summaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-03-06 03:11:20 -0500
committerStephen Gallagher <sgallagh@redhat.com>2009-03-06 11:13:07 -0500
commit0aae1a691b1037156ce3907ea5777e568e30201c (patch)
treef7ef06f0207e9e25b924605c4c866c4c980b5154 /server
parent6b06539cfd1e95bfefe3e8bc107d2b85fff97109 (diff)
downloadsssd-0aae1a691b1037156ce3907ea5777e568e30201c.tar.gz
sssd-0aae1a691b1037156ce3907ea5777e568e30201c.tar.xz
sssd-0aae1a691b1037156ce3907ea5777e568e30201c.zip
Add userspace tools to manipulate accounts.
The first functional command is sss_useradd (Name is temporary, while looking for a better one)
Diffstat (limited to 'server')
-rw-r--r--server/Makefile.in3
-rw-r--r--server/db/sysdb.c2
-rw-r--r--server/server.mk20
-rw-r--r--server/tools/sss_useradd.c413
-rw-r--r--server/tools/tools_util.c196
-rw-r--r--server/tools/tools_util.h21
6 files changed, 654 insertions, 1 deletions
diff --git a/server/Makefile.in b/server/Makefile.in
index 7a576e4a1..39b6306f3 100644
--- a/server/Makefile.in
+++ b/server/Makefile.in
@@ -117,7 +117,8 @@ endif
ifneq (x$(HAVE_POLICYKIT), x)
LIBEXECBINS += sbin/sssd_pk
endif
-BINS = sbin/sssd $(LIBEXECBINS)
+TOOLSBINS = sbin/sss_useradd
+BINS = sbin/sssd $(LIBEXECBINS) $(TOOLSBINS)
ifneq (x$(HAVE_TESTS), x)
TESTS = tests/sysdb-tests tests/infopipe-tests
diff --git a/server/db/sysdb.c b/server/db/sysdb.c
index bdc7588fe..1268d9390 100644
--- a/server/db/sysdb.c
+++ b/server/db/sysdb.c
@@ -153,6 +153,8 @@ int sysdb_error_to_errno(int ldberr)
return ENOENT;
case LDB_ERR_BUSY:
return EBUSY;
+ case LDB_ERR_ENTRY_ALREADY_EXISTS:
+ return EEXIST;
default:
return EFAULT;
}
diff --git a/server/server.mk b/server/server.mk
index cd3b19adf..af052f454 100644
--- a/server/server.mk
+++ b/server/server.mk
@@ -75,6 +75,21 @@ $(LDAP_BE_OBJ): CFLAGS += $(LDAP_CFLAGS)
$(CRYPT_OBJ): CFLAGS += $(NSS_CFLAGS)
+TOOLS_OBJ = \
+ tools/tools_util.o
+
+USERADD_OBJ = \
+ tools/sss_useradd.o
+
+USERDEL_OBJ = \
+ tools/sss_userdel.o
+
+GROUPADD_OBJ = \
+ tools/sss_groupadd.o
+
+GROUPDEL_OBJ = \
+ tools/sss_groupdel.o
+
sbin/sssd: $(SERVER_OBJ) $(UTIL_OBJ)
$(CC) -o sbin/sssd $(SERVER_OBJ) $(UTIL_OBJ) $(LDFLAGS) $(LIBS)
@@ -114,3 +129,8 @@ tests/sysdb-tests: $(SYSDB_TEST_OBJ) $(UTIL_OBJ)
tests/infopipe-tests: $(INFP_TEST_OBJ) $(UTIL_OBJ)
$(CC) -o tests/infopipe-tests $(INFP_TEST_OBJ) $(UTIL_OBJ) $(LDFLAGS) $(LIBS) $(CHECK_LIBS)
+
+#Tools
+sbin/sss_useradd: $(USERADD_OBJ) $(TOOLS_OBJ) $(UTIL_OBJ)
+ $(CC) -o tools/sss_useradd $(USERADD_OBJ) $(TOOLS_OBJ) $(UTIL_OBJ) $(LDFLAGS) $(LIBS)
+
diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c
new file mode 100644
index 000000000..2cf7826eb
--- /dev/null
+++ b/server/tools/sss_useradd.c
@@ -0,0 +1,413 @@
+/*
+ SSSD
+
+ sss_useradd
+
+ Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2009
+ Copyright (C) Simo Sorce <ssorce@redhat.com> 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <talloc.h>
+#include <popt.h>
+#include <errno.h>
+#include <sys/types.h>
+
+#include "util/util.h"
+#include "db/sysdb.h"
+#include "tools/tools_util.h"
+
+struct user_add_ctx {
+ struct sysdb_req *sysreq;
+
+ struct sss_domain_info *domain;
+ struct tools_ctx *ctx;
+
+ const char *username;
