|
 |
5fca41 |
From a9f03f01b95031f748fdb968ae9c16b9c3d6ed21 Mon Sep 17 00:00:00 2001
|
|
|
5fca41 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
5fca41 |
Date: Wed, 18 Sep 2019 17:33:55 +0200
|
|
|
5fca41 |
Subject: [PATCH 96/97] sysdb: add sysdb_subdomain_content_delete()
|
|
|
5fca41 |
MIME-Version: 1.0
|
|
|
5fca41 |
Content-Type: text/plain; charset=UTF-8
|
|
|
5fca41 |
Content-Transfer-Encoding: 8bit
|
|
|
5fca41 |
|
|
|
5fca41 |
sysdb_subdomain_content_delete() will remove all user and group objects
|
|
|
5fca41 |
from a sub-domain container but not the sub-domain object and the user
|
|
|
5fca41 |
and group container itself.
|
|
|
5fca41 |
|
|
|
5fca41 |
Related to https://pagure.io/SSSD/sssd/issue/4078
|
|
|
5fca41 |
|
|
|
5fca41 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
5fca41 |
---
|
|
|
5fca41 |
src/db/sysdb.h | 8 ++++
|
|
|
5fca41 |
src/db/sysdb_ops.c | 17 ++++++--
|
|
|
5fca41 |
src/db/sysdb_subdomains.c | 20 ++++++++-
|
|
|
5fca41 |
src/tests/sysdb-tests.c | 88 +++++++++++++++++++++++++++++++++++++++
|
|
|
5fca41 |
4 files changed, 127 insertions(+), 6 deletions(-)
|
|
|
5fca41 |
|
|
|
5fca41 |
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
|
|
|
5fca41 |
index 0a7e7c4f8..f8a2c87ae 100644
|
|
|
5fca41 |
--- a/src/db/sysdb.h
|
|
|
5fca41 |
+++ b/src/db/sysdb.h
|
|
|
5fca41 |
@@ -557,6 +557,9 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
|
|
|
5fca41 |
|
|
|
5fca41 |
errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
|
|
|
5fca41 |
|
|
|
5fca41 |
+errno_t sysdb_subdomain_content_delete(struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
+ const char *name);
|
|
|
5fca41 |
+
|
|
|
5fca41 |
errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
size_t *range_count,
|
|
|
5fca41 |
struct range_info ***range_list);
|
|
|
5fca41 |
@@ -892,6 +895,11 @@ int sysdb_delete_recursive(struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
struct ldb_dn *dn,
|
|
|
5fca41 |
bool ignore_not_found);
|
|
|
5fca41 |
|
|
|
5fca41 |
+int sysdb_delete_recursive_with_filter(struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
+ struct ldb_dn *dn,
|
|
|
5fca41 |
+ bool ignore_not_found,
|
|
|
5fca41 |
+ const char *filter);
|
|
|
5fca41 |
+
|
|
|
5fca41 |
/* Mark entry as expired */
|
|
|
5fca41 |
errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom,
|
|
|
5fca41 |
struct ldb_dn *ldbdn);
|
|
|
5fca41 |
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
|
|
|
5fca41 |
index fa3842d8f..262e12380 100644
|
|
|
5fca41 |
--- a/src/db/sysdb_ops.c
|
|
|
5fca41 |
+++ b/src/db/sysdb_ops.c
|
|
|
5fca41 |
@@ -196,9 +196,10 @@ int sysdb_delete_entry(struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
|
|
|
5fca41 |
/* =Remove-Subentries-From-Sysdb=========================================== */
|
|
|
5fca41 |
|
|
|
5fca41 |
-int sysdb_delete_recursive(struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
- struct ldb_dn *dn,
|
|
|
5fca41 |
- bool ignore_not_found)
|
|
|
5fca41 |
