Implement delete users and groups

Implement adding a group to a group Some other small fixups Add new cmd-line tool ipa-delgroup
2025-02-25 18:55:28 -06:00 · 2007-08-28 13:52:08 -04:00
parent 6eea6664e0
commit eebaa73d3d
8 changed files with 227 additions and 10 deletions
--- a/ipa-admintools/ipa-delgroup
+++ b/ipa-admintools/ipa-delgroup
@@ -0,0 +1,69 @@
+#! /usr/bin/python -E
+# Authors: Rob Crittenden <rcritten@redhat.com>
+#
+# Copyright (C) 2007  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+from optparse import OptionParser
+import ipa
+import ipa.ipaclient as ipaclient
+import ipa.config
+
+import xmlrpclib
+import kerberos
+
+def usage():
+    print "ipa-delgroup group"
+    sys.exit(1)
+
+def parse_options():
+    parser = OptionParser()
+    parser.add_option("--usage", action="store_true",
+                      help="Program usage")
+
+    args = ipa.config.init_config(sys.argv)
+    options, args = parser.parse_args(args)
+
+    return options, args
+
+def main():
+    options, args = parse_options()
+
+    if len(args) != 2:
+        usage()
+
+    try:
+        client = ipaclient.IPAClient()
+        ret = client.delete_group(args[1])
+        if (ret == "Success"):
+            print args[1] + " successfully deleted"
+        else:
+            print args[1] + " " + ret
+    except xmlrpclib.Fault, f:
+        print f.faultString
+        return 1
+    except kerberos.GSSError, e:
+        print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
+        return 1
+    except xmlrpclib.ProtocolError, e:
+        print "Unable to connect to IPA server: %s" % (e.errmsg)
+        return 1
+
+    return 0
+
+main()
--- a/ipa-admintools/ipa-deluser
+++ b/ipa-admintools/ipa-deluser
@@ -28,7 +28,7 @@ import xmlrpclib
 import kerberos

 def usage():
-    print "ipa-adduser user"
+    print "ipa-deluser user"
    sys.exit(1)

 def parse_options():
--- a/ipa-admintools/ipa-groupmod
+++ b/ipa-admintools/ipa-groupmod
@@ -58,7 +58,6 @@ def main():
    group=ipa.group.Group()
    options, args = parse_options()

-    print "len = ", len(args)
    if (options.add or options.remove) and (len(args) != 3):
        usage()
    if (options.desc and (len(args) != 2)):
@@ -68,7 +67,7 @@ def main():
        client = ipaclient.IPAClient()
        if options.add:
            client.add_user_to_group(args[1], args[2])
-            print args[1] + " successfully added"
+            print args[1] + " successfully added to " + args[2]
        elif options.remove:
            client.remove_user_from_group(args[1], args[2])
            print args[1] + " successfully removed"
--- a/ipa-python/ipaclient.py
+++ b/ipa-python/ipaclient.py
@@ -113,6 +113,14 @@ class IPAClient:
        result = self.transport.update_user(user.origDataDict(), user.toDict())
        return result

+    def delete_user(self,uid):
+        """Delete a user entry."""
+
+        realm = config.config.get_realm()
+
+        result = self.transport.delete_user(uid)
+        return result
+
    def mark_user_deleted(self,uid):
        """Set a user as inactive by uid."""

@@ -202,7 +210,17 @@ class IPAClient:
    def update_group(self,group):
        """Update a group entry."""

-        realm = config.config.get_realm()
+        return self.transport.update_group(group.origDataDict(), group.toDict())

-        result = self.transport.update_group(group.origDataDict(), group.toDict())
-        return result
+    def delete_group(self,group_cn):
+        """Delete a group entry."""
+
+        return self.transport.delete_group(group_cn)
+
+    def add_group_to_group(self, group_cn, tgroup_cn):
+        """Add a group to an existing group.
+           group_cn is a cn of the group to add
+           tgroup_cn is the cn of the group to be added to
+        """
+
+        return self.transport.add_group_to_group(group_cn, tgroup_cn)
--- a/ipa-python/rpcclient.py
+++ b/ipa-python/rpcclient.py
@@ -181,6 +181,19 @@ class RPCClient:

        return ipautil.unwrap_binary_data(result)

+    def delete_user(self,uid):
+        """Delete a user. uid is the uid of the user to delete."""
+        server = self.setup_server()
+    
+        try:
+            result = server.delete_user(uid)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+
+        return result
+
    def mark_user_deleted(self,uid):
        """Mark a user as deleted/inactive"""
        server = self.setup_server()
@@ -344,3 +357,31 @@ class RPCClient:
            raise xmlrpclib.Fault(value, msg)

        return ipautil.unwrap_binary_data(result)
+
+    def delete_group(self,group_cn):
+        """Delete a group. group_cn is the cn of the group to be deleted."""
+        server = self.setup_server()
+    
+        try:
+            result = server.delete_group(group_cn)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+
+        return ipautil.unwrap_binary_data(result)
+
+    def add_group_to_group(self, group_cn, tgroup_cn):
+        """Add a group to an existing group.
+           group_cn is a cn of the group to add
+           tgroup_cn is the cn of the group to be added to
+        """
+        server = self.setup_server()
+        try:
+            result = server.add_group_to_group(group_cn, tgroup_cn)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+    
+        return ipautil.unwrap_binary_data(result)
--- a/ipa-server/ipaserver/ipaldap.py
+++ b/ipa-server/ipaserver/ipaldap.py
@@ -389,6 +389,18 @@ class IPAdmin(SimpleLDAPObject):
            raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
        return "Success"

