summaryrefslogtreecommitdiff
path: root/server/db
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-04-22 17:00:12 +0200
committerStephen Gallagher <sgallagh@redhat.com>2009-04-23 09:06:27 -0400
commit1e08c6f901ad477d9be4b74942487bb3e8573ce3 (patch)
tree46b2cb583493bb48c911063f6e34b230aa55e5d5 /server/db
parentabc04a747aeb90b15c5a838811cec2241afe8319 (diff)
downloadsssd-1e08c6f901ad477d9be4b74942487bb3e8573ce3.tar.gz
sssd-1e08c6f901ad477d9be4b74942487bb3e8573ce3.tar.bz2
sssd-1e08c6f901ad477d9be4b74942487bb3e8573ce3.zip
fixes for user and group creation in LOCAL domain
- added range check for supplied UIDs and GIDs - initialize pc_gid to 0 to trigger gid generation
Diffstat (limited to 'server/db')
-rw-r--r--server/db/sysdb_ops.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/server/db/sysdb_ops.c b/server/db/sysdb_ops.c
index a75c3466..7daf1170 100644
--- a/server/db/sysdb_ops.c
+++ b/server/db/sysdb_ops.c
@@ -868,6 +868,19 @@ int sysdb_add_user(struct sysdb_req *sysreq,
return EINVAL;
}
+ if (domain->id_max != 0 && (uid < domain->id_min || uid > domain->id_max)) {
+ DEBUG(2, ("Supplied uid [%d] is not in the allowed range [%d-%d].\n",
+ uid, domain->id_min, domain->id_max));
+ return EINVAL;
+ }
+
+ if (domain->id_max != 0 && (gid < domain->id_min || gid > domain->id_max)) {
+ DEBUG(2, ("Supplied gid [%d] is not in the allowed range [%d-%d].\n",
+ gid, domain->id_min, domain->id_max));
+ return EINVAL;
+ }
+
+
user_ctx = talloc(sysreq, struct user_add_ctx);
if (!user_ctx) return ENOMEM;
@@ -1052,6 +1065,12 @@ int sysdb_add_group(struct sysdb_req *sysreq,
return EINVAL;
}
+ if (domain->id_max != 0 && (gid < domain->id_min || gid > domain->id_max)) {
+ DEBUG(2, ("Supplied gid [%d] is not in the allowed range [%d-%d].\n",
+ gid, domain->id_min, domain->id_max));
+ return EINVAL;
+ }
+
group_ctx = talloc(sysreq, struct group_add_ctx);
if (!group_ctx) return ENOMEM;