+int sysdb_delete_recursive_with_filter(struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
+ struct ldb_dn *dn,
|
|
|
5fca41 |
+ bool ignore_not_found,
|
|
|
5fca41 |
+ const char *filter)
|
|
|
5fca41 |
{
|
|
|
5fca41 |
const char *no_attrs[] = { NULL };
|
|
|
5fca41 |
struct ldb_message **msgs;
|
|
|
5fca41 |
@@ -219,7 +220,7 @@ int sysdb_delete_recursive(struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
}
|
|
|
5fca41 |
|
|
|
5fca41 |
ret = sysdb_search_entry(tmp_ctx, sysdb, dn,
|
|
|
5fca41 |
- LDB_SCOPE_SUBTREE, "(distinguishedName=*)",
|
|
|
5fca41 |
+ LDB_SCOPE_SUBTREE, filter,
|
|
|
5fca41 |
no_attrs, &msgs_count, &msgs);
|
|
|
5fca41 |
if (ret) {
|
|
|
5fca41 |
if (ignore_not_found && ret == ENOENT) {
|
|
|
5fca41 |
@@ -258,6 +259,14 @@ done:
|
|
|
5fca41 |
return ret;
|
|
|
5fca41 |
}
|
|
|
5fca41 |
|
|
|
5fca41 |
+int sysdb_delete_recursive(struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
+ struct ldb_dn *dn,
|
|
|
5fca41 |
+ bool ignore_not_found)
|
|
|
5fca41 |
+{
|
|
|
5fca41 |
+ return sysdb_delete_recursive_with_filter(sysdb, dn, ignore_not_found,
|
|
|
5fca41 |
+ "(distinguishedName=*)");
|
|
|
5fca41 |
+}
|
|
|
5fca41 |
+
|
|
|
5fca41 |
|
|
|
5fca41 |
/* =Search-Entry========================================================== */
|
|
|
5fca41 |
|
|
|
5fca41 |
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
|
|
|
5fca41 |
index af838b44c..0ca6a611f 100644
|
|
|
5fca41 |
--- a/src/db/sysdb_subdomains.c
|
|
|
5fca41 |
+++ b/src/db/sysdb_subdomains.c
|
|
|
5fca41 |
@@ -1250,7 +1250,9 @@ done:
|
|
|
5fca41 |
return ret;
|
|
|
5fca41 |
}
|
|
|
5fca41 |
|
|
|
5fca41 |
-errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name)
|
|
|
5fca41 |
+static errno_t sysdb_subdomain_delete_with_filter(struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
+ const char *name,
|
|
|
5fca41 |
+ const char *filter)
|
|
|
5fca41 |
{
|
|
|
5fca41 |
TALLOC_CTX *tmp_ctx = NULL;
|
|
|
5fca41 |
struct ldb_dn *dn;
|
|
|
5fca41 |
@@ -1269,7 +1271,7 @@ errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name)
|
|
|
5fca41 |
goto done;
|
|
|
5fca41 |
}
|
|
|
5fca41 |
|
|
|
5fca41 |
- ret = sysdb_delete_recursive(sysdb, dn, true);
|
|
|
5fca41 |
+ ret = sysdb_delete_recursive_with_filter(sysdb, dn, true, filter);
|
|
|
5fca41 |
if (ret != EOK) {
|
|
|
5fca41 |
DEBUG(SSSDBG_OP_FAILURE, "sysdb_delete_recursive failed.\n");
|
|
|
5fca41 |
goto done;
|
|
|
5fca41 |
@@ -1280,6 +1282,20 @@ done:
|
|
|
5fca41 |
return ret;
|
|
|
5fca41 |
}
|
|
|
5fca41 |
|
|
|
5fca41 |
+errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name)
|
|
|
5fca41 |
+{
|
|
|
5fca41 |
+ return sysdb_subdomain_delete_with_filter(sysdb, name,
|
|
|
5fca41 |
+ "(distinguishedName=*)");
|
|
|
5fca41 |
+}
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+errno_t sysdb_subdomain_content_delete(struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
+ const char *name)
|
|
|
5fca41 |
+{
|
|
|
5fca41 |
+ const char *filter = "(|("SYSDB_UC")("SYSDB_GC"))";
