diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2009-03-08 00:20:50 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-03-09 10:21:37 -0400 |
commit | 0e0a7393064a1826b31fc567f35617f3e7a134fc (patch) | |
tree | 1faa9671a5580cff004d72ea6699200986793dac /server | |
parent | 691c9b36947b64ccad9275ba2ec32bf9294851c9 (diff) | |
download | sssd-0e0a7393064a1826b31fc567f35617f3e7a134fc.tar.gz sssd-0e0a7393064a1826b31fc567f35617f3e7a134fc.tar.bz2 sssd-0e0a7393064a1826b31fc567f35617f3e7a134fc.zip |
sss_usermod
Move parse_groups into tools_utils
Diffstat (limited to 'server')
-rw-r--r-- | server/Makefile.in | 2 | ||||
-rw-r--r-- | server/server.mk | 7 | ||||
-rw-r--r-- | server/tools/sss_useradd.c | 44 | ||||
-rw-r--r-- | server/tools/sss_usermod.c | 361 | ||||
-rw-r--r-- | server/tools/tools_util.c | 44 | ||||
-rw-r--r-- | server/tools/tools_util.h | 2 |
6 files changed, 415 insertions, 45 deletions
diff --git a/server/Makefile.in b/server/Makefile.in index b71d4ccd..342bbcc0 100644 --- a/server/Makefile.in +++ b/server/Makefile.in @@ -118,7 +118,7 @@ endif ifneq (x$(HAVE_POLICYKIT), x) LIBEXECBINS += sbin/sssd_pk endif -TOOLSBINS = sbin/sss_useradd sbin/sss_userdel sbin/sss_groupadd sbin/sss_groupdel +TOOLSBINS = sbin/sss_useradd sbin/sss_userdel sbin/sss_groupadd sbin/sss_groupdel sbin/sss_usermod BINS = sbin/sssd $(LIBEXECBINS) $(TOOLSBINS) ifneq (x$(HAVE_TESTS), x) diff --git a/server/server.mk b/server/server.mk index b0040f39..b09312db 100644 --- a/server/server.mk +++ b/server/server.mk @@ -90,6 +90,9 @@ GROUPADD_OBJ = \ GROUPDEL_OBJ = \ tools/sss_groupdel.o +USERMOD_OBJ = \ + tools/sss_usermod.o + sbin/sssd: $(SERVER_OBJ) $(UTIL_OBJ) $(CC) -o sbin/sssd $(SERVER_OBJ) $(UTIL_OBJ) $(LDFLAGS) $(LIBS) @@ -142,3 +145,7 @@ sbin/sss_groupadd: $(GROUPADD_OBJ) $(TOOLS_OBJ) $(UTIL_OBJ) sbin/sss_groupdel: $(GROUPDEL_OBJ) $(TOOLS_OBJ) $(UTIL_OBJ) $(CC) -o sbin/sss_groupdel $(GROUPDEL_OBJ) $(TOOLS_OBJ) $(UTIL_OBJ) $(LDFLAGS) $(LIBS) + +sbin/sss_usermod: $(USERMOD_OBJ) $(TOOLS_OBJ) $(UTIL_OBJ) + $(CC) -o sbin/sss_usermod $(USERMOD_OBJ) $(TOOLS_OBJ) $(UTIL_OBJ) $(LDFLAGS) $(LIBS) + diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c index 0897cfde..710ed207 100644 --- a/server/tools/sss_useradd.c +++ b/server/tools/sss_useradd.c @@ -51,50 +51,6 @@ struct user_add_ctx { bool done; }; -/* FIXME: avoid using strtok !! */ -static int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out) -{ - char **out; - char *orig, *n, *o; - char delim = ','; - unsigned int tokens = 1; - int i; - - orig = talloc_strdup(mem_ctx, optstr); - if (!orig) return ENOMEM; - - n = orig; - tokens = 1; - while ((n = strchr(n, delim))) { - n++; - tokens++; - } - - out = talloc_array(mem_ctx, char *, tokens+1); - if (!out) { - talloc_free(orig); - return ENOMEM; - } - - n = orig; - for (i = 0; i < tokens; i++) { - o = n; - n = strchr(n, delim); - if (!n) { - break; - } - *n = '\0'; - n++; - out[i] = talloc_strdup(out, o); - } - out[tokens-1] = talloc_strdup(out, o); - out[tokens] = NULL; - - talloc_free(orig); - *_out = out; - return EOK; -} - struct fetch_group { gid_t gid; int error; diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c new file mode 100644 index 