+ uid_t uid;
+ gid_t gid;
+ char *gecos;
+ char *home;
+ char *shell;
+
+ char **groups;
+ int cur;
+
+ int error;
+ bool done;
+};
+
+/* FIXME: avoid using strtok !! */
+static int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out)
+{
+ char **out;
+ char *orig, *n, *o;
+ char delim = ',';
+ unsigned int tokens = 1;
+ int i;
+
+ orig = talloc_strdup(mem_ctx, optstr);
+ if (!orig) return ENOMEM;
+
+ n = orig;
+ tokens = 1;
+ while ((n = strchr(n, delim))) tokens++;
+
+ out = talloc_array(mem_ctx, char *, tokens+1);
+ if (!out) {
+ talloc_free(orig);
+ return ENOMEM;
+ }
+
+ n = orig;
+ for (i = 0; i < tokens; i++) {
+ o = n;
+ n = strchr(n, delim);
+ if (!n) {
+ talloc_free(orig);
+ return ERANGE;
+ }
+ *n = '\0';
+ n++;
+ out[i] = talloc_strdup(out, o);
+ }
+ out[tokens] = NULL;
+
+ talloc_free(orig);
+ *_out = out;
+ return EOK;
+}
+
+struct fetch_group {
+ gid_t gid;
+ int error;
+ bool done;
+};
+
+static void get_gid_callback(void *ptr, int error, struct ldb_result *res)
+{
+ struct fetch_group *data = talloc_get_type(ptr, struct fetch_group);
+
+ data->done = true;
+
+ if (error) {
+ data->error = error;
+ return;
+ }
+
+ switch (res->count) {
+ case 0:
+ data->error = ENOENT;
+ break;
+
+ case 1:
+ data->gid = ldb_msg_find_attr_as_uint(res->msgs[0], SYSDB_GIDNUM, 0);
+ break;
+
+ default:
+ data->error = EFAULT;
+ break;
+ }
+}
+
+/* Returns a gid for a given groupname. If a numerical gid
+ * is given, returns that as integer (rationale: shadow-utils)
+ * On error, returns -EINVAL
+ */
+static int get_gid(struct tools_ctx *ctx, const char *groupname, gid_t *_gid)
+{
+ struct fetch_group *data = NULL;
+ char *end_ptr;
+ gid_t gid;
+ int ret;
+
+ errno = 0;
+ gid = strtoul(groupname, &end_ptr, 10);
+ if (groupname == '\0' || *end_ptr != '\0' || errno != 0) {
+ /* Does not look like a gid - find the group name */
+
+ data = talloc_zero(ctx, struct fetch_group);
+ if (!data) return ENOMEM;
+
+ ret = sysdb_getgrnam(data, ctx->sysdb,
+ "LOCAL", groupname, false,
+ get_gid_callback, data);
+ if (ret != EOK) {
+ DEBUG(0, ("sysdb_getgrnam failed: %d\n", ret));
+ goto done;
+ }
+
+ while (!data->done) {
+ tevent_loop_once(ctx->ev);
+ }
+
+ if (data->error) {
+ ret = data->error;
+ goto done;
+ }
+
+ gid = data->gid;
+ }
+
+ if (gid == 0) {
+ ret = ERANGE;
+ } else {
+ *_gid = gid;
+ }
+
+done:
+ talloc_free(data);
+ return ret;
+}
+
+static void add_to_groups(void *, int, struct ldb_result *);
+
+/* sysdb callback */
+static void add_user_done(void *pvt, int error, struct ldb_result *ignore)
+{
+ struct user_add_ctx *data = talloc_get_type(pvt, struct user_add_ctx);
+
+ data->done = true;
+
+ sysdb_transaction_done(data->sysreq, error);
+
+ if (error)
+ data->error = error;
+}
+
+/* sysdb_req_fn_t */
+static void add_user(struct sysdb_req *req, void *pvt)
+{
+ struct user_add_ctx *user_ctx;
+ int ret;
+
+ user_ctx = talloc_get_type(pvt, struct user_add_ctx);
+ user_ctx->sysreq = req;
+
+ ret = sysdb_add_user(req, user_ctx->domain,
+ user_ctx->username,
+ user_ctx->uid,
+ user_ctx->gid,
+ user_ctx->gecos,
+ user_ctx->home,
+ user_ctx->shell,
+ add_to_groups, user_ctx);
+
+ if (ret != EOK)
+ add_user_done(user_ctx, ret, NULL);
