summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2009-09-10 22:34:56 +0200
committerSimo Sorce <ssorce@redhat.com>2009-09-23 07:33:45 -0400
commit716a203f171fda4bcb3e2bf9f2564b331ac1f85a (patch)
tree75514074d7d9e850ff5cd74f625b0e2930c6b367
parent87b8670b2749d02ffdc6c06506ac692b09db5be2 (diff)
downloadsssd-716a203f171fda4bcb3e2bf9f2564b331ac1f85a.tar.gz
sssd-716a203f171fda4bcb3e2bf9f2564b331ac1f85a.tar.bz2
sssd-716a203f171fda4bcb3e2bf9f2564b331ac1f85a.zip
Allow entering parent groups as FQDN
Allow entering parent groups for groupadd,useradd,usermod as FQDN. Since members and parents must be from the same domain, error out if we can't determine the domain of member. Fixes: #121
-rw-r--r--server/tools/sss_groupadd.c2
-rw-r--r--server/tools/sss_groupdel.c2
-rw-r--r--server/tools/sss_groupmod.c16
-rw-r--r--server/tools/sss_useradd.c9
-rw-r--r--server/tools/sss_userdel.c2
-rw-r--r--server/tools/sss_usermod.c16
-rw-r--r--server/tools/tools_util.c40
-rw-r--r--server/tools/tools_util.h3
8 files changed, 83 insertions, 7 deletions
diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c
index f528730c..72bd0fdf 100644
--- a/server/tools/sss_groupadd.c
+++ b/server/tools/sss_groupadd.c
@@ -126,7 +126,7 @@ int main(int argc, const char **argv)
/* if the domain was not given as part of FQDN, default to local domain */
ret = parse_name_domain(tctx, pc_groupname);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c
index 6677eb96..3134279d 100644
--- a/server/tools/sss_groupdel.c
+++ b/server/tools/sss_groupdel.c
@@ -124,7 +124,7 @@ int main(int argc, const char **argv)
/* if the domain was not given as part of FQDN, default to local domain */
ret = parse_name_domain(tctx, pc_groupname);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c
index caf44661..1ecf076c 100644
--- a/server/tools/sss_groupmod.c
+++ b/server/tools/sss_groupmod.c
@@ -149,7 +149,7 @@ int main(int argc, const char **argv)
ret = parse_name_domain(tctx, pc_groupname);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -163,6 +163,13 @@ int main(int argc, const char **argv)
ERROR("Internal error while parsing parameters\n");
goto fini;
}
+
+ ret = parse_group_name_domain(tctx, tctx->octx->addgroups);
+ if (ret != EOK) {
+ DEBUG(1, ("Cannot parse FQDN groups to add the group to\n"));
+ ERROR("Member groups must be in the same domain as parent group\n");
+ goto fini;
+ }
}
if (rmgroups) {
@@ -172,6 +179,13 @@ int main(int argc, const char **argv)
ERROR("Internal error while parsing parameters\n");
goto fini;
}
+
+ ret = parse_group_name_domain(tctx, tctx->octx->rmgroups);
+ if (ret != EOK) {
+ DEBUG(1, ("Cannot parse FQDN groups to remove the group from\n"));
+ ERROR("Member groups must be in the same domain as parent group\n");
+ goto fini;
+ }
}
if (id_in_range(tctx->octx->gid, tctx->octx->domain) != EOK) {
diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c
index becf205a..61034bef 100644
--- a/server/tools/sss_useradd.c
+++ b/server/tools/sss_useradd.c
@@ -221,7 +221,7 @@ int main(int argc, const char **argv)
/* if the domain was not given as part of FQDN, default to local domain */
ret = parse_name_domain(tctx, pc_username);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -233,6 +233,13 @@ int main(int argc, const char **argv)
ERROR("Internal error while parsing parameters\n");
goto fini;
}
+
+ ret = parse_group_name_domain(tctx, tctx->octx->addgroups);
+ if (ret != EOK) {