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ return sysdb_subdomain_delete_with_filter(sysdb, name, filter);
|
|
|
5fca41 |
+}
|
|
|
5fca41 |
+
|
|
|
5fca41 |
errno_t
|
|
|
5fca41 |
sysdb_domain_get_domain_resolution_order(TALLOC_CTX *mem_ctx,
|
|
|
5fca41 |
struct sysdb_ctx *sysdb,
|
|
|
5fca41 |
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
|
|
|
5fca41 |
index 22460d9db..45a278e2a 100644
|
|
|
5fca41 |
--- a/src/tests/sysdb-tests.c
|
|
|
5fca41 |
+++ b/src/tests/sysdb-tests.c
|
|
|
5fca41 |
@@ -6204,6 +6204,93 @@ START_TEST(test_sysdb_subdomain_store_user)
|
|
|
5fca41 |
}
|
|
|
5fca41 |
END_TEST
|
|
|
5fca41 |
|
|
|
5fca41 |
+START_TEST(test_sysdb_subdomain_content_delete)
|
|
|
5fca41 |
+{
|
|
|
5fca41 |
+ struct sysdb_test_ctx *test_ctx;
|
|
|
5fca41 |
+ errno_t ret;
|
|
|
5fca41 |
+ struct sss_domain_info *subdomain = NULL;
|
|
|
5fca41 |
+ struct ldb_result *results = NULL;
|
|
|
5fca41 |
+ struct ldb_dn *base_dn = NULL;
|
|
|
5fca41 |
+ struct ldb_dn *check_dn = NULL;
|
|
|
5fca41 |
+ struct ldb_dn *check_dom_dn = NULL;
|
|
|
5fca41 |
+ struct test_data *data;
|
|
|
5fca41 |
+ char *alias;
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ ret = setup_sysdb_tests(&test_ctx);
|
|
|
5fca41 |
+ fail_if(ret != EOK, "Could not set up the test");
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ subdomain = new_subdomain(test_ctx, test_ctx->domain,
|
|
|
5fca41 |
+ testdom[0], testdom[1], testdom[2], testdom[3],
|
|
|
5fca41 |
+ MPG_DISABLED, false, NULL, NULL, 0, NULL, true);
|
|
|
5fca41 |
+ fail_unless(subdomain != NULL, "Failed to create new subdomain.");
|
|
|
5fca41 |
+ ret = sysdb_subdomain_store(test_ctx->sysdb,
|
|
|
5fca41 |
+ testdom[0], testdom[1], testdom[2], testdom[3],
|
|
|
5fca41 |
+ false, false, NULL, 0, NULL);
|
|
|
5fca41 |
+ fail_if(ret != EOK, "Could not set up the test (test subdom)");
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ ret = sysdb_update_subdomains(test_ctx->domain, NULL);
|
|
|
5fca41 |
+ fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]",
|
|
|
5fca41 |
+ ret, strerror(ret));
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ data = test_data_new_user(test_ctx, 12345);
|
|
|
5fca41 |
+ fail_if(data == NULL);
|
|
|
5fca41 |
+ data->username = test_asprintf_fqname(data, subdomain, "SubDomUser");
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ alias = test_asprintf_fqname(data, subdomain, "subdomuser");
|
|
|
5fca41 |
+ fail_if(alias == NULL);
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ ret = sysdb_attrs_add_string(data->attrs, SYSDB_NAME_ALIAS, alias);
|
|
|
5fca41 |
+ fail_unless(ret == EOK, "sysdb_store_user failed.");
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ ret = sysdb_store_user(subdomain, data->username,
|
|
|
5fca41 |
+ NULL, data->uid, 0, "Sub Domain User",
|
|
|
5fca41 |
+ "/home/subdomuser", "/bin/bash",
|
|
|
5fca41 |
+ NULL, data->attrs, NULL, -1, 0);
|
|
|
5fca41 |
+ fail_unless(ret == EOK, "sysdb_store_user failed.");
