From 6869b7110a50a32f8192fe22307a0117f9901a9f Mon Sep 17 00:00:00 2001
From: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Tue, 24 May 2011 16:05:27 +0000
Subject: Bugzilla BZ 707095 - tps delete user operation should check for roles
 (not have them passed in)

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2008 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 pki/base/tps/src/modules/tokendb/mod_tokendb.cpp | 42 ++++++++++++++++--------
 1 file changed, 29 insertions(+), 13 deletions(-)

(limited to 'pki')

diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
index 893591608..a67eee22a 100644
--- a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
+++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
@@ -6876,23 +6876,43 @@ mod_tokendb_handler( request_rec *rq )
         RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "do_delete_user", "Success", "Tokendb user authorization");
 
         uid = get_post_field(post, "uid", SHORT_LEN);
-        opOperator = get_post_field(post, "opOperator", SHORT_LEN);
-        opAdmin = get_post_field(post, "opAdmin", SHORT_LEN);
-        opAgent = get_post_field(post, "opAgent", SHORT_LEN);
 
         if (uid == NULL) {
             error_out("Error in delete user. userid is null", "Error in delete user. userid is null");
             do_free(buf);
             do_strfree(uri);
             do_strfree(query);
-            do_free(opOperator);
-            do_free(opAdmin);
-            do_free(opAgent);
             
             return DONE;
         }
 
-        if (opOperator != NULL) {
+        bool officer = false;
+        bool agent = false;
+        bool admin = false;
+        status = find_tus_user_role_entries( uid, &result );
+        for (e = get_first_entry( result );
+            e != NULL;
+            e = get_next_entry( e ) ) {
+            char *dn = NULL;
+            dn = get_dn(e);
+            if (PL_strstr(dn, "Operators"))
+                officer=true;
+            if (PL_strstr(dn, "Agents"))
+                agent = true;
+            if (PL_strstr(dn, "Administrators"))
+                admin = true;
+            if (dn != NULL) {
+                PL_strfree(dn);
+                dn=NULL;
+            }
+        }
+
+        if (result != NULL) {
+            free_results( result );
+            result = NULL;
+        }
+
+        if (officer) {
             status = delete_user_from_role_db_entry(userid, uid, OPERATOR);
             if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
                 PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, OPERATOR);
@@ -6900,7 +6920,7 @@ mod_tokendb_handler( request_rec *rq )
             }
         }
 
-        if (opAgent != NULL) {
+        if (agent) {
             status = delete_user_from_role_db_entry(userid, uid, AGENT);
             if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
                 PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, AGENT);
@@ -6908,7 +6928,7 @@ mod_tokendb_handler( request_rec *rq )
             }
         }
 
-        if (opAdmin != NULL) {
+        if (admin) {
             status = delete_user_from_role_db_entry(userid, uid, ADMINISTRATOR);
             if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
                 PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, ADMINISTRATOR);
@@ -6916,10 +6936,6 @@ mod_tokendb_handler( request_rec *rq )
             }
         }
 
-        do_free(opOperator);
-        do_free(opAdmin);
-        do_free(opAgent);
-            
         status = delete_user_db_entry(userid, uid);
 
         if ((status != LDAP_SUCCESS) && (status != LDAP_NO_SUCH_OBJECT)) {
-- 
cgit