+ DEBUG(1, ("Cannot parse FQDN groups to add the user to\n"));
+ ERROR("Groups must be in the same domain as user\n");
+ goto fini;
+ }
}
/* Same as shadow-utils useradd, -g can specify gid or group name */
diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c
index 7c20a690..83db3cd5 100644
--- a/server/tools/sss_userdel.c
+++ b/server/tools/sss_userdel.c
@@ -124,7 +124,7 @@ int main(int argc, const char **argv)
/* if the domain was not given as part of FQDN, default to local domain */
ret = parse_name_domain(tctx, pc_username);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c
index 02ed74e4..5be1dfb6 100644
--- a/server/tools/sss_usermod.c
+++ b/server/tools/sss_usermod.c
@@ -165,7 +165,7 @@ int main(int argc, const char **argv)
/* if the domain was not given as part of FQDN, default to local domain */
ret = parse_name_domain(tctx, pc_username);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -183,6 +183,13 @@ int main(int argc, const char **argv)
ERROR("Internal error while parsing parameters\n");
goto fini;
}
+
+ ret = parse_group_name_domain(tctx, tctx->octx->addgroups);
+ if (ret != EOK) {
+ DEBUG(1, ("Cannot parse FQDN groups to add the user to\n"));
+ ERROR("Groups must be in the same domain as user\n");
+ goto fini;
+ }
}
if (rmgroups) {
@@ -192,6 +199,13 @@ int main(int argc, const char **argv)
ERROR("Internal error while parsing parameters\n");
goto fini;
}
+
+ ret = parse_group_name_domain(tctx, tctx->octx->rmgroups);
+ if (ret != EOK) {
+ DEBUG(1, ("Cannot parse FQDN groups to remove the user from\n"));
+ ERROR("Groups must be in the same domain as user\n");
+ goto fini;
+ }
}
tctx->octx->gecos = pc_gecos;
diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c
index eeec13c0..a6ccbc94 100644
--- a/server/tools/tools_util.c
+++ b/server/tools/tools_util.c
@@ -135,6 +135,44 @@ int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out)
return EOK;
}
+int parse_group_name_domain(struct tools_ctx *tctx,
+ char **groups)
+{
+ int i;
+ int ret;
+ char *name = NULL;
+ char *domain = NULL;
+
+ if (!groups) {
+ return EOK;
+ }
+
+ for (i = 0; groups[i]; ++i) {
+ ret = sss_parse_name(tctx, tctx->snctx, groups[i], &domain, &name);
+
+ /* If FQDN is specified, it must be within the same domain as user */
+ if (domain) {
+ if (strcmp(domain, tctx->octx->domain->name) != 0) {
+ return EINVAL;
+ }
+
+ /* Use only groupname */
+ talloc_zfree(groups[i]);
+ groups[i] = talloc_strdup(tctx, name);
+ if (groups[i] == NULL) {
+ return ENOMEM;
+ }
+ }
+
+ talloc_zfree(name);
+ talloc_zfree(domain);
+ }
+
+ talloc_zfree(name);
+ talloc_zfree(domain);
+ return EOK;
+}
+
int parse_name_domain(struct tools_ctx *tctx,
const char *fullname)
{
@@ -152,7 +190,7 @@ int parse_name_domain(struct tools_ctx *tctx,
DEBUG(5, ("Parsed domain: %s\n", domain));
/* only the local domain, whatever named is allowed in tools */
if (strcasecmp(domain, tctx->local->name) != 0) {
- DEBUG(0, ("Invalid domain %s specified in FQDN\n", domain));
+ DEBUG(1, ("Invalid domain %s specified in FQDN\n", domain));
return EINVAL;
}
}
diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h
index c63b9033..f17e68da 100644
--- a/server/tools/tools_util.h
+++ b/server/tools/tools_util.h
@@ -70,6 +70,9 @@ int parse_groups(TALLOC_CTX *mem_ctx,
const char *optstr,
char ***_out);
+int parse_group_name_domain(struct tools_ctx *tctx,
+ char **groups);
+
void tools_transaction_done(struct tevent_req *req);
#endif /* __TOOLS_UTIL_H__ */