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ base_dn =ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, "cn=sysdb");
|
|
|
5fca41 |
+ fail_unless(base_dn != NULL);
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ check_dn = sysdb_user_dn(data, subdomain, data->username);
|
|
|
5fca41 |
+ fail_unless(check_dn != NULL);
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn,
|
|
|
5fca41 |
+ LDB_SCOPE_SUBTREE, NULL, "name=%s", data->username);
|
|
|
5fca41 |
+ fail_unless(ret == EOK, "ldb_search failed.");
|
|
|
5fca41 |
+ fail_unless(results->count == 1, "Unexpected number of results, "
|
|
|
5fca41 |
+ "expected [%d], got [%d]",
|
|
|
5fca41 |
+ 1, results->count);
|
|
|
5fca41 |
+ fail_unless(ldb_dn_compare(results->msgs[0]->dn, check_dn) == 0,
|
|
|
5fca41 |
+ "Unexpected DN returned");
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ ret = sysdb_subdomain_content_delete(test_ctx->sysdb, testdom[0]);
|
|
|
5fca41 |
+ fail_unless(ret == EOK, "sysdb_subdomain_content_delete failed.");
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ /* Check if user is removed */
|
|
|
5fca41 |
+ ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn,
|
|
|
5fca41 |
+ LDB_SCOPE_SUBTREE, NULL, "name=%s", alias);
|
|
|
5fca41 |
+ fail_unless(ret == EOK, "ldb_search failed.");
|
|
|
5fca41 |
+ fail_unless(results->count == 0, "Unexpected number of results, "
|
|
|
5fca41 |
+ "expected [%d], got [%d]",
|
|
|
5fca41 |
+ 0, results->count);
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ check_dom_dn = ldb_dn_new_fmt(test_ctx, test_ctx->sysdb->ldb,
|
|
|
5fca41 |
+ SYSDB_DOM_BASE, testdom[0]);
|
|
|
5fca41 |
+ fail_unless(check_dom_dn != NULL, "ldb_dn_new_fmt failed.");
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+ /* Check if domain object is still present */
|
|
|
5fca41 |
+ ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn,
|
|
|
5fca41 |
+ LDB_SCOPE_SUBTREE, NULL, "cn=%s", testdom[0]);
|
|
|
5fca41 |
+ fail_unless(ret == EOK, "ldb_search failed.");
|
|
|
5fca41 |
+ fail_unless(results->count == 1, "Unexpected number of results, "
|
|
|
5fca41 |
+ "expected [%d], got [%d]",
|
|
|
5fca41 |
+ 1, results->count);
|
|
|
5fca41 |
+ fail_unless(ldb_dn_compare(results->msgs[0]->dn, check_dom_dn) == 0,
|
|
|
5fca41 |
+ "Unexpected DN returned");
|
|
|
5fca41 |
+
|
|
|
5fca41 |
+}
|
|
|
5fca41 |
+END_TEST
|
|
|
5fca41 |
+
|
|
|
5fca41 |
START_TEST(test_sysdb_subdomain_user_ops)
|
|
|
5fca41 |
{
|
|
|
5fca41 |
struct sysdb_test_ctx *test_ctx;
|
|
|
5fca41 |
@@ -7574,6 +7661,7 @@ Suite *create_sysdb_suite(void)
|
|
|
5fca41 |
TCase *tc_subdomain = tcase_create("SYSDB sub-domain Tests");
|
|
|
5fca41 |
|
|
|
5fca41 |
tcase_add_test(tc_subdomain, test_sysdb_subdomain_store_user);
|
|
|
5fca41 |
+ tcase_add_test(tc_subdomain, test_sysdb_subdomain_content_delete);
|
|
|
5fca41 |
tcase_add_test(tc_subdomain, test_sysdb_subdomain_user_ops);
|
|
|
5fca41 |
tcase_add_test(tc_subdomain, test_sysdb_subdomain_group_ops);
|
|
|
5fca41 |
|
|
|
5fca41 |
--
|
|
|
5fca41 |
2.20.1
|
|
|
5fca41 |
|