diff options
author | Simo Sorce <ssorce@redhat.com> | 2009-09-04 17:46:13 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-09-08 15:10:50 -0400 |
commit | 889efbe608251def17c7ba6131fc9aa36c462dc2 (patch) | |
tree | 4fcd6274b37c45294a12b6cd9bc62a70bf878e7e /server | |
parent | 28d9dcbeabdf919506fe59e9d1cbed84fbd6e649 (diff) | |
download | sssd-889efbe608251def17c7ba6131fc9aa36c462dc2.tar.gz sssd-889efbe608251def17c7ba6131fc9aa36c462dc2.tar.bz2 sssd-889efbe608251def17c7ba6131fc9aa36c462dc2.zip |
Tools are allowed to touch only the 'local' domain
Diffstat (limited to 'server')
-rw-r--r-- | server/tools/sss_groupadd.c | 10 | ||||
-rw-r--r-- | server/tools/sss_groupdel.c | 12 | ||||
-rw-r--r-- | server/tools/sss_groupmod.c | 18 | ||||
-rw-r--r-- | server/tools/sss_useradd.c | 16 | ||||
-rw-r--r-- | server/tools/sss_userdel.c | 12 | ||||
-rw-r--r-- | server/tools/sss_usermod.c | 18 | ||||
-rw-r--r-- | server/tools/tools_util.c | 22 | ||||
-rw-r--r-- | server/tools/tools_util.h | 3 |
8 files changed, 35 insertions, 76 deletions
diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c index 10bb9649..3d4d4c6d 100644 --- a/server/tools/sss_groupadd.c +++ b/server/tools/sss_groupadd.c @@ -261,16 +261,8 @@ int main(int argc, const char **argv) goto fini; } - ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb); - if (ret != EOK) { - DEBUG(0, ("Cannot get domain database!\n")); - ERROR("Internal error accesing database\n"); - ret = EXIT_FAILURE; - goto fini; - } - /* add_group */ - req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb); + req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); if (!req) { DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret))); ERROR("Transaction error. Could not add group.\n"); diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c index 8f02cf3d..81e72007 100644 --- a/server/tools/sss_groupdel.c +++ b/server/tools/sss_groupdel.c @@ -90,7 +90,7 @@ static void group_del(struct tevent_req *req) return groupdel_done(data, ret, NULL); } - group_dn = sysdb_group_dn(data->sysdb, data, + group_dn = sysdb_group_dn(data->ctx->sysdb, data, data->domain->name, data->name); if (group_dn == NULL) { DEBUG(1, ("Could not construct a group DN\n")); @@ -265,16 +265,8 @@ int main(int argc, const char **argv) goto fini; } - ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb); - if (ret != EOK) { - DEBUG(0, ("Cannot get domain database!\n")); - ERROR("Internal error accesing database\n"); - ret = EXIT_FAILURE; - goto fini; - } - /* groupdel */ - req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb); + req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); if (!req) { DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret))); ERROR("Transaction error. Could not remove group.\n"); diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c index 6f60b6eb..857d4a0a 100644 --- a/server/tools/sss_groupmod.c +++ b/server/tools/sss_groupmod.c @@ -156,13 +156,13 @@ static void remove_from_groups(struct ops_ctx *data) struct ldb_dn *member_dn; struct tevent_req *req; - parent_dn = sysdb_group_dn(data->sysdb, data, + parent_dn = sysdb_group_dn(data->ctx->sysdb, data, data->domain->name, data->name); if (!parent_dn) { return mod_group_done(data, ENOMEM); } - member_dn = sysdb_group_dn(data->sysdb, data, + member_dn = sysdb_group_dn(data->ctx->sysdb, data, data->domain->name, data->rmgroups[data->cur]); if (!member_dn) { @@ -213,13 +213,13 @@ static void add_to_groups(struct ops_ctx *data) struct ldb_dn *member_dn; struct tevent_req *req; - parent_dn = sysdb_group_dn(data->sysdb, data, + parent_dn = sysdb_group_dn(data->ctx->sysdb, data, data->domain->name, data->name); if (!parent_dn) { return mod_group_done(data, ENOMEM); } - member_dn = sysdb_group_dn(data->sysdb, data, + member_dn = sysdb_group_dn(data->ctx->sysdb, data, data->domain->name, data->addgroups[data->cur]); if (!member_dn) { @@ -463,15 +463,7 @@ int main(int argc, const char **argv) goto fini; } - ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb); - if (ret != EOK) { - DEBUG(0, ("Cannot get domain database!