+}
+
+static void add_to_groups(void *pvt, int error, struct ldb_result *ignore)
+{
+ struct user_add_ctx *user_ctx = talloc_get_type(pvt, struct user_add_ctx);
+ struct ldb_dn *group_dn;
+ struct ldb_dn *user_dn;
+ int ret;
+
+ if (error) {
+ add_user_done(pvt, error, NULL);
+ return;
+ }
+
+ /* check if we added all of them */
+ if (user_ctx->groups == NULL ||
+ user_ctx->groups[user_ctx->cur] == NULL) {
+ add_user_done(user_ctx, EOK, NULL);
+ return;
+ }
+
+ user_dn = sysdb_user_dn(user_ctx->ctx->sysdb, user_ctx,
+ user_ctx->domain->name, user_ctx->username);
+ if (!user_dn) {
+ add_user_done(pvt, ENOMEM, NULL);
+ return;
+ }
+
+ group_dn = sysdb_group_dn(user_ctx->ctx->sysdb, user_ctx,
+ user_ctx->domain->name,
+ user_ctx->groups[user_ctx->cur]);
+ if (!group_dn) {
+ add_user_done(pvt, ENOMEM, NULL);
+ return;
+ }
+
+ ret = sysdb_add_group_member(user_ctx->sysreq,
+ user_dn, group_dn,
+ add_to_groups, user_ctx);
+ if (ret != EOK)
+ add_user_done(user_ctx, ret, NULL);
+}
+
+int main(int argc, const char **argv)
+{
+ uid_t pc_uid = 0;
+ const char *pc_group = NULL;
+ const char *pc_gecos = NULL;
+ const char *pc_home = NULL;
+ const char *pc_shell = NULL;
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ { "uid", 'u', POPT_ARG_INT, &pc_uid, 0, "The UID of the user", NULL },
+ { "gid", 'g', POPT_ARG_STRING, &pc_group, 0, "The GID or group name of the user", NULL },
+ { "gecos", 'c', POPT_ARG_STRING, &pc_gecos, 0, "The comment string", NULL },
+ { "home", 'h', POPT_ARG_STRING, &pc_home, 0, "Home directory", NULL },
+ { "shell", 's', POPT_ARG_STRING, &pc_shell, 0, "Login shell", NULL },
+ { "groups", 'G', POPT_ARG_STRING, NULL, 0, "Groups", NULL },
+ POPT_TABLEEND
+ };
+ poptContext pc;
+ struct user_add_ctx *user_ctx = NULL;
+ struct tools_ctx *ctx;
+ char *groups;
+ int ret;
+
+ debug_prg_name = argv[0];
+
+ ret = setup_db(&ctx);
+ if (ret != EOK) {
+ DEBUG(0, ("Could not set up database\n"));
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ user_ctx = talloc_zero(ctx, struct user_add_ctx);
+ if (user_ctx == NULL) {
+ DEBUG(0, ("Could not allocate memory for user_ctx context\n"));
+ return ENOMEM;
+ }
+ user_ctx->ctx = ctx;
+
+ /* parse user_ctx */
+ pc = poptGetContext(NULL, argc, argv, long_options, 0);
+ poptSetOtherOptionHelp(pc, "USERNAME");
+ while ((ret = poptGetNextOpt(pc)) > 0) {
+ if (ret == 'G') {
+ groups = poptGetOptArg(pc);
+ if (!groups) {
+ ret = -1;
+ break;
+ }
+
+ ret = parse_groups(ctx, groups, &user_ctx->groups);
+ free(groups);
+ if (ret != EOK) {
+ break;
+ }
+ }
+ }
+
+ if(ret != -1) {
+ usage(pc, poptStrerror(ret));
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ /* username is an argument without --option */
+ user_ctx->username = poptGetArg(pc);
+ if (user_ctx->username == NULL) {
+ usage(pc, "Specify user to add\n");
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ /* Same as shadow-utils useradd, -g can specify gid or group name */
+ if (pc_group != NULL) {
+ ret = get_gid(ctx, pc_group, &user_ctx->gid);
+ if (ret != EOK) {
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+ }
+
+ user_ctx->uid = pc_uid;
+
+ /*
+ * Fills in defaults for user_ctx user did not specify.