00000000..03127899 --- /dev/null +++ b/server/tools/sss_usermod.c @@ -0,0 +1,361 @@ +/* + SSSD + + sss_usermod + + Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <stdio.h> +#include <stdlib.h> +#include <talloc.h> +#include <popt.h> +#include <errno.h> +#include <sys/types.h> + +#include "util/util.h" +#include "db/sysdb.h" +#include "tools/tools_util.h" + +#define DO_LOCK 1 +#define DO_UNLOCK 2 + +#define VAR_CHECK(var, val, msg) do { \ + if (var != (val)) { \ + DEBUG(0, (msg)); \ + var = EXIT_FAILURE; \ + goto fini; \ + } \ +} while(0) + +struct user_mod_ctx { + struct sysdb_req *sysreq; + + struct sss_domain_info *domain; + struct tools_ctx *ctx; + + const char *username; + struct sysdb_attrs *attrs; + + char **addgroups; + char **rmgroups; + int cur; + + int error; + bool done; +}; + +/* sysdb callback */ +static void mod_user_done(void *pvt, int error, struct ldb_result *ignore) +{ + struct user_mod_ctx *data = talloc_get_type(pvt, struct user_mod_ctx); + + data->done = true; + + sysdb_transaction_done(data->sysreq, error); + + if (error) + data->error = error; +} + +static void add_to_groups(void *, int, struct ldb_result *); + +/* sysdb_req_fn_t */ +static void mod_user(struct sysdb_req *req, void *pvt) +{ + struct user_mod_ctx *user_ctx; + int ret; + + user_ctx = talloc_get_type(pvt, struct user_mod_ctx); + user_ctx->sysreq = req; + + if(user_ctx->attrs->num == 0) { + add_to_groups(user_ctx, EOK, NULL); + } else { + ret = sysdb_set_user_attr(req, + sysdb_req_get_ctx(req), + user_ctx->domain->name, + user_ctx->username, + user_ctx->attrs, + add_to_groups, + user_ctx); + + if (ret != EOK) { + mod_user_done(user_ctx, ret, NULL); + } + } +} + +static void remove_from_groups(void *pvt, int error, struct ldb_result *ignore) +{ + struct user_mod_ctx *user_ctx = talloc_get_type(pvt, struct user_mod_ctx); + struct ldb_dn *group_dn; + struct ldb_dn *user_dn; + int ret; + + if (error) { + mod_user_done(pvt, error, NULL); + return; + } + + /* check if we removed all of them */ + if (user_ctx->rmgroups == NULL || + user_ctx->rmgroups[user_ctx->cur] == NULL) { + mod_user_done(user_ctx, EOK, NULL); + return; + } + + user_dn = sysdb_user_dn(user_ctx->ctx->sysdb, user_ctx, + user_ctx->domain->name, user_ctx->username); + if (!user_dn) { + mod_user_done(pvt, ENOMEM, NULL); + return; + } + + group_dn = sysdb_group_dn(user_ctx->ctx->sysdb, user_ctx, + user_ctx->domain->name, + user_ctx->rmgroups[user_ctx->cur]); + if (!group_dn) { + mod_user_done(pvt, ENOMEM, NULL); + return; + } + + ret = sysdb_remove_group_member(user_ctx->sysreq, + user_dn, group_dn, + remove_from_groups, user_ctx); + if (ret != EOK) + mod_user_done(user_ctx, ret, NULL); + + /* go on to next group */ + user_ctx->cur++; +} + +static void add_to_groups(void *pvt, int error, struct ldb_result *ignore) +{ + struct user_mod_ctx *user_ctx = talloc_get_type(pvt, struct user_mod_ctx); + struct ldb_dn *group_dn; + struct ldb_dn *user_dn; + int ret; + + if (error) { + mod_user_done(pvt, error, NULL); + return; + } + + /* check if we added all of them */ + if (user_ctx->addgroups == NULL || + user_ctx->addgroups[user_ctx->cur] == NULL) { + user_ctx->cur = 