From 7c3629bc78edd79f557805176f3024eaf4fa51b1 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Thu, 12 Feb 2009 07:40:55 -0500 Subject: Add support for removing members from groups. Updated convenience functions for adding/removing user accounts and POSIX groups to the groups. Also modified the add/remove member functions to be a single interface taking a flag for add or removal, since the code only differs by one LDB flag. Added associated unit tests. --- server/db/sysdb.c | 85 +++++++++++++++++++++++++++++++++++++++---------------- server/db/sysdb.h | 43 +++++++++++++++++----------- 2 files changed, 87 insertions(+), 41 deletions(-) (limited to 'server/db') diff --git a/server/db/sysdb.c b/server/db/sysdb.c index edf3593f7..31233e58a 100644 --- a/server/db/sysdb.c +++ b/server/db/sysdb.c @@ -1264,11 +1264,12 @@ done: } /* Wrapper around adding a user account to a POSIX group */ -int sysdb_add_acct_to_posix_group(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - const char *domain, - const char *group, - const char *username) +int sysdb_add_remove_posix_group_acct(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + int flag, + const char *domain, + const char *group, + const char *username) { TALLOC_CTX *tmp_ctx; int ret; @@ -1289,17 +1290,26 @@ int sysdb_add_acct_to_posix_group(TALLOC_CTX *mem_ctx, account = talloc_asprintf(tmp_ctx, SYSDB_PW_NAME"=%s,"SYSDB_TMPL_USER_BASE, username, domain); - if (account == NULL) goto done; + if (account == NULL) { + ret = ENOMEM; + goto done; + } acct_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, account); - if (acct_dn == NULL) goto done; + if (acct_dn == NULL) { + ret = errno; + goto done; + } group_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_GR_NAME"=%s,"SYSDB_TMPL_GROUP_BASE, group, domain); - if (group_dn == NULL) goto done; + if (group_dn == NULL) { + ret = errno; + goto done; + } - ret = sysdb_add_member_to_posix_group(tmp_ctx, sysdb, acct_dn, group_dn); + ret = sysdb_add_remove_posix_group_member(tmp_ctx, sysdb, flag, acct_dn, group_dn); done: talloc_free(tmp_ctx); @@ -1307,11 +1317,12 @@ done: } /* Wrapper around adding a POSIX group to a POSIX group */ -int sysdb_add_group_to_posix_group(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - const char *domain, - const char *group, - const char *member_group) +int sysdb_add_remove_posix_group_group(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + int flag, + const char *domain, + const char *group, + const char *member_group) { TALLOC_CTX *tmp_ctx; int ret; @@ -1332,36 +1343,58 @@ int sysdb_add_group_to_posix_group(TALLOC_CTX *mem_ctx, member_group_canonical = talloc_asprintf(tmp_ctx, SYSDB_GR_NAME"=%s,"SYSDB_TMPL_GROUP_BASE, member_group, domain); - if (member_group_canonical == NULL) goto done; + if (member_group_canonical == NULL) { + ret = ENOMEM; + goto done; + } member_group_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, member_group_canonical); - if (member_group_dn == NULL) goto done; + if (member_group_dn == NULL) { + ret = errno; + goto done; + } group_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_GR_NAME"=%s,"SYSDB_TMPL_GROUP_BASE, group, domain); - if (group_dn == NULL) goto done; + if (group_dn == NULL) { + ret = errno; + goto done; + } - ret = sysdb_add_member_to_posix_group(tmp_ctx, sysdb, member_group_dn, group_dn); + ret = sysdb_add_remove_posix_group_member(tmp_ctx, sysdb, flag, member_group_dn, group_dn); done: talloc_free(tmp_ctx); return ret; } -int sysdb_add_member_to_posix_group(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - struct ldb_dn *member_dn, - struct ldb_dn *group_dn) +int sysdb_add_remove_posix_group_member(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + int flag, + struct ldb_dn *member_dn, + struct ldb_dn *group_dn) { TALLOC_CTX *tmp_ctx; - int ret, lret; + int ret, lret, ldb_flag; struct ldb_message *msg; struct ldb_request *req; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; + switch (flag) { + case SYSDB_FLAG_MOD_ADD: + ldb_flag = LDB_FLAG_MOD_ADD; + break; + case SYSDB_FLAG_MOD_DELETE: + ldb_flag = LDB_FLAG_MOD_DELETE; + break; + default: + DEBUG(0, ("Group modification requested with invalid flag\n")); + return EINVAL; + } + /* Start LDB Transaction */ lret = ldb_transaction_start(sysdb->ldb); if (lret != LDB_SUCCESS) { @@ -1370,14 +1403,14 @@ int sysdb_add_member_to_posix_group(TALLOC_CTX *mem_ctx, return EIO; } - /* Add the user as a member of the group */ + /* Add or remove the member_dn as a member of the group */ msg = ldb_msg_new(tmp_ctx); if(msg == NULL) { ret = ENOMEM; goto done; } msg->dn = group_dn; - lret = ldb_msg_add_empty(msg, SYSDB_GR_MEMBER, LDB_FLAG_MOD_ADD, NULL); + lret = ldb_msg_add_empty(msg, SYSDB_GR_MEMBER, ldb_flag, NULL); if (lret == LDB_SUCCESS) { lret = ldb_msg_add_fmt(msg, SYSDB_GR_MEMBER, "%s", ldb_dn_alloc_linearized(tmp_ctx, member_dn)); } @@ -1410,9 +1443,11 @@ int sysdb_add_member_to_posix_group(TALLOC_CTX *mem_ctx, } ret = EOK; + done: /* Cancel LDB Transaction */ if (ret != EOK) { + DEBUG(1, ("Cancelling ldb transaction (%d)\n", ret)); lret = ldb_transaction_cancel(sysdb->ldb); if (lret != LDB_SUCCESS) { DEBUG(1, ("Failed to cancel ldb transaction (%d)\n", lret)); diff --git a/server/db/sysdb.h b/server/db/sysdb.h index 014e2ce91..656cb8fe1 100644 --- a/server/db/sysdb.h +++ b/server/db/sysdb.h @@ -82,6 +82,13 @@ struct confdb_ctx; typedef void (*sysdb_callback_t)(void *, int, struct ldb_result *); +enum sysdb_flags { + SYSDB_FLAG_MOD_NONE = 0, + SYSDB_FLAG_MOD_ADD, + SYSDB_FLAG_MOD_DELETE, + SYSDB_FLAG_MOD_MODIFY +}; + int sysdb_init(TALLOC_CTX *mem_ctx, struct event_context *ev, struct confdb_ctx *cdb, @@ -155,20 +162,24 @@ int sysdb_store_group_posix(TALLOC_CTX *memctx, const char *domain, const char *name, gid_t gid); -int sysdb_add_acct_to_posix_group(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - const char *domain, - const char *gname, - const char *username); - -int sysdb_add_group_to_posix_group(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - const char *domain, - const char *group, - const char *member_group); - -int sysdb_add_member_to_posix_group(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - struct ldb_dn *member_dn, - struct ldb_dn *group_dn); +int sysdb_add_remove_posix_group_acct(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + int flag, + const char *domain, + const char *group, + const char *username); + +/* Wrapper around adding a POSIX group to a POSIX group */ +int sysdb_add_remove_posix_group_group(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + int flag, + const char *domain, + const char *group, + const char *member_group); + +int sysdb_add_remove_posix_group_member(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + int flag, + struct ldb_dn *member_dn, + struct ldb_dn *group_dn); #endif /* __SYS_DB_H__ */ -- cgit