 100644
--- a/ipa-server/xmlrpc-server/ipaxmlrpc.py
+++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py
@@ -300,6 +300,7 @@ def handler(req, profiling=False):
             h.register_function(f.get_all_users)
             h.register_function(f.find_users)
             h.register_function(f.update_user)
+            h.register_function(f.delete_user)
             h.register_function(f.mark_user_deleted)
             h.register_function(f.get_group_by_cn)
             h.register_function(f.get_group_by_dn)
@@ -307,9 +308,11 @@ def handler(req, profiling=False):
             h.register_function(f.find_groups)
             h.register_function(f.add_user_to_group)
             h.register_function(f.add_users_to_group)
+            h.register_function(f.add_group_to_group)
             h.register_function(f.remove_user_from_group)
             h.register_function(f.remove_users_from_group)
             h.register_function(f.update_group)
+            h.register_function(f.delete_group)
             h.handle_request(req)
         finally:
              pass
author	rcritten@redhat.com <rcritten@redhat.com>	2007-08-28 13:52:08 -0400
committer	rcritten@redhat.com <rcritten@redhat.com>	2007-08-28 13:52:08 -0400
commit	eebaa73d3df425e309893d30f1f9dd6f43124439 (patch)
tree	6573ea718a36cf5306fd36cc13059d3523038c27
parent	6eea6664e079d187c3b0420b4283af35205d3b03 (diff)
download	freeipa-eebaa73d3df425e309893d30f1f9dd6f43124439.tar.gz freeipa-eebaa73d3df425e309893d30f1f9dd6f43124439.tar.xz freeipa-eebaa73d3df425e309893d30f1f9dd6f43124439.zip