summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-09-04 17:46:13 -0400
committerStephen Gallagher <sgallagh@redhat.com>2009-09-08 15:10:50 -0400
commit889efbe608251def17c7ba6131fc9aa36c462dc2 (patch)
tree4fcd6274b37c45294a12b6cd9bc62a70bf878e7e /server
parent28d9dcbeabdf919506fe59e9d1cbed84fbd6e649 (diff)
downloadsssd-889efbe608251def17c7ba6131fc9aa36c462dc2.tar.gz
sssd-889efbe608251def17c7ba6131fc9aa36c462dc2.tar.bz2
sssd-889efbe608251def17c7ba6131fc9aa36c462dc2.zip
Tools are allowed to touch only the 'local' domain
Diffstat (limited to 'server')
-rw-r--r--server/tools/sss_groupadd.c10
-rw-r--r--server/tools/sss_groupdel.c12
-rw-r--r--server/tools/sss_groupmod.c18
-rw-r--r--server/tools/sss_useradd.c16
-rw-r--r--server/tools/sss_userdel.c12
-rw-r--r--server/tools/sss_usermod.c18
-rw-r--r--server/tools/tools_util.c22
-rw-r--r--server/tools/tools_util.h3
8 files changed, 35 insertions, 76 deletions
diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c
index 10bb9649..3d4d4c6d 100644
--- a/server/tools/sss_groupadd.c
+++ b/server/tools/sss_groupadd.c
@@ -261,16 +261,8 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb);
- if (ret != EOK) {
- DEBUG(0, ("Cannot get domain database!\n"));
- ERROR("Internal error accesing database\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
-
/* add_group */
- req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb);
+ req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
if (!req) {
DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret)));
ERROR("Transaction error. Could not add group.\n");
diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c
index 8f02cf3d..81e72007 100644
--- a/server/tools/sss_groupdel.c
+++ b/server/tools/sss_groupdel.c
@@ -90,7 +90,7 @@ static void group_del(struct tevent_req *req)
return groupdel_done(data, ret, NULL);
}
- group_dn = sysdb_group_dn(data->sysdb, data,
+ group_dn = sysdb_group_dn(data->ctx->sysdb, data,
data->domain->name, data->name);
if (group_dn == NULL) {
DEBUG(1, ("Could not construct a group DN\n"));
@@ -265,16 +265,8 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb);
- if (ret != EOK) {
- DEBUG(0, ("Cannot get domain database!\n"));
- ERROR("Internal error accesing database\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
-
/* groupdel */
- req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb);
+ req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
if (!req) {
DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret)));
ERROR("Transaction error. Could not remove group.\n");
diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c
index 6f60b6eb..857d4a0a 100644
--- a/server/tools/sss_groupmod.c
+++ b/server/tools/sss_groupmod.c
@@ -156,13 +156,13 @@ static void remove_from_groups(struct ops_ctx *data)
struct ldb_dn *member_dn;
struct tevent_req *req;
- parent_dn = sysdb_group_dn(data->sysdb, data,
+ parent_dn = sysdb_group_dn(data->ctx->sysdb, data,
data->domain->name, data->name);
if (!parent_dn) {
return mod_group_done(data, ENOMEM);
}
- member_dn = sysdb_group_dn(data->sysdb, data,
+ member_dn = sysdb_group_dn(data->ctx->sysdb, data,
data->domain->name,
data->rmgroups[data->cur]);
if (!member_dn) {
@@ -213,13 +213,13 @@ static void add_to_groups(struct ops_ctx *data)
struct ldb_dn *member_dn;
struct tevent_req *req;
- parent_dn = sysdb_group_dn(data->sysdb, data,
+ parent_dn = sysdb_group_dn(data->ctx->sysdb, data,
data->domain->name, data->name);
if (!parent_dn) {
return mod_group_done(data, ENOMEM);
}
- member_dn = sysdb_group_dn(data->sysdb, data,
+ member_dn = sysdb_group_dn(data->ctx->sysdb, data,
