From 6ff294ac06863ea76463c3fa3549cc46a60b75ad Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Sep 26 2013 19:11:52 +0000 Subject: sysdb: sysdb_update_members can take either name or dn We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066 --- diff --git a/src/db/sysdb.h b/src/db/sysdb.h index f923217..c2a42d5 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -690,13 +690,15 @@ int sysdb_add_group_member(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *group, const char *member, - enum sysdb_member_type type); + enum sysdb_member_type type, + bool is_dn); int sysdb_remove_group_member(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *group, const char *member, - enum sysdb_member_type type); + enum sysdb_member_type type, + bool is_dn); errno_t sysdb_update_members(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, @@ -705,6 +707,13 @@ errno_t sysdb_update_members(struct sysdb_ctx *sysdb, const char *const *add_groups, const char *const *del_groups); +errno_t sysdb_update_members_dn(struct sysdb_ctx *sysdb, + struct sss_domain_info *member_domain, + const char *member, + enum sysdb_member_type type, + const char *const *add_groups, + const char *const *del_groups); + /* Password caching function. * If you are in a transaction ignore sysdb and pass in the handle. * If you are not in a transaction pass NULL in handle and provide sysdb, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 0197d8e..ca23fad 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1997,7 +1997,8 @@ sysdb_group_membership_mod(struct sysdb_ctx *sysdb, const char *group, const char *member, enum sysdb_member_type type, - int modify_op) + int modify_op, + bool is_dn) { struct ldb_dn *group_dn; struct ldb_dn *member_dn; @@ -2021,7 +2022,12 @@ sysdb_group_membership_mod(struct sysdb_ctx *sysdb, goto done; } - group_dn = sysdb_group_dn(sysdb, tmp_ctx, domain, group); + if (!is_dn) { + group_dn = sysdb_group_dn(sysdb, tmp_ctx, domain, group); + } else { + group_dn = ldb_dn_new(tmp_ctx, sysdb->ldb, group); + } + if (!group_dn) { ret = ENOMEM; goto done; @@ -2038,10 +2044,11 @@ int sysdb_add_group_member(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *group, const char *member, - enum sysdb_member_type type) + enum sysdb_member_type type, + bool is_dn) { - return sysdb_group_membership_mod(sysdb, domain, group, - member, type, SYSDB_MOD_ADD); + return sysdb_group_membership_mod(sysdb, domain, group, member, + type, SYSDB_MOD_ADD, is_dn); } /* =Remove-member-from-Group(Native/Legacy)=============================== */ @@ -2051,10 +2058,11 @@ int sysdb_remove_group_member(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *group, const char *member, - enum sysdb_member_type type) + enum sysdb_member_type type, + bool is_dn) { - return sysdb_group_membership_mod(sysdb, domain, group, - member, type, SYSDB_MOD_DEL); + return sysdb_group_membership_mod(sysdb, domain, group, member, + type, SYSDB_MOD_DEL, is_dn); } @@ -3116,12 +3124,13 @@ done: return ret; } -errno_t sysdb_update_members(struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - const char *member, - enum sysdb_member_type type, - const char *const *add_groups, - const char *const *del_groups) +static errno_t sysdb_update_members_ex(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *member, + enum sysdb_member_type type, + const char *const *add_groups, + const char *const *del_groups, + bool is_dn) { errno_t ret; errno_t sret; @@ -3144,8 +3153,8 @@ errno_t sysdb_update_members(struct sysdb_ctx *sysdb, if (add_groups) { /* Add the user to all add_groups */ for (i = 0; add_groups[i]; i++) { - ret = sysdb_add_group_member(sysdb, domain, - add_groups[i], member, type); + ret = sysdb_add_group_member(sysdb, domain, add_groups[i], + member, type, is_dn); if (ret != EOK) { DEBUG(1, ("Could not add member [%s] to group [%s]. " "Skipping.\n", member, add_groups[i])); @@ -3157,8 +3166,8 @@ errno_t sysdb_update_members(struct sysdb_ctx *sysdb, if (del_groups) { /* Remove the user from all del_groups */ for (i = 0; del_groups[i]; i++) { - ret = sysdb_remove_group_member(sysdb, domain, - del_groups[i], member, type); + ret = sysdb_remove_group_member(sysdb, domain, del_groups[i], + member, type, is_dn); if (ret != EOK) { DEBUG(1, ("Could not remove member [%s] from group [%s]. " "Skipping\n", member, del_groups[i])); @@ -3186,6 +3195,28 @@ done: return ret; } +errno_t sysdb_update_members(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *member, + enum sysdb_member_type type, + const char *const *add_groups, + const char *const *del_groups) +{ + return sysdb_update_members_ex(sysdb, domain, member, type, + add_groups, del_groups, false); +} + +errno_t sysdb_update_members_dn(struct sysdb_ctx *sysdb, + struct sss_domain_info *member_domain, + const char *member, + enum sysdb_member_type type, + const char *const *add_groups, + const char *const *del_groups) +{ + return sysdb_update_members_ex(sysdb, member_domain, member, type, + add_groups, del_groups, true); +} + errno_t sysdb_remove_attrs(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, diff --git a/src/tests/simple_access-tests.c b/src/tests/simple_access-tests.c index aaf7578..6d214dc 100644 --- a/src/tests/simple_access-tests.c +++ b/src/tests/simple_access-tests.c @@ -189,11 +189,11 @@ void setup_simple_group(void) fail_if(ret != EOK, "Could not add g2"); ret = sysdb_add_group_member(test_ctx->sysdb, test_ctx->ctx->domain, - "g1", "u1", SYSDB_MEMBER_USER); + "g1", "u1", SYSDB_MEMBER_USER, false); fail_if(ret != EOK, "Could not add u1 to g1"); ret = sysdb_add_group_member(test_ctx->sysdb, test_ctx->ctx->domain, - "g2", "u2", SYSDB_MEMBER_USER); + "g2", "u2", SYSDB_MEMBER_USER, false); fail_if(ret != EOK, "Could not add u2 to g2"); } diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index d0aff2d..781d395 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -331,7 +331,7 @@ static int test_add_group_member(struct test_data *data) ret = sysdb_add_group_member(data->ctx->sysdb, data->ctx->domain, data->groupname, username, - SYSDB_MEMBER_USER); + SYSDB_MEMBER_USER, false); return ret; } @@ -347,7 +347,7 @@ static int test_remove_group_member(struct test_data *data) ret = sysdb_remove_group_member(data->ctx->sysdb, data->ctx->domain, data->groupname, username, - SYSDB_MEMBER_USER); + SYSDB_MEMBER_USER, false); return ret; } @@ -3969,7 +3969,7 @@ START_TEST(test_odd_characters) /* Add to the group */ ret = sysdb_add_group_member(test_ctx->sysdb, test_ctx->domain, odd_groupname, odd_username, - SYSDB_MEMBER_USER); + SYSDB_MEMBER_USER, false); fail_unless(ret == EOK, "sysdb_add_group_member error [%d][%s]", ret, strerror(ret));