+ * FIXME - Should this originate from the confdb or another config?
+ */
+ if (!pc_gecos) {
+ pc_gecos = user_ctx->username;
+ }
+ user_ctx->gecos = talloc_strdup(user_ctx, pc_gecos);
+ if (!user_ctx->gecos) {
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ if (pc_home) {
+ user_ctx->home = talloc_strdup(user_ctx, pc_home);
+ } else {
+ user_ctx->home = talloc_asprintf(user_ctx, "/home/%s", user_ctx->username);
+ }
+ if (!user_ctx->home) {
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ if (!pc_shell) {
+ pc_shell = "/bin/bash";
+ }
+ user_ctx->shell = talloc_strdup(user_ctx, pc_shell);
+ if (!user_ctx->shell) {
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ /* arguments processed, go on to actual work */
+
+ user_ctx->domain = btreemap_get_value(ctx->domains, "LOCAL");
+ if (user_ctx->domain == NULL) {
+ DEBUG(0, ("Could not set default values\n"));
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ /* Check MPG constraints */
+ ret = check_user_name_unique(ctx, user_ctx->username);
+ if (ret != EOK) {
+ DEBUG(0, ("Could not add user - name not unique\n"));
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ /* useradd */
+ ret = sysdb_transaction(ctx, ctx->sysdb, add_user, user_ctx);
+ if (ret != EOK) {
+ DEBUG(0, ("Could not start transaction (%d)[%s]\n",
+ ret, strerror(ret)));
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ while (!user_ctx->done) {
+ tevent_loop_once(ctx->ev);
+ }
+
+ if (user_ctx->error) {
+ ret = user_ctx->error;
+ DEBUG(0, ("Operation failed (%d)[%s]\n", ret, strerror(ret)));
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ ret = EXIT_SUCCESS;
+
+fini:
+ poptFreeContext(pc);
+ talloc_free(ctx);
+ exit(ret);
+}
diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c
new file mode 100644
index 000000000..241e1f9a1
--- /dev/null
+++ b/server/tools/tools_util.c
@@ -0,0 +1,196 @@
+/*
+ SSSD
+
+ tools_utils.c
+
+ Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <talloc.h>
+#include <tevent.h>
+#include <popt.h>
+
+#include "util/util.h"
+#include "confdb/confdb.h"
+#include "db/sysdb.h"
+#include "tools/tools_util.h"
+
+/* Even in LOCAL database, we must enforce MPG. That means enforcing the following rules:
+ *
+ * 1. Users and groups must share the same name space. There can never be
+ * a real group that has the same name of a real user.
+ * 2. Users and Groups must share the same ID space a group can never have
+ * a gidNumber that is numerically equal to a uidNumber Otherwise the
+ * user MPG will conflict with said group.
