diff options
| author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-05-24 16:05:27 +0000 |
|---|---|---|
| committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-05-24 16:05:27 +0000 |
| commit | 6869b7110a50a32f8192fe22307a0117f9901a9f (patch) | |
| tree | 983253110d930d0bca608d1b28382f042cb9cb4d /pki/base/tps | |
| parent | 2ee30190b5c59f7397640efa3db6f36e83d0b4a7 (diff) | |
| download | pki-6869b7110a50a32f8192fe22307a0117f9901a9f.tar.gz pki-6869b7110a50a32f8192fe22307a0117f9901a9f.tar.xz pki-6869b7110a50a32f8192fe22307a0117f9901a9f.zip | |
Bugzilla BZ 707095 - tps delete user operation should check for roles (not have them passed in)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2008 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps')
| -rw-r--r-- | pki/base/tps/src/modules/tokendb/mod_tokendb.cpp | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp index 893591608..a67eee22a 100644 --- a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp +++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp @@ -6876,23 +6876,43 @@ mod_tokendb_handler( request_rec *rq ) RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "do_delete_user", "Success", "Tokendb user authorization"); uid = get_post_field(post, "uid", SHORT_LEN); - opOperator = get_post_field(post, "opOperator", SHORT_LEN); - opAdmin = get_post_field(post, "opAdmin", SHORT_LEN); - opAgent = get_post_field(post, "opAgent", SHORT_LEN); if (uid == NULL) { error_out("Error in delete user. userid is null", "Error in delete user. userid is null"); do_free(buf); do_strfree(uri); do_strfree(query); - do_free(opOperator); - do_free(opAdmin); - do_free(opAgent); return DONE; } - if (opOperator != NULL) { + bool officer = false; + bool agent = false; + bool admin = false; + status = find_tus_user_role_entries( uid, &result ); + for (e = get_first_entry( result ); + e != NULL; + e = get_next_entry( e ) ) { + char *dn = NULL; + dn = get_dn(e); + if (PL_strstr(dn, "Operators")) + officer=true; + if (PL_strstr(dn, "Agents")) + agent = true; + if (PL_strstr(dn, "Administrators")) + admin = true; + if (dn != NULL) { + PL_strfree(dn); + dn=NULL; + } + } + + if (result != NULL) { + free_results( result ); + result = NULL; + } + + if (officer) { status = delete_user_from_role_db_entry(userid, uid, OPERATOR); if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) { PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, OPERATOR); @@ -6900,7 +6920,7 @@ mod_tokendb_handler( request_rec *rq ) } } - if (opAgent != NULL) { + if (agent) { status = delete_user_from_role_db_entry(userid, uid, AGENT); if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) { PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, AGENT); @@ -6908,7 +6928,7 @@ mod_tokendb_handler( request_rec *rq ) } } - if (opAdmin != NULL) { + if (admin) { status = delete_user_from_role_db_entry(userid, uid, ADMINISTRATOR); if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) { PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, ADMINISTRATOR); @@ -6916,10 +6936,6 @@ mod_tokendb_handler( request_rec *rq ) } } - do_free(opOperator); - do_free(opAdmin); - do_free(opAgent); - status = delete_user_db_entry(userid, uid); if ((status != LDAP_SUCCESS) && (status != LDAP_NO_SUCH_OBJECT)) { |