From d59e1d2397c92a2c9f43eb310d99d81cc835b37e Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Mon, 2 Aug 2010 10:47:10 -0400
Subject: Add sysdb_update_members function

This function will take a user, a list of groups that this user
should be added to and a list of groups the user should be removed
from and will recursively call sysdb_[add|remove]_group_member

Includes a unit test
---
 src/db/sysdb.h     |  5 +++++
 src/db/sysdb_ops.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+)

(limited to 'src/db')

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 5c0b744f..e199ed94 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -453,6 +453,11 @@ int sysdb_remove_group_member(TALLOC_CTX *mem_ctx,
                               struct sss_domain_info *domain,
                               const char *group,
                               const char *user);
+errno_t sysdb_update_members(struct sysdb_ctx *sysdb,
+                             struct sss_domain_info *domain,
+                             const char *user,
+                             const char **add_groups,
+                             const char **del_groups);
 
 /* Password caching function.
  * If you are in a transaction ignore sysdb and pass in the handle.
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 7f454311..d86c35d6 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2199,3 +2199,59 @@ done:
     }
     return ret;
 }
+
+errno_t sysdb_update_members(struct sysdb_ctx *sysdb,
+                             struct sss_domain_info *domain,
+                             const char *user,
+                             const char **add_groups,
+                             const char **del_groups)
+{
+    errno_t ret;
+    int i;
+
+    TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+    if(!tmp_ctx) {
+        return ENOMEM;
+    }
+
+    ret = sysdb_transaction_start(sysdb);
+    if (ret != EOK) {
+        DEBUG(0, ("Failed to start update transaction\n"));
+        goto done;
+    }
+
+    if (add_groups) {
+        /* Add the user to all add_groups */
+        for (i = 0; add_groups[i]; i++) {
+            ret = sysdb_add_group_member(tmp_ctx, sysdb, domain,
+                                         add_groups[i], user);
+            if (ret != EOK) {
+                DEBUG(1, ("Could not add user [%s] to group [%s]. "
+                          "Skipping.\n"));
+                /* Continue on, we should try to finish the rest */
+            }
+        }
+    }
+
+    if (del_groups) {
+        /* Remove the user from all del_groups */
+        for (i = 0; del_groups[i]; i++) {
+            ret = sysdb_remove_group_member(tmp_ctx, sysdb, domain,
+                                            del_groups[i], user);
+            if (ret != EOK) {
+                DEBUG(1, ("Could not remove user [%s] from group [%s]. "
+                          "Skipping\n"));
+                /* Continue on, we should try to finish the rest */
+            }
+        }
+    }
+
+    ret = sysdb_transaction_commit(sysdb);
+
+done:
+    if (ret != EOK) {
+        sysdb_transaction_cancel(sysdb);
+    }
+    talloc_free(tmp_ctx);
+    return ret;
+}
-- 
cgit