0; + remove_from_groups(user_ctx, EOK, NULL); + return; + } + + user_dn = sysdb_user_dn(user_ctx->ctx->sysdb, user_ctx, + user_ctx->domain->name, user_ctx->username); + if (!user_dn) { + mod_user_done(pvt, ENOMEM, NULL); + return; + } + + group_dn = sysdb_group_dn(user_ctx->ctx->sysdb, user_ctx, + user_ctx->domain->name, + user_ctx->addgroups[user_ctx->cur]); + if (!group_dn) { + mod_user_done(pvt, ENOMEM, NULL); + return; + } + + ret = sysdb_add_group_member(user_ctx->sysreq, + user_dn, group_dn, + add_to_groups, user_ctx); + if (ret != EOK) + mod_user_done(user_ctx, ret, NULL); + + /* go on to next group */ + user_ctx->cur++; +} + +int main(int argc, const char **argv) +{ + int pc_lock; + uid_t pc_uid = 0; + gid_t pc_gid = 0; + const char *pc_gecos = NULL; + const char *pc_home = NULL; + const char *pc_shell = NULL; + struct poptOption long_options[] = { + POPT_AUTOHELP + { "uid", 'u', POPT_ARG_INT, &pc_uid, 0, "The UID of the user", NULL }, + { "gid", 'g', POPT_ARG_INT, &pc_gid, 0, "The GID of the user", NULL }, + { "gecos", 'c', POPT_ARG_STRING, &pc_gecos, 0, "The comment string", NULL }, + { "home", 'h', POPT_ARG_STRING, &pc_home, 0, "Home directory", NULL }, + { "shell", 's', POPT_ARG_STRING, &pc_shell, 0, "Login shell", NULL }, + { "append-group", 'a', POPT_ARG_STRING, NULL, 'a', "Groups to add this user to", NULL }, + { "remove-group", 'r', POPT_ARG_STRING, NULL, 'r', "Groups to remove this user from", NULL }, + { "lock", 'L', POPT_ARG_INT, &pc_lock, DO_LOCK, "Lock the account", NULL }, + { "unlock", 'U', POPT_ARG_INT, &pc_lock, DO_UNLOCK, "Unlock the account", NULL }, + POPT_TABLEEND + }; + poptContext pc = NULL; + struct user_mod_ctx *user_ctx = NULL; + struct tools_ctx *ctx = NULL; + char *groups; + int ret; + + debug_prg_name = argv[0]; + + ret = setup_db(&ctx); + if (ret != EOK) { + DEBUG(0, ("Could not set up database\n")); + ret = EXIT_FAILURE; + goto fini; + } + + user_ctx = talloc_zero(ctx, struct user_mod_ctx); + if (user_ctx == NULL) { + DEBUG(0, ("Could not allocate memory for user_ctx context\n")); + return ENOMEM; + } + user_ctx->ctx = ctx; + + user_ctx->attrs = sysdb_new_attrs(ctx); + if (user_ctx->attrs == NULL) { + DEBUG(0, ("Could not allocate memory for sysdb_attrs\n")); + return ENOMEM; + } + + /* parse user_ctx */ + pc = poptGetContext(NULL, argc, argv, long_options, 0); + poptSetOtherOptionHelp(pc, "USERNAME"); + while ((ret = poptGetNextOpt(pc)) > 0) { + if (ret == 'a' || ret == 'r') { + groups = poptGetOptArg(pc); + if (!groups) { + ret = -1; + break; + } + + ret = parse_groups(ctx, + groups, + (ret == 'a') ? (&user_ctx->addgroups) : (&user_ctx->rmgroups)); + + free(groups); + if (ret != EOK) { + break; + } + } + } + + if(ret != -1) { + usage(pc, poptStrerror(ret)); + ret = EXIT_FAILURE; + goto fini; + } + + /* username is an argument without --option */ + user_ctx->username = poptGetArg(pc); + if (user_ctx->username == NULL) { + usage(pc, "Specify user to modify\n"); + ret = EXIT_FAILURE; + goto fini; + } + + /* add parameters to changeset */ + /* FIXME - might want to do this via attr:pc_var mapping in a loop */ + + if(pc_shell) { + ret = sysdb_attrs_add_string(user_ctx->attrs, + SYSDB_SHELL, + pc_shell); + VAR_CHECK(ret, EOK, "Could