summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2009-11-02 11:40:21 +0100
committerStephen Gallagher <sgallagh@redhat.com>2009-11-04 18:33:10 -0500
commit73df935dab319ce413a8927bbae0a991008b5d07 (patch)
treeb6431f768032807ac21bd6a3255d5ae39885bd02
parenta98abccf998144ff81e429cdb16af5b93fe7973b (diff)
downloadsssd-73df935dab319ce413a8927bbae0a991008b5d07.tar.gz
sssd-73df935dab319ce413a8927bbae0a991008b5d07.tar.bz2
sssd-73df935dab319ce413a8927bbae0a991008b5d07.zip
Do not delete users, groups outside domain range
Fixes: 240
-rw-r--r--server/tools/sss_groupdel.c18
-rw-r--r--server/tools/sss_userdel.c28
2 files changed, 35 insertions, 11 deletions
diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c
index d6e3dfd6..d2b4edfe 100644
--- a/server/tools/sss_groupdel.c
+++ b/server/tools/sss_groupdel.c
@@ -90,6 +90,24 @@ int main(int argc, const char **argv)
goto fini;
}
+ ret = sysdb_getgrnam_sync(tctx, tctx->ev, tctx->sysdb,
+ tctx->octx->name, tctx->local,
+ &tctx->octx);
+ if (ret != EOK) {
+ ERROR("Cannot find group in local domain, "
+ "modifying groups is allowed only in local domain\n");
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
+ if ((tctx->octx->gid < tctx->local->id_min) ||
+ (tctx->local->id_max && tctx->octx->gid > tctx->local->id_max)) {
+ ERROR("Group %s is outside the defined ID range for domain\n",
+ tctx->octx->name);
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+
start_transaction(tctx);
if (tctx->error != EOK) {
goto done;
diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c
index d4088cb5..d34466e7 100644
--- a/server/tools/sss_userdel.c
+++ b/server/tools/sss_userdel.c
@@ -121,17 +121,23 @@ int main(int argc, const char **argv)
goto fini;
}
- if (tctx->octx->remove_homedir) {
- ret = sysdb_getpwnam_sync(tctx,
- tctx->ev,
- tctx->sysdb,
- tctx->octx->name,
- tctx->local,
- &tctx->octx);
- if (ret != EOK) {
- /* Error message will be printed in the switch */
- goto done;
- }
+ ret = sysdb_getpwnam_sync(tctx,
+ tctx->ev,
+ tctx->sysdb,
+ tctx->octx->name,
+ tctx->local,
+ &tctx->octx);
+ if (ret != EOK) {
+ /* Error message will be printed in the switch */
+ goto done;
+ }
+
+ if ((tctx->octx->uid < tctx->local->id_min) ||
+ (tctx->local->id_max && tctx->octx->uid > tctx->local->id_max)) {
+ ERROR("User %s is outside the defined ID range for domain\n",
+ tctx->octx->name);
+ ret = EXIT_FAILURE;
+ goto fini;
}
start_transaction(tctx);