data->domain->name,
data->addgroups[data->cur]);
if (!member_dn) {
@@ -463,15 +463,7 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb);
- if (ret != EOK) {
- DEBUG(0, ("Cannot get domain database!\n"));
- ERROR("Internal error accesing database\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
-
- req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb);
+ req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
if (!req) {
DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret)));
ERROR("Transaction error. Could not modify group.\n");
diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c
index 928212d4..e03cf261 100644
--- a/server/tools/sss_useradd.c
+++ b/server/tools/sss_useradd.c
@@ -126,7 +126,7 @@ static int get_gid(struct ops_ctx *data, const char *groupname)
errno != 0 || data->gid == 0) {
/* Does not look like a gid - find the group name */
- ret = sysdb_getgrnam(data, data->sysdb,
+ ret = sysdb_getgrnam(data, data->ctx->sysdb,
data->domain, groupname,
get_gid_callback, data);
if (ret != EOK) {
@@ -233,13 +233,13 @@ static void add_to_groups(struct ops_ctx *data)
struct ldb_dn *member_dn;
struct tevent_req *subreq;
- member_dn = sysdb_user_dn(data->sysdb, data,
+ member_dn = sysdb_user_dn(data->ctx->sysdb, data,
data->domain->name, data->name);
if (!member_dn) {
return add_user_terminate(data, ENOMEM);
}
- parent_dn = sysdb_group_dn(data->sysdb, data,
+ parent_dn = sysdb_group_dn(data->ctx->sysdb, data,
data->domain->name,
data->groups[data->cur]);
if (!parent_dn) {
@@ -526,16 +526,8 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb);
- if (ret != EOK) {
- DEBUG(0, ("Cannot get domain database!\n"));
- ERROR("Internal error accesing database\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
-
/* useradd */
- req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb);
+ req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
if (!req) {
DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret)));
ERROR("Transaction error. Could not modify user.\n");
diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c
index 2e595f55..3454e8bb 100644
--- a/server/tools/sss_userdel.c
+++ b/server/tools/sss_userdel.c
@@ -91,7 +91,7 @@ static void user_del(struct tevent_req *req)
return userdel_done(data, ret, NULL);
}
- user_dn = sysdb_user_dn(data->sysdb, data,
+ user_dn = sysdb_user_dn(data->ctx->sysdb, data,
data->domain->name, data->name);
if (!user_dn) {
DEBUG(1, ("Could not construct a user DN\n"));
@@ -265,16 +265,8 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb);
- if (ret != EOK) {
- DEBUG(0, ("Cannot get domain database!\n"));
- ERROR("Internal error accesing database\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
-
/* userdel */
- req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb);
+ req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
if (!req) {
DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret)));
ERROR("Transaction error. Could not remove user.\n");
diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c
index b53c8706..6f3e8611 100644
--- a/server/tools/sss_usermod.c
+++ b/server/tools/sss_usermod.c
@@ -182,13 +182,13 @@ static void remove_from_groups(struct ops_ctx *data)
struct ldb_dn *member_dn;
struct tevent_req *req;
- member_dn = sysdb_user_dn(data->sysdb, data,
+ member_dn = sysdb_user_dn(data->ctx->sysdb, data,
data->domain->name, data->name);
if (!member_dn) {
return mod_user_done(data, ENOMEM);
}
- parent_dn = sysdb_group_dn(data->sysdb, data,
+ parent_dn = sysdb_group_dn(data->ctx->sysdb, data,
data->domain->name,