\n")); - ERROR("Internal error accesing database\n"); - ret = EXIT_FAILURE; - goto fini; - } - - req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb); + req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); if (!req) { DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret))); ERROR("Transaction error. Could not modify group.\n"); diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c index 928212d4..e03cf261 100644 --- a/server/tools/sss_useradd.c +++ b/server/tools/sss_useradd.c @@ -126,7 +126,7 @@ static int get_gid(struct ops_ctx *data, const char *groupname) errno != 0 || data->gid == 0) { /* Does not look like a gid - find the group name */ - ret = sysdb_getgrnam(data, data->sysdb, + ret = sysdb_getgrnam(data, data->ctx->sysdb, data->domain, groupname, get_gid_callback, data); if (ret != EOK) { @@ -233,13 +233,13 @@ static void add_to_groups(struct ops_ctx *data) struct ldb_dn *member_dn; struct tevent_req *subreq; - member_dn = sysdb_user_dn(data->sysdb, data, + member_dn = sysdb_user_dn(data->ctx->sysdb, data, data->domain->name, data->name); if (!member_dn) { return add_user_terminate(data, ENOMEM); } - parent_dn = sysdb_group_dn(data->sysdb, data, + parent_dn = sysdb_group_dn(data->ctx->sysdb, data, data->domain->name, data->groups[data->cur]); if (!parent_dn) { @@ -526,16 +526,8 @@ int main(int argc, const char **argv) goto fini; } - ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb); - if (ret != EOK) { - DEBUG(0, ("Cannot get domain database!\n")); - ERROR("Internal error accesing database\n"); - ret = EXIT_FAILURE; - goto fini; - } - /* useradd */ - req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb); + req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); if (!req) { DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret))); ERROR("Transaction error. Could not modify user.\n"); diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c index 2e595f55..3454e8bb 100644 --- a/server/tools/sss_userdel.c +++ b/server/tools/sss_userdel.c @@ -91,7 +91,7 @@ static void user_del(struct tevent_req *req) return userdel_done(data, ret, NULL); } - user_dn = sysdb_user_dn(data->sysdb, data, + user_dn = sysdb_user_dn(data->ctx->sysdb, data, data->domain->name, data->name); if (!user_dn) { DEBUG(1, ("Could not construct a user DN\n")); @@ -265,16 +265,8 @@ int main(int argc, const char **argv) goto fini; } - ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb); - if (ret != EOK) { - DEBUG(0, ("Cannot get domain database!\n")); - ERROR("Internal error accesing database\n"); - ret = EXIT_FAILURE; - goto fini; - } - /* userdel */ - req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb); + req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); if (!req) { DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret))); ERROR("Transaction error. Could not remove user.