diff options
-rw-r--r-- | server/db/sysdb.c | 135 | ||||
-rw-r--r-- | server/db/sysdb.h | 8 | ||||
-rw-r--r-- | server/tests/sysdb-tests.c | 129 |
3 files changed, 253 insertions, 19 deletions
diff --git a/server/db/sysdb.c b/server/db/sysdb.c index 31233e58..ab338746 100644 --- a/server/db/sysdb.c +++ b/server/db/sysdb.c @@ -755,7 +755,7 @@ int sysdb_store_account_posix(TALLOC_CTX *memctx, } account_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, - "uid=%s,"SYSDB_TMPL_USER_BASE, + SYSDB_PW_NAME"=%s,"SYSDB_TMPL_USER_BASE, name, domain); if (!account_dn) { talloc_free(tmp_ctx); @@ -988,7 +988,7 @@ int sysdb_remove_account_posix(TALLOC_CTX *memctx, } account_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, - "uid=%s,"SYSDB_TMPL_USER_BASE, + SYSDB_PW_NAME"=%s,"SYSDB_TMPL_USER_BASE, name, domain); if (!account_dn) { talloc_free(tmp_ctx); @@ -1038,7 +1038,7 @@ int sysdb_remove_account_posix_by_uid(TALLOC_CTX *memctx, } lret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, - LDB_SCOPE_BASE, attrs, + LDB_SCOPE_ONELEVEL, attrs, SYSDB_PWUID_FILTER, (unsigned long)uid); if (lret != LDB_SUCCESS) { @@ -1049,6 +1049,8 @@ int sysdb_remove_account_posix_by_uid(TALLOC_CTX *memctx, } if (res->count == 0) { + DEBUG(0, ("Base search returned %d results\n", + res->count)); ret = EOK; goto done; } @@ -1097,6 +1099,7 @@ done: talloc_free(tmp_ctx); return ret; } + int sysdb_store_group_posix(TALLOC_CTX *memctx, struct sysdb_ctx *sysdb, const char *domain, @@ -1458,6 +1461,132 @@ done: return ret; } +int sysdb_remove_group_posix(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + const char *domain, const char *name) +{ + TALLOC_CTX *tmp_ctx; + struct ldb_dn *group_dn; + int ret; + + tmp_ctx = talloc_new(memctx); + if (!tmp_ctx) { + return ENOMEM; + } + + group_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, + SYSDB_GR_NAME"=%s,"SYSDB_TMPL_GROUP_BASE, + name, domain); + if (!group_dn) { + talloc_free(tmp_ctx); + return ENOMEM; + } + + ret = ldb_delete(sysdb->ldb, group_dn); + + if (ret != LDB_SUCCESS) { + DEBUG(2, ("LDB Error: %s(%d)\nError Message: [%s]\n", + ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb))); + ret = EIO; + } + + talloc_free(tmp_ctx); + return ret; +} + +int sysdb_remove_group_posix_by_gid(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + const char *domain, gid_t gid) +{ + TALLOC_CTX *tmp_ctx; + const char *attrs[] = { SYSDB_GR_NAME, SYSDB_GR_GIDNUM, NULL }; + struct ldb_dn *base_dn; + struct ldb_dn *group_dn; + struct ldb_result *res; + int lret, ret; + + tmp_ctx = talloc_new(memctx); + if (!tmp_ctx) { + return ENOMEM; + } + + base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, + SYSDB_TMPL_GROUP_BASE, domain); + if (!base_dn) { + talloc_free(tmp_ctx); + return ENOMEM; + } + + lret = ldb_transaction_start(sysdb->ldb); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret)); + ret = EIO; + goto done; + } + + lret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, + LDB_SCOPE_ONELEVEL, attrs, + SYSDB_GRGID_FILTER, + (unsigned long)gid); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n", + ldb_strerror(lret), lret, ldb_errstring(sysdb->ldb))); + ret = EIO; + goto done; + } + + if (res->count == 0) { + DEBUG(0, ("Base search returned %d results\n", + res->count)); + ret = EOK; + goto done; + } + if (res->count > 1) { + DEBUG(0, ("Cache DB corrupted, base search returned %d results\n", + res->count)); + ret = EOK; + goto done; + } + + group_dn = ldb_dn_copy(tmp_ctx, res->msgs[0]->dn); + if (!group_dn) { + ret = ENOMEM; + goto done; + } + + talloc_free(res); + res = NULL; + + ret = ldb_delete(sysdb->ldb, group_dn); + + if (ret != LDB_SUCCESS) { + DEBUG(2, ("LDB Error: %s(%d)\nError Message: [%s]\n", + ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb))); + ret = EIO; + goto done; + } + + lret = ldb_transaction_commit(sysdb->ldb); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed ldb transaction commit !! (%d)\n", lret)); + ret = EIO; + goto done; + } + + ret = EOK; + +done: + if (ret != EOK) { + lret = ldb_transaction_cancel(sysdb->ldb); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed to cancel ldb transaction (%d)\n", lret)); + } + } + + talloc_free(tmp_ctx); + return ret; +} + int sysdb_init(TALLOC_CTX *mem_ctx, struct event_context *ev, struct confdb_ctx *cdb, diff --git a/server/db/sysdb.h b/server/db/sysdb.h index 656cb8fe..4af6323a 100644 --- a/server/db/sysdb.h +++ b/server/db/sysdb.h @@ -182,4 +182,12 @@ int sysdb_add_remove_posix_group_member(TALLOC_CTX *mem_ctx, int flag, struct ldb_dn *member_dn, struct ldb_dn *group_dn); + +int sysdb_remove_group_posix(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + const char *domain, const char *name); + +int sysdb_remove_group_posix_by_gid(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + const char *domain, gid_t gid); #endif /* __SYS_DB_H__ */ diff --git a/server/tests/sysdb-tests.c b/server/tests/sysdb-tests.c index 9d8ebffa..95e347af 100644 --- a/server/tests/sysdb-tests.c +++ b/server/tests/sysdb-tests.c @@ -553,46 +553,143 @@ START_TEST (test_sysdb_remove_group_from_posix_group) } END_TEST +START_TEST (test_sysdb_remove_local_acct_posix) +{ + int ret; + struct sysdb_test_ctx *test_ctx; + + /* Setup */ + ret = setup_sysdb_tests(&test_ctx); + if (ret != EOK) { + fail("Could not set up the test"); + return; + } + + /* Store a user account with username, password, + * uid, gid, gecos, homedir and shell + */ + const char *username = talloc_asprintf(test_ctx, "testuser%d", _i); + + ret = sysdb_remove_account_posix(test_ctx, test_ctx->sysdb, + "LOCAL", username); + fail_if(ret != EOK, "Could not remove POSIX user %s", username); + + talloc_free(test_ctx); +} +END_TEST + +START_TEST (test_sysdb_remove_local_acct_posix_by_uid) +{ + int ret; + struct sysdb_test_ctx *test_ctx; + + /* Setup */ + ret = setup_sysdb_tests(&test_ctx); + if (ret != EOK) { + fail("Could not set up the test"); + return; + } + + ret = sysdb_remove_account_posix_by_uid(test_ctx, test_ctx->sysdb, + "LOCAL", _i); + fail_if(ret != EOK, "Could not remove POSIX group"); + + talloc_free(test_ctx); +} +END_TEST + +START_TEST (test_sysdb_remove_local_group_posix) +{ + int ret; + struct sysdb_test_ctx *test_ctx; + char *group_name; + + /* Setup */ + ret = setup_sysdb_tests(&test_ctx); + if (ret != EOK) { + fail("Could not set up the test"); + return; + } + + group_name = talloc_asprintf(test_ctx, "%s%d", SYSDB_POSIX_TEST_GROUP, _i); + fail_if(group_name == NULL, "Could not allocate group name"); + + ret = sysdb_remove_group_posix(test_ctx, test_ctx->sysdb, + "LOCAL", group_name); + fail_if(ret != EOK, "Could