data->rmgroups[data->cur]);
if (!parent_dn) {
@@ -239,13 +239,13 @@ static void add_to_groups(struct ops_ctx *data)
struct ldb_dn *member_dn;
struct tevent_req *req;
- member_dn = sysdb_user_dn(data->sysdb, data,
+ member_dn = sysdb_user_dn(data->ctx->sysdb, data,
data->domain->name, data->name);
if (!member_dn) {
return mod_user_done(data, ENOMEM);
}
- parent_dn = sysdb_group_dn(data->sysdb, data,
+ parent_dn = sysdb_group_dn(data->ctx->sysdb, data,
data->domain->name,
data->addgroups[data->cur]);
if (!parent_dn) {
@@ -589,15 +589,7 @@ int main(int argc, const char **argv)
"Could not add attribute to changeset\n");
}
- ret = sysdb_get_ctx_from_list(ctx->db_list, data->domain, &data->sysdb);
- if (ret != EOK) {
- DEBUG(0, ("Cannot get domain database!\n"));
- ERROR("Internal error accesing database\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
-
- req = sysdb_transaction_send(ctx, ctx->ev, data->sysdb);
+ req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
if (!req) {
DEBUG(1, ("Could not start transaction (%d)[%s]\n", ret, strerror(ret)));
ERROR("Transaction error. Could not modify user.\n");
diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c
index 3b16f593..6845735c 100644
--- a/server/tools/tools_util.c
+++ b/server/tools/tools_util.c
@@ -130,6 +130,7 @@ int get_domain_by_id(struct tools_ctx *ctx,
int setup_db(struct tools_ctx **tools_ctx)
{
+ struct sss_domain_info *dom;
TALLOC_CTX *tmp_ctx;
char *confdb_path;
struct tools_ctx *ctx;
@@ -137,14 +138,14 @@ int setup_db(struct tools_ctx **tools_ctx)
ctx = talloc_zero(NULL, struct tools_ctx);
if (ctx == NULL) {
- DEBUG(1, ("Could not allocate memory for tools context"));
+ DEBUG(1, ("Could not allocate memory for tools context\n"));
return ENOMEM;
}
/* Create the event context */
ctx->ev = tevent_context_init(ctx);
if (ctx->ev == NULL) {
- DEBUG(1, ("Could not create event context"));
+ DEBUG(1, ("Could not create event context\n"));
talloc_free(ctx);
return EIO;
}
@@ -162,22 +163,29 @@ int setup_db(struct tools_ctx **tools_ctx)
/* Connect to the conf db */
ret = confdb_init(ctx, ctx->ev, &ctx->confdb, confdb_path);
if (ret != EOK) {
- DEBUG(1, ("Could not initialize connection to the confdb"));
+ DEBUG(1, ("Could not initialize connection to the confdb\n"));
talloc_free(ctx);
return ret;
}
ret = confdb_get_domains(ctx->confdb, &ctx->domains);
if (ret != EOK) {
- DEBUG(1, ("Could not get domains"));
+ DEBUG(1, ("Could not get domains\n"));
+ talloc_free(ctx);
+ return ret;
+ }
+
+ ret = confdb_get_domain(ctx->confdb, "local", &dom);
+ if (ret != EOK) {
+ DEBUG(1, ("Could not get 'local' domain\n"));
talloc_free(ctx);
return ret;
}
- /* open sysdb at default path */
- ret = sysdb_init(ctx, ctx->ev, ctx->confdb, NULL, false, &ctx->db_list);
+ /* open 'local' sysdb at default path */
+ ret = sysdb_domain_init(ctx, ctx->ev, dom, DB_PATH, &ctx->sysdb);
if (ret != EOK) {
- DEBUG(1, ("Could not initialize connection to the sysdb"));
+ DEBUG(1, ("Could not initialize connection to the sysdb\n"));
talloc_free(ctx);
return ret;
}
diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h
index 5e2dd95c..772ba36b 100644
--- a/server/tools/tools_util.h
+++ b/server/tools/tools_util.h
@@ -43,7 +43,7 @@ enum id_domain {
struct tools_ctx {
struct tevent_context *ev;
struct confdb_ctx *confdb;
- struct sysdb_ctx_list *db_list;
+ struct sysdb_ctx *sysdb;
struct sss_names_ctx *snctx;
struct sss_domain_info *domains;
@@ -53,7 +53,6 @@ struct ops_ctx {
struct tools_ctx *ctx;
struct tevent_context *ev;
struct sss_domain_info *domain;
- struct sysdb_ctx *sysdb;
char *name;
uid_t uid;