diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2010-10-15 15:09:58 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-10-18 13:12:04 -0400 |
| commit | 8059574092a96396dea64dae13696a7f95b423b1 (patch) | |
| tree | c69fc5f4647e423446de5b0fa0196e5e3b236145 /src/db | |
| parent | 55769ee01eac9ce8ce55b29222f14e1c4362fc3c (diff) | |
| download | sssd-8059574092a96396dea64dae13696a7f95b423b1.tar.gz sssd-8059574092a96396dea64dae13696a7f95b423b1.tar.bz2 sssd-8059574092a96396dea64dae13696a7f95b423b1.zip | |
Modify sysdb_[add|remove]_group_member to accept users and groups
Previously, it assumed that all members were users. This changes
the interface so that either a user or a group can be specified.
Also, it eliminates the need for a memory context to be passed,
since the internal memory should be self-contained.
Diffstat (limited to 'src/db')
| -rw-r--r-- | src/db/sysdb.h | 21 | ||||
| -rw-r--r-- | src/db/sysdb_ops.c | 109 |
2 files changed, 91 insertions, 39 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index a1baa20d..2ca9527d 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -527,20 +527,27 @@ int sysdb_store_group(TALLOC_CTX *mem_ctx, struct sysdb_attrs *attrs, uint64_t cache_timeout); -int sysdb_add_group_member(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *ctx, +enum sysdb_member_type { + SYSDB_MEMBER_USER, + SYSDB_MEMBER_GROUP +}; + +int sysdb_add_group_member(struct sysdb_ctx *ctx, struct sss_domain_info *domain, const char *group, - const char *user); + const char *member, + enum sysdb_member_type type); -int sysdb_remove_group_member(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *ctx, +int sysdb_remove_group_member(struct sysdb_ctx *ctx, struct sss_domain_info *domain, const char *group, - const char *user); + const char *member, + enum sysdb_member_type type); + errno_t sysdb_update_members(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, - const char *user, + const char *member, + enum sysdb_member_type type, const char **add_groups, const char **del_groups); diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 7ae22f7d..7158da37 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1529,54 +1529,96 @@ done: /* =Add-User-to-Group(Native/Legacy)====================================== */ -int sysdb_add_group_member(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *ctx, +int sysdb_add_group_member(struct sysdb_ctx *ctx, struct sss_domain_info *domain, const char *group, - const char *user) + const char *member, + enum sysdb_member_type type) { - struct ldb_dn *group_dn, *user_dn; + struct ldb_dn *group_dn; + struct ldb_dn *member_dn; int ret; + TALLOC_CTX *tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } - group_dn = sysdb_group_dn(ctx, mem_ctx, domain->name, group); + group_dn = sysdb_group_dn(ctx, tmp_ctx, domain->name, group); if (!group_dn) { - return ENOMEM; + ret = ENOMEM; + goto done; } - user_dn = sysdb_user_dn(ctx, mem_ctx, domain->name, user); - if (!user_dn) { - return ENOMEM; + if (type == SYSDB_MEMBER_USER) { + member_dn = sysdb_user_dn(ctx, tmp_ctx, domain->name, member); + if (!member_dn) { + ret = ENOMEM; + goto done; + } + } else if (type == SYSDB_MEMBER_GROUP) { + member_dn = sysdb_group_dn(ctx, tmp_ctx, domain->name, member); + if (!member_dn) { + ret = ENOMEM; + goto done; + } + } else { + ret = EINVAL; + goto done; } - ret = sysdb_mod_group_member(mem_ctx, ctx, - user_dn, group_dn, SYSDB_MOD_ADD); + ret = sysdb_mod_group_member(tmp_ctx, ctx, + member_dn, group_dn, + SYSDB_MOD_ADD); + +done: + talloc_free(tmp_ctx); return ret; } /* =Remove-member-from-Group(Native/Legacy)=============================== */ -int sysdb_remove_group_member(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *ctx, +int sysdb_remove_group_member(struct sysdb_ctx *ctx, struct sss_domain_info *domain, const char *group, - const char *user) + const char *member, + enum sysdb_member_type type) { - struct ldb_dn *group_dn, *user_dn; + struct ldb_dn *group_dn; + struct ldb_dn *member_dn; int ret; - - group_dn = sysdb_group_dn(ctx, mem_ctx, domain->name, group); - if (!group_dn) { + TALLOC_CTX *tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { return ENOMEM; } - user_dn = sysdb_user_dn(ctx, mem_ctx, domain->name, user); - if (!user_dn) { - return ENOMEM; + group_dn = sysdb_group_dn(ctx, tmp_ctx, domain->name, group); + if (!group_dn) { + ret = ENOMEM; + goto done; } - ret = sysdb_mod_group_member(mem_ctx, ctx, - user_dn, group_dn, SYSDB_MOD_DEL); + if (type == SYSDB_MEMBER_USER) { + member_dn = sysdb_user_dn(ctx, tmp_ctx, domain->name, member); + if (!member_dn) { + ret = ENOMEM; + goto done; + } + } else if (type == SYSDB_MEMBER_GROUP) { + member_dn = sysdb_group_dn(ctx, tmp_ctx, domain->name, member); + if (!member_dn) { + ret = ENOMEM; + goto done; + } + } else { + ret = EINVAL; + goto done; + } + ret = sysdb_mod_group_member(tmp_ctx, ctx, + member_dn, group_dn, + SYSDB_MOD_DEL); +done: + talloc_free(tmp_ctx); return ret; } @@ -2529,7 +2571,8 @@ done: errno_t sysdb_update_members(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, - const char *user, + const char *member, + enum sysdb_member_type type, const char **add_groups, const char **del_groups) { @@ -2550,11 +2593,12 @@ errno_t sysdb_update_members(struct sysdb_ctx *sysdb, if (add_groups) { /* Add the user to all add_groups */ for (i = 0; add_groups[i]; i++) { - ret = sysdb_add_group_member(tmp_ctx, sysdb, domain, - add_groups[i], user); + ret = sysdb_add_group_member(sysdb, domain, + add_groups[i], member, + type); if (ret != EOK) { - DEBUG(1, ("Could not add user [%s] to group [%s]. " - "Skipping.\n", user, add_groups[i])); + DEBUG(1, ("Could not add member [%s] to group [%s]. " + "Skipping.\n", member, add_groups[i])); /* Continue on, we should try to finish the rest */ } } @@ -2563,11 +2607,12 @@ errno_t sysdb_update_members(struct sysdb_ctx *sysdb, if (del_groups) { /* Remove the user from all del_groups */ for (i = 0; del_groups[i]; i++) { - ret = sysdb_remove_group_member(tmp_ctx, sysdb, domain, - del_groups[i], user); + ret = sysdb_remove_group_member(sysdb, domain, + del_groups[i], member, + type); if (ret != EOK) { - DEBUG(1, ("Could not remove user [%s] from group [%s]. " - "Skipping\n", user, del_groups[i])); + DEBUG(1, ("Could not remove member [%s] from group [%s]. " + "Skipping\n", member, del_groups[i])); /* Continue on, we should try to finish the rest */ } } |