not remove POSIX group"); + + talloc_free(test_ctx); +} +END_TEST + +START_TEST (test_sysdb_remove_local_group_posix_by_gid) +{ + int ret; + struct sysdb_test_ctx *test_ctx; + + /* Setup */ + ret = setup_sysdb_tests(&test_ctx); + if (ret != EOK) { + fail("Could not set up the test"); + return; + } + + ret = sysdb_remove_group_posix_by_gid(test_ctx, test_ctx->sysdb, + "LOCAL", _i); + fail_if(ret != EOK, "Could not remove POSIX group"); + + talloc_free(test_ctx); +} +END_TEST + Suite *create_sysdb_suite(void) { Suite *s = suite_create("sysdb"); -/* POSIX User test case */ - TCase *tc_posix_users = tcase_create("\tPOSIX Users"); + TCase *tc_sysdb = tcase_create("SYSDB Tests"); /* Create a new user */ - tcase_add_loop_test(tc_posix_users, test_sysdb_store_local_account_posix,27000,27010); - -/* POSIX Group test case */ - TCase *tc_posix_gr = tcase_create("\tPOSIX Groups"); + tcase_add_loop_test(tc_sysdb, test_sysdb_store_local_account_posix,27000,27010); /* Create a new group */ - tcase_add_loop_test(tc_posix_gr, test_sysdb_store_local_group_posix,27000,27010); + tcase_add_loop_test(tc_sysdb, test_sysdb_store_local_group_posix,27000,27010); /* Verify that the new group exists */ - tcase_add_loop_test(tc_posix_gr, test_sysdb_get_local_group_posix,27000,27010); + tcase_add_loop_test(tc_sysdb, test_sysdb_get_local_group_posix,27000,27010); /* Add users to the group */ - tcase_add_loop_test(tc_posix_gr, test_sysdb_add_acct_to_posix_group, 27000, 27010); + tcase_add_loop_test(tc_sysdb, test_sysdb_add_acct_to_posix_group, 27000, 27010); /* Verify member and memberOf */ - tcase_add_loop_test(tc_posix_gr, test_sysdb_verify_posix_group_members, 27000, 27010); + tcase_add_loop_test(tc_sysdb, test_sysdb_verify_posix_group_members, 27000, 27010); /* A negative test: add nonexistent users as members of a group */ - tcase_add_loop_test(tc_posix_gr, test_sysdb_add_invalid_member, 27000, 27010); + tcase_add_loop_test(tc_sysdb, test_sysdb_add_invalid_member, 27000, 27010); /* Add groups as members of groups */ - tcase_add_loop_test(tc_posix_gr, test_sysdb_add_group_to_posix_group, 27001, 27010); + tcase_add_loop_test(tc_sysdb, test_sysdb_add_group_to_posix_group, 27001, 27010); /* Remove groups from their groups */ - tcase_add_loop_test(tc_posix_gr, test_sysdb_remove_group_from_posix_group, 27001, 27010); + tcase_add_loop_test(tc_sysdb, test_sysdb_remove_group_from_posix_group, 27001, 27010); /* Remove users from their groups */ - tcase_add_loop_test(tc_posix_gr, test_sysdb_remove_acct_from_posix_group, 27000, 27010); + tcase_add_loop_test(tc_sysdb, test_sysdb_remove_acct_from_posix_group, 27000, 27010); + + /* Remove half of the groups by name */ + tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_group_posix, 27000, 27005); + + /* Remove the other half by gid */ + tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_group_posix_by_gid, 27005, 27010); + + + /* Remove half of the users by name */ + tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_acct_posix, 27000, 27005); + + /* Remove the other half by uid */ + tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_acct_posix_by_uid, 27005, 27010); /* Add all test cases to the test suite */ - suite_add_tcase(s, tc_posix_users); - suite_add_tcase(s, tc_posix_gr); + suite_add_tcase(s, tc_sysdb); return s; } |