not add attribute to changeset\n"); + } + + if(pc_home) { + ret = sysdb_attrs_add_string(user_ctx->attrs, + SYSDB_HOMEDIR, + pc_home); + VAR_CHECK(ret, EOK, "Could not add attribute to changeset\n"); + } + + if(pc_gecos) { + ret = sysdb_attrs_add_string(user_ctx->attrs, + SYSDB_FULLNAME, + pc_gecos); + VAR_CHECK(ret, EOK, "Could not add attribute to changeset\n"); + } + + if(pc_uid) { + ret = sysdb_attrs_add_long(user_ctx->attrs, + SYSDB_UIDNUM, + pc_uid); + VAR_CHECK(ret, EOK, "Could not add attribute to changeset\n"); + } + + if(pc_gid) { + ret = sysdb_attrs_add_long(user_ctx->attrs, + SYSDB_GIDNUM, + pc_gid); + VAR_CHECK(ret, EOK, "Could not add attribute to changeset\n"); + } + + if(pc_lock == DO_LOCK) { + ret = sysdb_attrs_add_string(user_ctx->attrs, + SYSDB_DISABLED, + "true"); + VAR_CHECK(ret, EOK, "Could not add attribute to changeset\n"); + } + + if(pc_lock == DO_UNLOCK) { + /* PAM code checks for 'false' value in SYSDB_DISABLED attribute */ + ret = sysdb_attrs_add_string(user_ctx->attrs, + SYSDB_DISABLED, + "false"); + VAR_CHECK(ret, EOK, "Could not add attribute to changeset\n"); + } + + + /* arguments processed, go on to actual work */ + user_ctx->domain = btreemap_get_value(ctx->domains, "LOCAL"); + if (user_ctx->domain == NULL) { + VAR_CHECK(ret, EOK, "Could not set default values\n"); + } + + ret = sysdb_transaction(ctx, ctx->sysdb, mod_user, user_ctx); + if (ret != EOK) { + DEBUG(0, ("Could not start transaction (%d)[%s]\n", + ret, strerror(ret))); + ret = EXIT_FAILURE; + goto fini; + } + + while (!user_ctx->done) { + tevent_loop_once(ctx->ev); + } + + if (user_ctx->error) { + ret = user_ctx->error; + DEBUG(0, ("Operation failed (%d)[%s]\n", ret, strerror(ret))); + ret = EXIT_FAILURE; + goto fini; + } + + ret = EXIT_SUCCESS; + +fini: + poptFreeContext(pc); + talloc_free(ctx); + exit(ret); +} diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c index 241e1f9a..daf9b41f 100644 --- a/server/tools/tools_util.c +++ b/server/tools/tools_util.c @@ -194,3 +194,47 @@ void usage(poptContext pc, const char *error) if (error) fprintf(stderr, "%s", error); } +/* FIXME: avoid using strtok !! */ +int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out) +{ + char **out; + char *orig, *n, *o; + char delim = ','; + unsigned int tokens = 1; + int i; + + orig = talloc_strdup(mem_ctx, optstr); + if (!orig) return ENOMEM; + + n = orig; + tokens = 1; + while ((n = strchr(n, delim))) { + n++; + tokens++; + } + + out = talloc_array(mem_ctx, char *, tokens+1); + if (!out) { + talloc_free(orig); + return ENOMEM; + } + + n = orig; + for (i = 0; i < tokens; i++) { + o = n; + n = strchr(n, delim); + if (!n) { + break; + } + *n = '\0'; + n++; + out[i] = talloc_strdup(out, o); + } + out[tokens-1] = talloc_strdup(out, o); + out[tokens] = NULL; + + talloc_free(orig); + *_out = out; + return EOK; +} + diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h index cf0e1fe9..d8edd493 100644 --- a/server/tools/tools_util.h +++ b/server/tools/tools_util.h @@ -18,4 +18,6 @@ int setup_db(struct tools_ctx **ctx); void usage(poptContext pc, const char *error); +int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out); + #endif /* __TOOLS_UTIL_H__ */ |