+    def deleteEntry(self,*args):
+        """This wraps the delete function. Use with caution."""
+
+        sctrl = self.__get_server_controls__()
+
+        try:
+            self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
+            self.delete_s(*args)
+        except ldap.LDAPError, e:
+            raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
+        return "Success"
+
    def __wrapmethods(self):
        """This wraps all methods of SimpleLDAPObject, so that we can intercept
        the methods that deal with entries.  Instead of using a raw list of tuples
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -466,6 +466,29 @@ class IPAServer:
            _LDAPPool.releaseConn(m1)
        return res

+    def delete_user (self, uid, opts=None):
+        """Delete a user. Not to be confused with inactivate_user. This
+           makes the entry go away completely.
+
+           uid is the uid of the user to delete
+
+           The memberOf plugin handles removing the user from any other
+           groups.
+        """
+        if opts:
+            self.set_principal(opts['remoteuser'])
+
+        dn = self.get_dn_from_principal(self.princ)
+
+        user_dn = self.get_user_by_uid(uid, ['dn', 'uid', 'objectclass'], opts)
+        if user_dn is None:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+        m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn)
+        res = m1.deleteEntry(user_dn['dn'])
+        _LDAPPool.releaseConn(m1)
+        return res
+
 # Group support

    def __is_group_unique(self, cn, opts):
@@ -473,11 +496,10 @@ class IPAServer:
        cn = self.__safe_filter(cn)
        filter = "(&(cn=%s)(objectclass=posixGroup))" % cn
 
-        entry = self.__get_entry(self.basedn, filter, ['dn','cn'], opts)
-
-        if entry is not None:
+        try:
+            entry = self.__get_entry(self.basedn, filter, ['dn','cn'], opts)
            return 0
-        else:
+        except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
            return 1

    def get_group_by_cn (self, cn, sattrs=None, opts=None):
@@ -681,6 +703,59 @@ class IPAServer:
        """Update a group in LDAP"""
        return self.__update_entry(oldgroup, newgroup, opts)

+    def delete_group (self, group_cn, opts=None):
+        """Delete a group
+           group_cn is the cn of the group to delete
+
+           The memberOf plugin handles removing the group from any other
+           groups.
+        """
+        if opts:
+            self.set_principal(opts['remoteuser'])
+
+        dn = self.get_dn_from_principal(self.princ)
+
+        group = self.get_group_by_cn(group_cn, ['dn', 'cn'], opts)
+
+        if len(group) != 1:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+        m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn)
+        res = m1.deleteEntry(group[0]['dn'])
+        _LDAPPool.releaseConn(m1)
+        return res
+
+    def add_group_to_group(self, group, tgroup, opts=None):
+        """Add a user to an existing group.
+           group is a cn of the group to add
+           tgroup is the cn of the group to be added to
+        """
+
+        if opts:
+            self.set_principal(opts['remoteuser'])
+
+        old_group = self.get_group_by_cn(tgroup, None, opts)
+        if old_group is None:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+        new_group = copy.deepcopy(old_group)
+
+        group_dn = self.get_group_by_cn(group, ['dn', 'cn', 'objectclass'], opts)
+        if group_dn is None:
+            raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+        if new_group.get('uniquemember') is not None:
+            if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))):
+                new_group['uniquemember'] = [new_group['uniquemember']]
+            new_group['uniquemember'].append(group_dn['dn'])
+        else:
+            new_group['uniquemember'] = group_dn['dn']
+
+        try:
+            ret = self.__update_entry(old_group, new_group, opts)
+        except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST):
+            raise
+        return ret
+
 def ldap_search_escape(match):
    """Escapes out nasty characters from the ldap search.
    See RFC 2254."""
--- a/ipa-server/xmlrpc-server/ipaxmlrpc.py
+++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py
@@ -300,6 +300,7 @@ def handler(req, profiling=False):
            h.register_function(f.get_all_users)
            h.register_function(f.find_users)
            h.register_function(f.update_user)
+            h.register_function(f.delete_user)
            h.register_function(f.mark_user_deleted)
            h.register_function(f.get_group_by_cn)
            h.register_function(f.get_group_by_dn)
@@ -307,9 +308,11 @@ def handler(req, profiling=False):
            h.register_function(f.find_groups)
            h.register_function(f.add_user_to_group)
            h.register_function(f.add_users_to_group)
+            h.register_function(f.add_group_to_group)
            h.register_function(f.remove_user_from_group)
            h.register_function(f.remove_users_from_group)
            h.register_function(f.update_group)
+            h.register_function(f.delete_group)
            h.handle_request(req)
        finally:
             pass