diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2009-11-02 11:40:21 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-11-04 18:33:10 -0500 |
commit | 73df935dab319ce413a8927bbae0a991008b5d07 (patch) | |
tree | b6431f768032807ac21bd6a3255d5ae39885bd02 | |
parent | a98abccf998144ff81e429cdb16af5b93fe7973b (diff) | |
download | sssd-73df935dab319ce413a8927bbae0a991008b5d07.tar.gz sssd-73df935dab319ce413a8927bbae0a991008b5d07.tar.bz2 sssd-73df935dab319ce413a8927bbae0a991008b5d07.zip |
Do not delete users, groups outside domain range
Fixes: 240
-rw-r--r-- | server/tools/sss_groupdel.c | 18 | ||||
-rw-r--r-- | server/tools/sss_userdel.c | 28 |
2 files changed, 35 insertions, 11 deletions
diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c index d6e3dfd6..d2b4edfe 100644 --- a/server/tools/sss_groupdel.c +++ b/server/tools/sss_groupdel.c @@ -90,6 +90,24 @@ int main(int argc, const char **argv) goto fini; } + ret = sysdb_getgrnam_sync(tctx, tctx->ev, tctx->sysdb, + tctx->octx->name, tctx->local, + &tctx->octx); + if (ret != EOK) { + ERROR("Cannot find group in local domain, " + "modifying groups is allowed only in local domain\n"); + ret = EXIT_FAILURE; + goto fini; + } + + if ((tctx->octx->gid < tctx->local->id_min) || + (tctx->local->id_max && tctx->octx->gid > tctx->local->id_max)) { + ERROR("Group %s is outside the defined ID range for domain\n", + tctx->octx->name); + ret = EXIT_FAILURE; + goto fini; + } + start_transaction(tctx); if (tctx->error != EOK) { goto done; diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c index d4088cb5..d34466e7 100644 --- a/server/tools/sss_userdel.c +++ b/server/tools/sss_userdel.c @@ -121,17 +121,23 @@ int main(int argc, const char **argv) goto fini; } - if (tctx->octx->remove_homedir) { - ret = sysdb_getpwnam_sync(tctx, - tctx->ev, - tctx->sysdb, - tctx->octx->name, - tctx->local, - &tctx->octx); - if (ret != EOK) { - /* Error message will be printed in the switch */ - goto done; - } + ret = sysdb_getpwnam_sync(tctx, + tctx->ev, + tctx->sysdb, + tctx->octx->name, + tctx->local, + &tctx->octx); + if (ret != EOK) { + /* Error message will be printed in the switch */ + goto done; + } + + if ((tctx->octx->uid < tctx->local->id_min) || + (tctx->local->id_max && tctx->octx->uid > tctx->local->id_max)) { + ERROR("User %s is outside the defined ID range for domain\n", + tctx->octx->name); + ret = EXIT_FAILURE; + goto fini; } start_transaction(tctx); |