diff options
-rw-r--r-- | src/responder/pac/pacsrv_cmd.c | 84 |
1 files changed, 58 insertions, 26 deletions
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index d0091dd0..5721d926 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -466,6 +466,8 @@ pac_save_memberships_delete(struct pac_save_memberships_state *state) size_t c; struct pac_req_ctx *pr_ctx; bool in_transaction = false; + TALLOC_CTX *tmp_ctx; + struct sysdb_attrs *user_attrs = NULL; pr_ctx = state->pr_ctx; @@ -478,6 +480,19 @@ pac_save_memberships_delete(struct pac_save_memberships_state *state) return EINVAL; } + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); + return ENOMEM; + } + + user_attrs = sysdb_new_attrs(tmp_ctx); + if (user_attrs == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n")); + ret = ENOMEM; + goto done; + } + ret = sysdb_transaction_start(state->group_dom->sysdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_transaction_start failed.\n")); @@ -493,6 +508,20 @@ pac_save_memberships_delete(struct pac_save_memberships_state *state) DEBUG(SSSDBG_OP_FAILURE, ("sysdb_mod_group_member failed.\n")); goto done; } + + ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF, + pr_ctx->del_grp_list[c]->orig_dn); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); + goto done; + } + } + + ret = sysdb_set_entry_attr(pr_ctx->dom->sysdb, state->user_dn, user_attrs, + LDB_FLAG_MOD_DELETE); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_set_entry_attr failed.\n")); + goto done; } ret = sysdb_transaction_commit(state->group_dom->sysdb); @@ -511,6 +540,8 @@ done: } } + talloc_free(tmp_ctx); + return ret; } @@ -613,11 +644,12 @@ pac_store_membership(struct pac_req_ctx *pr_ctx, int gid_iter) { TALLOC_CTX *tmp_ctx; - const char *group_name; - struct sysdb_attrs *group_attrs; + struct sysdb_attrs *user_attrs; struct ldb_message *group; uint32_t gid; errno_t ret; + const char *orig_group_dn; + const char *group_attrs[] = { SYSDB_ORIG_DN, NULL }; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -627,46 +659,46 @@ pac_store_membership(struct pac_req_ctx *pr_ctx, gid = pr_ctx->add_gids[gid_iter]; ret = sysdb_search_group_by_gid(tmp_ctx, group_sysdb, - gid, NULL, &group); + gid, group_attrs, &group); if (ret != EOK) { + DEBUG(SSSDBG_TRACE_INTERNAL, ("sysdb_search_group_by_gid for gid [%d]" \ + "failed [%d][%s].\n", + gid, ret, strerror(ret))); goto done; } - group_name = ldb_msg_find_attr_as_string(group, SYSDB_NAME, NULL); - if (group_name == NULL) { - ret = EIO; + ret = sysdb_mod_group_member(group_sysdb, user_dn, group->dn, + LDB_FLAG_MOD_ADD); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_mod_group_member failed.\n")); goto done; } - group_attrs = talloc_zero(tmp_ctx, struct sysdb_attrs); - if (group_attrs == NULL) { - ret = ENOMEM; + orig_group_dn = ldb_msg_find_attr_as_string(group, SYSDB_ORIG_DN, NULL); + if (orig_group_dn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("Original DN not found.\n")); + ret = EINVAL; goto done; } - group_attrs->num = 1; - group_attrs->a = ldb_msg_find_element(group, SYSDB_MEMBER); - if (group_attrs->a == NULL) { - group_attrs->a = talloc_zero(group_attrs, struct ldb_message_element); - if (group_attrs->a == NULL) { - ret = ENOMEM; - goto done; - } - group_attrs->a[0].name = talloc_strdup(group_attrs->a, SYSDB_MEMBER); - if (group_attrs->a[0].name == NULL) { - ret = ENOMEM; - goto done; - } + + user_attrs = sysdb_new_attrs(tmp_ctx); + if (user_attrs == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n")); + ret = ENOMEM; + goto done; } - ret = sysdb_attrs_add_string(group_attrs, SYSDB_MEMBER, - ldb_dn_get_linearized(user_dn)); + ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF, + orig_group_dn); if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } - ret = sysdb_store_group(group_sysdb, group_name, gid, - group_attrs, pr_ctx->dom->group_timeout, 0); + ret = sysdb_set_entry_attr(pr_ctx->dom->sysdb, user_dn, user_attrs, + LDB_FLAG_MOD_ADD); if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_set_entry_attr failed.\n")); goto done; } |