+ */
+
+struct ucheck {
+ bool done;
+ bool dup;
+ int error;
+};
+
+void check_unique_callback(void *ptr, int error, struct ldb_result *res)
+{
+ struct ucheck *data = talloc_get_type(ptr, struct ucheck);
+
+ data->done = true;
+
+ if (error) {
+ data->error = error;
+ }
+
+ if (res->count != 0) {
+ data->dup = true;
+ }
+}
+
+int check_user_name_unique(struct tools_ctx *ctx, const char *name)
+{
+ struct ucheck *data;
+ int ret = EOK;
+
+ data = talloc_zero(NULL, struct ucheck);
+ if (!data) return ENOMEM;
+
+ ret = sysdb_getgrnam(data, ctx->sysdb,
+ "LOCAL", name, false,
+ check_unique_callback, data);
+ if (ret != EOK) {
+ DEBUG(1, ("sysdb_getgrnam failed: %d\n", ret));
+ goto done;
+ }
+
+ while (!data->done) {
+ tevent_loop_once(ctx->ev);
+ }
+
+ if (data->error) {
+ ret = data->error;
+ goto done;
+ }
+
+ if (data->dup) {
+ ret = EEXIST;
+ }
+
+done:
+ talloc_free(data);
+ return ret;
+}
+
+int check_group_name_unique(struct tools_ctx *ctx, const char *name)
+{
+ struct ucheck *data;
+ int ret;
+
+ data = talloc_zero(NULL, struct ucheck);
+ if (!data) return ENOMEM;
+
+ ret = sysdb_getpwnam(data, ctx->sysdb,
+ "LOCAL", name, false,
+ check_unique_callback, data);
+ if (ret != EOK) {
+ DEBUG(1, ("sysdb_getgrnam failed: %d\n", ret));
+ goto done;
+ }
+
+ while (!data->done) {
+ tevent_loop_once(ctx->ev);
+ }
+
+ if (data->error) {
+ ret = data->error;
+ goto done;
+ }
+
+ if (data->dup) {
+ ret = EEXIST;
+ }
+
+done:
+ talloc_free(data);
+ return ret;
+}
+
+int setup_db(struct tools_ctx **tools_ctx)
+{
+ TALLOC_CTX *tmp_ctx;
+ char *confdb_path;
+ struct tools_ctx *ctx;
+ int ret;
+
+ ctx = talloc_zero(NULL, struct tools_ctx);
+ if (ctx == NULL) {
+ DEBUG(1, ("Could not allocate memory for tools context"));
+ return ENOMEM;
+ }
+
+ /* Create the event context */
+ ctx->ev = tevent_context_init(ctx);
+ if (ctx->ev == NULL) {
+ DEBUG(1, ("Could not create event context"));
+ talloc_free(ctx);
+ return EIO;
+ }
+
+ tmp_ctx = talloc_new(ctx);
+ if (!tmp_ctx)
+ return ENOMEM;
+
+ confdb_path = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, CONFDB_FILE);
+ if (confdb_path == NULL) {
+ talloc_free(ctx);
+ return ENOMEM;
+ }
+
+ /* Connect to the conf db */
+ ret = confdb_init(ctx, ctx->ev, &ctx->confdb, confdb_path);
+ if (ret != EOK) {
+ DEBUG(1, ("Could not initialize connection to the confdb"));
+ talloc_free(ctx);
+ return ret;
+ }
+
+ ret = confdb_get_domains(ctx->confdb, ctx, &ctx->domains);
+ if (ret != EOK) {
+ DEBUG(1, ("Could not get domains"));
+ talloc_free(ctx);
+ return ret;
+ }
+
+ /* open sysdb at default path */
+ ret = sysdb_init(ctx, ctx->ev, ctx->confdb, NULL, &ctx->sysdb);
+ if (ret != EOK) {
+ DEBUG(1, ("Could not initialize connection to the sysdb"));
+ talloc_free(ctx);
+ return ret;
+ }
+
+ talloc_free(tmp_ctx);
+ *tools_ctx = ctx;
+ return EOK;
+}
+
+/*
+ * Print poptUsage as well as our error message
+ */
+void usage(poptContext pc, const char *error)
+{
+ poptPrintUsage(pc, stderr, 0);
+ if (error) fprintf(stderr, "%s", error);
+}
+
diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h
new file mode 100644
index 000000000..cf0e1fe92
--- /dev/null
+++ b/server/tools/tools_util.h
@@ -0,0 +1,21 @@
+#ifndef __TOOLS_UTIL_H__
+#define __TOOLS_UTIL_H__
+
+#define UID_NOT_SET 0
+#define GID_NOT_SET 0
+
+struct tools_ctx {
+ struct tevent_context *ev;
+ struct confdb_ctx *confdb;
+ struct sysdb_ctx *sysdb;
+
+ struct btreemap *domains;
+};
+
+int check_user_name_unique(struct tools_ctx *ctx, const char *name);
+int check_group_name_unique(struct tools_ctx *ctx, const char *name);
+int setup_db(struct tools_ctx **ctx);
+
+void usage(poptContext pc, const char *error);
+
+#endif /* __TOOLS_UTIL_H__ */