diff options
author | Simo Sorce <ssorce@redhat.com> | 2009-03-06 03:11:20 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-03-06 11:13:07 -0500 |
commit | 0aae1a691b1037156ce3907ea5777e568e30201c (patch) | |
tree | f7ef06f0207e9e25b924605c4c866c4c980b5154 /server | |
parent | 6b06539cfd1e95bfefe3e8bc107d2b85fff97109 (diff) | |
download | sssd-0aae1a691b1037156ce3907ea5777e568e30201c.tar.gz sssd-0aae1a691b1037156ce3907ea5777e568e30201c.tar.xz sssd-0aae1a691b1037156ce3907ea5777e568e30201c.zip |
Add userspace tools to manipulate accounts.
The first functional command is sss_useradd
(Name is temporary, while looking for a better one)
Diffstat (limited to 'server')
-rw-r--r-- | server/Makefile.in | 3 | ||||
-rw-r--r-- | server/db/sysdb.c | 2 | ||||
-rw-r--r-- | server/server.mk | 20 | ||||
-rw-r--r-- | server/tools/sss_useradd.c | 413 | ||||
-rw-r--r-- | server/tools/tools_util.c | 196 | ||||
-rw-r--r-- | server/tools/tools_util.h | 21 |
6 files changed, 654 insertions, 1 deletions
diff --git a/server/Makefile.in b/server/Makefile.in index 7a576e4a1..39b6306f3 100644 --- a/server/Makefile.in +++ b/server/Makefile.in @@ -117,7 +117,8 @@ endif ifneq (x$(HAVE_POLICYKIT), x) LIBEXECBINS += sbin/sssd_pk endif -BINS = sbin/sssd $(LIBEXECBINS) +TOOLSBINS = sbin/sss_useradd +BINS = sbin/sssd $(LIBEXECBINS) $(TOOLSBINS) ifneq (x$(HAVE_TESTS), x) TESTS = tests/sysdb-tests tests/infopipe-tests diff --git a/server/db/sysdb.c b/server/db/sysdb.c index bdc7588fe..1268d9390 100644 --- a/server/db/sysdb.c +++ b/server/db/sysdb.c @@ -153,6 +153,8 @@ int sysdb_error_to_errno(int ldberr) return ENOENT; case LDB_ERR_BUSY: return EBUSY; + case LDB_ERR_ENTRY_ALREADY_EXISTS: + return EEXIST; default: return EFAULT; } diff --git a/server/server.mk b/server/server.mk index cd3b19adf..af052f454 100644 --- a/server/server.mk +++ b/server/server.mk @@ -75,6 +75,21 @@ $(LDAP_BE_OBJ): CFLAGS += $(LDAP_CFLAGS) $(CRYPT_OBJ): CFLAGS += $(NSS_CFLAGS) +TOOLS_OBJ = \ + tools/tools_util.o + +USERADD_OBJ = \ + tools/sss_useradd.o + +USERDEL_OBJ = \ + tools/sss_userdel.o + +GROUPADD_OBJ = \ + tools/sss_groupadd.o + +GROUPDEL_OBJ = \ + tools/sss_groupdel.o + sbin/sssd: $(SERVER_OBJ) $(UTIL_OBJ) $(CC) -o sbin/sssd $(SERVER_OBJ) $(UTIL_OBJ) $(LDFLAGS) $(LIBS) @@ -114,3 +129,8 @@ tests/sysdb-tests: $(SYSDB_TEST_OBJ) $(UTIL_OBJ) tests/infopipe-tests: $(INFP_TEST_OBJ) $(UTIL_OBJ) $(CC) -o tests/infopipe-tests $(INFP_TEST_OBJ) $(UTIL_OBJ) $(LDFLAGS) $(LIBS) $(CHECK_LIBS) + +#Tools +sbin/sss_useradd: $(USERADD_OBJ) $(TOOLS_OBJ) $(UTIL_OBJ) + $(CC) -o tools/sss_useradd $(USERADD_OBJ) $(TOOLS_OBJ) $(UTIL_OBJ) $(LDFLAGS) $(LIBS) + diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c new file mode 100644 index 000000000..2cf7826eb --- /dev/null +++ b/server/tools/sss_useradd.c @@ -0,0 +1,413 @@ +/* + SSSD + + sss_useradd + + Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2009 + Copyright (C) Simo Sorce <ssorce@redhat.com> 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <stdio.h> +#include <stdlib.h> +#include <talloc.h> +#include <popt.h> +#include <errno.h> +#include <sys/types.h> + +#include "util/util.h" +#include "db/sysdb.h" +#include "tools/tools_util.h" + +struct user_add_ctx { + struct sysdb_req *sysreq; + + struct sss_domain_info *domain; + struct tools_ctx *ctx; + + const char *username; + uid_t uid; + gid_t gid; + char *gecos; + char *home; + char *shell; + + char **groups; + int cur; + + int error; + bool done; +}; + +/* FIXME: avoid using strtok !! */ +static int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out) +{ + char **out; + char *orig, *n, *o; + char delim = ','; + unsigned int tokens = 1; + int i; + + orig = talloc_strdup(mem_ctx, optstr); + if (!orig) return ENOMEM; + + n = orig; + tokens = 1; + while ((n = strchr(n, delim))) tokens++; + + out = talloc_array(mem_ctx, char *, tokens+1); + if (!out) { + talloc_free(orig); + return ENOMEM; + } + + n = orig; + for (i = 0; i < tokens; i++) { + o = n; + n = strchr(n, delim); + if (!n) { + talloc_free(orig); + return ERANGE; + } + *n = '\0'; + n++; + out[i] = talloc_strdup(out, o); + } + out[tokens] = NULL; + + talloc_free(orig); + *_out = out; + return EOK; +} + +struct fetch_group { + gid_t gid; + int error; + bool done; +}; + +static void get_gid_callback(void *ptr, int error, struct ldb_result *res) +{ + struct fetch_group *data = talloc_get_type(ptr, struct fetch_group); + + data->done = true; + + if (error) { + data->error = error; + return; + } + + switch (res->count) { + case 0: + data->error = ENOENT; + break; + + case 1: + data->gid = ldb_msg_find_attr_as_uint(res->msgs[0], SYSDB_GIDNUM, 0); + break; + + default: + data->error = EFAULT; + break; + } +} + +/* Returns a gid for a given groupname. If a numerical gid + * is given, returns that as integer (rationale: shadow-utils) + * On error, returns -EINVAL + */ +static int get_gid(struct tools_ctx *ctx, const char *groupname, gid_t *_gid) +{ + struct fetch_group *data = NULL; + char *end_ptr; + gid_t gid; + int ret; + + errno = 0; + gid = strtoul(groupname, &end_ptr, 10); + if (groupname == '\0' || *end_ptr != '\0' || errno != 0) { + /* Does not look like a gid - find the group name */ + + data = talloc_zero(ctx, struct fetch_group); + if (!data) return ENOMEM; + + ret = sysdb_getgrnam(data, ctx->sysdb, + "LOCAL", groupname, false, + get_gid_callback, data); + if (ret != EOK) { + DEBUG(0, ("sysdb_getgrnam failed: %d\n", ret)); + goto done; + } + + while (!data->done) { + tevent_loop_once(ctx->ev); + } + + if (data->error) { + ret = data->error; + goto done; + } + + gid = data->gid; + } + + if (gid == 0) { + ret = ERANGE; + } else { + *_gid = gid; + } + +done: + talloc_free(data); + return ret; +} + +static void add_to_groups(void *, int, struct ldb_result *); + +/* sysdb callback */ +static void add_user_done(void *pvt, int error, struct ldb_result *ignore) +{ + struct user_add_ctx *data = talloc_get_type(pvt, struct user_add_ctx); + + data->done = true; + + sysdb_transaction_done(data->sysreq, error); + + if (error) + data->error = error; +} + +/* sysdb_req_fn_t */ +static void add_user(struct sysdb_req *req, void *pvt) +{ + struct user_add_ctx *user_ctx; + int ret; + + user_ctx = talloc_get_type(pvt, struct user_add_ctx); + user_ctx->sysreq = req; + + ret = sysdb_add_user(req, user_ctx->domain, + user_ctx->username, + user_ctx->uid, + user_ctx->gid, + user_ctx->gecos, + user_ctx->home, + user_ctx->shell, + add_to_groups, user_ctx); + + if (ret != EOK) + add_user_done(user_ctx, ret, NULL); +} + +static void add_to_groups(void *pvt, int error, struct ldb_result *ignore) +{ + struct user_add_ctx *user_ctx = talloc_get_type(pvt, struct user_add_ctx); + struct ldb_dn *group_dn; + struct ldb_dn *user_dn; + int ret; + + if (error) { + add_user_done(pvt, error, NULL); + return; + } + + /* check if we added all of them */ + if (user_ctx->groups == NULL || + user_ctx->groups[user_ctx->cur] == NULL) { + add_user_done(user_ctx, EOK, NULL); + return; + } + + user_dn = sysdb_user_dn(user_ctx->ctx->sysdb, user_ctx, + user_ctx->domain->name, user_ctx->username); + if (!user_dn) { + add_user_done(pvt, ENOMEM, NULL); + return; + } + + group_dn = sysdb_group_dn(user_ctx->ctx->sysdb, user_ctx, + user_ctx->domain->name, + user_ctx->groups[user_ctx->cur]); + if (!group_dn) { + add_user_done(pvt, ENOMEM, NULL); + return; + } + + ret = sysdb_add_group_member(user_ctx->sysreq, + user_dn, group_dn, + add_to_groups, user_ctx); + if (ret != EOK) + add_user_done(user_ctx, ret, NULL); +} + +int main(int argc, const char **argv) +{ + uid_t pc_uid = 0; + const char *pc_group = NULL; + const char *pc_gecos = NULL; + const char *pc_home = NULL; + const char *pc_shell = NULL; + struct poptOption long_options[] = { + POPT_AUTOHELP + { "uid", 'u', POPT_ARG_INT, &pc_uid, 0, "The UID of the user", NULL }, + { "gid", 'g', POPT_ARG_STRING, &pc_group, 0, "The GID or group name of the user", NULL }, + { "gecos", 'c', POPT_ARG_STRING, &pc_gecos, 0, "The comment string", NULL }, + { "home", 'h', POPT_ARG_STRING, &pc_home, 0, "Home directory", NULL }, + { "shell", 's', POPT_ARG_STRING, &pc_shell, 0, "Login shell", NULL }, + { "groups", 'G', POPT_ARG_STRING, NULL, 0, "Groups", NULL }, + POPT_TABLEEND + }; + poptContext pc; + struct user_add_ctx *user_ctx = NULL; + struct tools_ctx *ctx; + char *groups; + int ret; + + debug_prg_name = argv[0]; + + ret = setup_db(&ctx); + if (ret != EOK) { + DEBUG(0, ("Could not set up database\n")); + ret = EXIT_FAILURE; + goto fini; + } + + user_ctx = talloc_zero(ctx, struct user_add_ctx); + if (user_ctx == NULL) { + DEBUG(0, ("Could not allocate memory for user_ctx context\n")); + return ENOMEM; + } + user_ctx->ctx = ctx; + + /* parse user_ctx */ + pc = poptGetContext(NULL, argc, argv, long_options, 0); + poptSetOtherOptionHelp(pc, "USERNAME"); + while ((ret = poptGetNextOpt(pc)) > 0) { + if (ret == 'G') { + groups = poptGetOptArg(pc); + if (!groups) { + ret = -1; + break; + } + + ret = parse_groups(ctx, groups, &user_ctx->groups); + free(groups); + if (ret != EOK) { + break; + } + } + } + + if(ret != -1) { + usage(pc, poptStrerror(ret)); + ret = EXIT_FAILURE; + goto fini; + } + + /* username is an argument without --option */ + user_ctx->username = poptGetArg(pc); + if (user_ctx->username == NULL) { + usage(pc, "Specify user to add\n"); + ret = EXIT_FAILURE; + goto fini; + } + + /* Same as shadow-utils useradd, -g can specify gid or group name */ + if (pc_group != NULL) { + ret = get_gid(ctx, pc_group, &user_ctx->gid); + if (ret != EOK) { + ret = EXIT_FAILURE; + goto fini; + } + } + + user_ctx->uid = pc_uid; + + /* + * Fills in defaults for user_ctx user did not specify. + * FIXME - Should this originate from the confdb or another config? + */ + if (!pc_gecos) { + pc_gecos = user_ctx->username; + } + user_ctx->gecos = talloc_strdup(user_ctx, pc_gecos); + if (!user_ctx->gecos) { + ret = EXIT_FAILURE; + goto fini; + } + + if (pc_home) { + user_ctx->home = talloc_strdup(user_ctx, pc_home); + } else { + user_ctx->home = talloc_asprintf(user_ctx, "/home/%s", user_ctx->username); + } + if (!user_ctx->home) { + ret = EXIT_FAILURE; + goto fini; + } + + if (!pc_shell) { + pc_shell = "/bin/bash"; + } + user_ctx->shell = talloc_strdup(user_ctx, pc_shell); + if (!user_ctx->shell) { + ret = EXIT_FAILURE; + goto fini; + } + + /* arguments processed, go on to actual work */ + + user_ctx->domain = btreemap_get_value(ctx->domains, "LOCAL"); + if (user_ctx->domain == NULL) { + DEBUG(0, ("Could not set default values\n")); + ret = EXIT_FAILURE; + goto fini; + } + + /* Check MPG constraints */ + ret = check_user_name_unique(ctx, user_ctx->username); + if (ret != EOK) { + DEBUG(0, ("Could not add user - name not unique\n")); + ret = EXIT_FAILURE; + goto fini; + } + + /* useradd */ + ret = sysdb_transaction(ctx, ctx->sysdb, add_user, user_ctx); + if (ret != EOK) { + DEBUG(0, ("Could not start transaction (%d)[%s]\n", + ret, strerror(ret))); + ret = EXIT_FAILURE; + goto fini; + } + + while (!user_ctx->done) { + tevent_loop_once(ctx->ev); + } + + if (user_ctx->error) { + ret = user_ctx->error; + DEBUG(0, ("Operation failed (%d)[%s]\n", ret, strerror(ret))); + ret = EXIT_FAILURE; + goto fini; + } + + ret = EXIT_SUCCESS; + +fini: + poptFreeContext(pc); + talloc_free(ctx); + exit(ret); +} diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c new file mode 100644 index 000000000..241e1f9a1 --- /dev/null +++ b/server/tools/tools_util.c @@ -0,0 +1,196 @@ +/* + SSSD + + tools_utils.c + + Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <talloc.h> +#include <tevent.h> +#include <popt.h> + +#include "util/util.h" +#include "confdb/confdb.h" +#include "db/sysdb.h" +#include "tools/tools_util.h" + +/* Even in LOCAL database, we must enforce MPG. That means enforcing the following rules: + * + * 1. Users and groups must share the same name space. There can never be + * a real group that has the same name of a real user. + * 2. Users and Groups must share the same ID space a group can never have + * a gidNumber that is numerically equal to a uidNumber Otherwise the + * user MPG will conflict with said group. + */ + +struct ucheck { + bool done; + bool dup; + int error; +}; + +void check_unique_callback(void *ptr, int error, struct ldb_result *res) +{ + struct ucheck *data = talloc_get_type(ptr, struct ucheck); + + data->done = true; + + if (error) { + data->error = error; + } + + if (res->count != 0) { + data->dup = true; + } +} + +int check_user_name_unique(struct tools_ctx *ctx, const char *name) +{ + struct ucheck *data; + int ret = EOK; + + data = talloc_zero(NULL, struct ucheck); + if (!data) return ENOMEM; + + ret = sysdb_getgrnam(data, ctx->sysdb, + "LOCAL", name, false, + check_unique_callback, data); + if (ret != EOK) { + DEBUG(1, ("sysdb_getgrnam failed: %d\n", ret)); + goto done; + } + + while (!data->done) { + tevent_loop_once(ctx->ev); + } + + if (data->error) { + ret = data->error; + goto done; + } + + if (data->dup) { + ret = EEXIST; + } + +done: + talloc_free(data); + return ret; +} + +int check_group_name_unique(struct tools_ctx *ctx, const char *name) +{ + struct ucheck *data; + int ret; + + data = talloc_zero(NULL, struct ucheck); + if (!data) return ENOMEM; + + ret = sysdb_getpwnam(data, ctx->sysdb, + "LOCAL", name, false, + check_unique_callback, data); + if (ret != EOK) { + DEBUG(1, ("sysdb_getgrnam failed: %d\n", ret)); + goto done; + } + + while (!data->done) { + tevent_loop_once(ctx->ev); + } + + if (data->error) { + ret = data->error; + goto done; + } + + if (data->dup) { + ret = EEXIST; + } + +done: + talloc_free(data); + return ret; +} + +int setup_db(struct tools_ctx **tools_ctx) +{ + TALLOC_CTX *tmp_ctx; + char *confdb_path; + struct tools_ctx *ctx; + int ret; + + ctx = talloc_zero(NULL, struct tools_ctx); + if (ctx == NULL) { + DEBUG(1, ("Could not allocate memory for tools context")); + return ENOMEM; + } + + /* Create the event context */ + ctx->ev = tevent_context_init(ctx); + if (ctx->ev == NULL) { + DEBUG(1, ("Could not create event context")); + talloc_free(ctx); + return EIO; + } + + tmp_ctx = talloc_new(ctx); + if (!tmp_ctx) + return ENOMEM; + + confdb_path = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, CONFDB_FILE); + if (confdb_path == NULL) { + talloc_free(ctx); + return ENOMEM; + } + + /* Connect to the conf db */ + ret = confdb_init(ctx, ctx->ev, &ctx->confdb, confdb_path); + if (ret != EOK) { + DEBUG(1, ("Could not initialize connection to the confdb")); + talloc_free(ctx); + return ret; + } + + ret = confdb_get_domains(ctx->confdb, ctx, &ctx->domains); + if (ret != EOK) { + DEBUG(1, ("Could not get domains")); + talloc_free(ctx); + return ret; + } + + /* open sysdb at default path */ + ret = sysdb_init(ctx, ctx->ev, ctx->confdb, NULL, &ctx->sysdb); + if (ret != EOK) { + DEBUG(1, ("Could not initialize connection to the sysdb")); + talloc_free(ctx); + return ret; + } + + talloc_free(tmp_ctx); + *tools_ctx = ctx; + return EOK; +} + +/* + * Print poptUsage as well as our error message + */ +void usage(poptContext pc, const char *error) +{ + poptPrintUsage(pc, stderr, 0); + if (error) fprintf(stderr, "%s", error); +} + diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h new file mode 100644 index 000000000..cf0e1fe92 --- /dev/null +++ b/server/tools/tools_util.h @@ -0,0 +1,21 @@ +#ifndef __TOOLS_UTIL_H__ +#define __TOOLS_UTIL_H__ + +#define UID_NOT_SET 0 +#define GID_NOT_SET 0 + +struct tools_ctx { + struct tevent_context *ev; + struct confdb_ctx *confdb; + struct sysdb_ctx *sysdb; + + struct btreemap *domains; +}; + +int check_user_name_unique(struct tools_ctx *ctx, const char *name); +int check_group_name_unique(struct tools_ctx *ctx, const char *name); +int setup_db(struct tools_ctx **ctx); + +void usage(poptContext pc, const char *error); + +#endif /* __TOOLS_UTIL_H__ */ |