\n"); diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c index b53c8706..6f3e8611 100644 --- a/server/tools/sss_usermod.c +++ b/server/tools/sss_usermod.c @@ -182,13 +182,13 @@ static void remove_from_groups(struct ops_ctx *data) struct ldb_dn *member_dn; struct tevent_req *req; - member_dn = sysdb_user_dn(data->sysdb, data, + member_dn = sysdb_user_dn(data->ctx->sysdb, data, data->domain->name, data->name); if (!member_dn) { return mod_user_done(data, ENOMEM); } - parent_dn = sysdb_group_dn(data->sysdb, data, + parent_dn = sysdb_group_dn(data->ctx->sysdb, data, data->domain->name, data->rmgroups[data->cur]); if (!parent_dn) { @@ -239,13 +239,13 @@ static void add_to_groups(struct ops_ctx *data) struct ldb_dn *member_dn; struct tevent_req *req; - member_dn = sysdb_user_dn(data->sysdb, data, + member_dn = sysdb_user_dn(data->ctx->sysdb, data, data->domain->name, data->name); if (!member_dn) { return mod_user_done(data, ENOMEM); } - parent_dn = sysdb_group_dn(data->sysdb, data, + parent_dn = sysdb_group_dn(data->ctx->sysdb, data, data->domain->name, data->addgroups[data->cur]); if (!parent_dn) { @@ -589,15 +589,7 @@ int main(int argc, const char **argv) "Could not add attribute to changeset\n"); } - ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb); - if (ret != EOK) { - DEBUG(0, ("Cannot get domain database!\n")); - ERROR("Internal error accesing database\n"); - ret = EXIT_FAILURE; - goto fini; - } - - req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb); + req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); if (!req) { DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret))); ERROR("Transaction error. Could not modify user.\n"); diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c index 3b16f593..6845735c 100644 --- a/server/tools/tools_util.c +++ b/server/tools/tools_util.c @@ -130,6 +130,7 @@ int get_domain_by_id(struct tools_ctx *ctx, int setup_db(struct tools_ctx **tools_ctx) { + struct sss_domain_info *dom; TALLOC_CTX *tmp_ctx; char *confdb_path; struct tools_ctx *ctx; @@ -137,14 +138,14 @@ int setup_db(struct tools_ctx **tools_ctx) ctx = talloc_zero(NULL, struct tools_ctx); if (ctx == NULL) { - DEBUG(1, ("Could not allocate memory for tools context")); + DEBUG(1, ("Could not allocate memory for tools context\n")); return ENOMEM; } /* Create the event context */ ctx->ev = tevent_context_init(ctx); if (ctx->ev == NULL) { - DEBUG(1, ("Could not create event context")); + DEBUG(1, ("Could not create event context\n")); talloc_free(ctx); return EIO; } @@ -162,22 +163,29 @@ int setup_db(struct tools_ctx **tools_ctx) /* Connect to the conf db */ ret = confdb_init(ctx, ctx->ev, &ctx->confdb, confdb_path); if (ret != EOK) { - DEBUG(1, ("Could not initialize connection to the confdb")); + DEBUG(1, ("Could not initialize connection to the confdb\n")); talloc_free(ctx); return ret; } ret = confdb_get_domains(ctx->confdb, &ctx->domains); if (ret != EOK) { - DEBUG(1, ("Could not get domains")); + DEBUG(1, ("Could not get domains\n")); + talloc_free(ctx); + return ret; + } + + ret = confdb_get_domain(ctx->confdb, "local", &dom); + if (ret != EOK) { + DEBUG(1, ("Could not get 'local' domain\n")); talloc_free(ctx); return ret; } - /* open sysdb at default path */ - ret = sysdb_init(ctx, ctx->ev, ctx->confdb, NULL, false, &ctx->db_list); + /* open 'local' sysdb at default path */ + ret = sysdb_domain_init(ctx, ctx->ev, dom, DB_PATH, &ctx->sysdb); if (ret != EOK) { - DEBUG(1, ("Could not initialize connection to the sysdb")); + DEBUG(1, ("Could not initialize connection to the sysdb\n")); talloc_free(ctx); return ret; } diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h index 5e2dd95c..772ba36b 100644 --- a/server/tools/tools_util.h +++ b/server/tools/tools_util.h @@ -43,7 +43,7 @@ enum id_domain { struct tools_ctx { struct tevent_context *ev; struct confdb_ctx *confdb; - struct sysdb_ctx_list *db_list; + struct sysdb_ctx *sysdb; struct sss_names_ctx *snctx; struct sss_domain_info *domains; @@ -53,7 +53,6 @@ struct ops_ctx { struct tools_ctx *ctx; struct tevent_context *ev; struct sss_domain_info *domain; - struct sysdb_ctx *sysdb; char *name; uid_t uid; |