summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--server/tools/sss_groupadd.c2
-rw-r--r--server/tools/sss_groupdel.c2
-rw-r--r--server/tools/sss_groupmod.c16
-rw-r--r--server/tools/sss_useradd.c9
-rw-r--r--server/tools/sss_userdel.c2
-rw-r--r--server/tools/sss_usermod.c16
-rw-r--r--server/tools/tools_util.c40
-rw-r--r--server/tools/tools_util.h3
8 files changed, 83 insertions, 7 deletions
diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c
index f528730c..72bd0fdf 100644
--- a/server/tools/sss_groupadd.c
+++ b/server/tools/sss_groupadd.c
@@ -126,7 +126,7 @@ int main(int argc, const char **argv)
/* if the domain was not given as part of FQDN, default to local domain */
ret = parse_name_domain(tctx, pc_groupname);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c
index 6677eb96..3134279d 100644
--- a/server/tools/sss_groupdel.c
+++ b/server/tools/sss_groupdel.c
@@ -124,7 +124,7 @@ int main(int argc, const char **argv)
/* if the domain was not given as part of FQDN, default to local domain */
ret = parse_name_domain(tctx, pc_groupname);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c
index caf44661..1ecf076c 100644
--- a/server/tools/sss_groupmod.c
+++ b/server/tools/sss_groupmod.c
@@ -149,7 +149,7 @@ int main(int argc, const char **argv)
ret = parse_name_domain(tctx, pc_groupname);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -163,6 +163,13 @@ int main(int argc, const char **argv)
ERROR("Internal error while parsing parameters\n");
goto fini;
}
+
+ ret = parse_group_name_domain(tctx, tctx->octx->addgroups);
+ if (ret != EOK) {
+ DEBUG(1, ("Cannot parse FQDN groups to add the group to\n"));
+ ERROR("Member groups must be in the same domain as parent group\n");
+ goto fini;
+ }
}
if (rmgroups) {
@@ -172,6 +179,13 @@ int main(int argc, const char **argv)
ERROR("Internal error while parsing parameters\n");
goto fini;
}
+
+ ret = parse_group_name_domain(tctx, tctx->octx->rmgroups);
+ if (ret != EOK) {
+ DEBUG(1, ("Cannot parse FQDN groups to remove the group from\n"));
+ ERROR("Member groups must be in the same domain as parent group\n");
+ goto fini;
+ }
}
if (id_in_range(tctx->octx->gid, tctx->octx->domain) != EOK) {
diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c
index becf205a..61034bef 100644
--- a/server/tools/sss_useradd.c
+++ b/server/tools/sss_useradd.c
@@ -221,7 +221,7 @@ int main(int argc, const char **argv)
/* if the domain was not given as part of FQDN, default to local domain */
ret = parse_name_domain(tctx, pc_username);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -233,6 +233,13 @@ int main(int argc, const char **argv)
ERROR("Internal error while parsing parameters\n");
goto fini;
}
+
+ ret = parse_group_name_domain(tctx, tctx->octx->addgroups);
+ if (ret != EOK) {
+ DEBUG(1, ("Cannot parse FQDN groups to add the user to\n"));
+ ERROR("Groups must be in the same domain as user\n");
+ goto fini;
+ }
}
/* Same as shadow-utils useradd, -g can specify gid or group name */
diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c
index 7c20a690..83db3cd5 100644
--- a/server/tools/sss_userdel.c
+++ b/server/tools/sss_userdel.c
@@ -124,7 +124,7 @@ int main(int argc, const char **argv)
/* if the domain was not given as part of FQDN, default to local domain */
ret = parse_name_domain(tctx, pc_username);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c
index 02ed74e4..5be1dfb6 100644
--- a/server/tools/sss_usermod.c
+++ b/server/tools/sss_usermod.c
@@ -165,7 +165,7 @@ int main(int argc, const char **argv)
/* if the domain was not given as part of FQDN, default to local domain */
ret = parse_name_domain(tctx, pc_username);
if (ret != EOK) {
- ERROR("Cannot get domain information\n");
+ ERROR("Invalid domain specified in FQDN\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -183,6 +183,13 @@ int main(int argc, const char **argv)
ERROR("Internal error while parsing parameters\n");
goto fini;
}
+
+ ret = parse_group_name_domain(tctx, tctx->octx->addgroups);
+ if (ret != EOK) {
+ DEBUG(1, ("Cannot parse FQDN groups to add the user to\n"));
+ ERROR("Groups must be in the same domain as user\n");
+ goto fini;
+ }
}
if (rmgroups) {
@@ -192,6 +199,13 @@ int main(int argc, const char **argv)
ERROR("Internal error while parsing parameters\n");
goto fini;
}
+
+ ret = parse_group_name_domain(tctx, tctx->octx->rmgroups);
+ if (ret != EOK) {
+ DEBUG(1, ("Cannot parse FQDN groups to remove the user from\n"));
+ ERROR("Groups must be in the same domain as user\n");
+ goto fini;
+ }
}
tctx->octx->gecos = pc_gecos;
diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c
index eeec13c0..a6ccbc94 100644
--- a/server/tools/tools_util.c
+++ b/server/tools/tools_util.c
@@ -135,6 +135,44 @@ int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out)
return EOK;
}
+int parse_group_name_domain(struct tools_ctx *tctx,
+ char **groups)
+{
+ int i;
+ int ret;
+ char *name = NULL;
+ char *domain = NULL;
+
+ if (!groups) {
+ return EOK;
+ }
+
+ for (i = 0; groups[i]; ++i) {
+ ret = sss_parse_name(tctx, tctx->snctx, groups[i], &domain, &name);
+
+ /* If FQDN is specified, it must be within the same domain as user */
+ if (domain) {
+ if (strcmp(domain, tctx->octx->domain->name) != 0) {
+ return EINVAL;
+ }
+
+ /* Use only groupname */
+ talloc_zfree(groups[i]);
+ groups[i] = talloc_strdup(tctx, name);
+ if (groups[i] == NULL) {
+ return ENOMEM;
+ }
+ }
+
+ talloc_zfree(name);
+ talloc_zfree(domain);
+ }
+
+ talloc_zfree(name);
+ talloc_zfree(domain);
+ return EOK;
+}
+
int parse_name_domain(struct tools_ctx *tctx,
const char *fullname)
{
@@ -152,7 +190,7 @@ int parse_name_domain(struct tools_ctx *tctx,
DEBUG(5, ("Parsed domain: %s\n", domain));
/* only the local domain, whatever named is allowed in tools */
if (strcasecmp(domain, tctx->local->name) != 0) {
- DEBUG(0, ("Invalid domain %s specified in FQDN\n", domain));
+ DEBUG(1, ("Invalid domain %s specified in FQDN\n", domain));
return EINVAL;
}
}
diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h
index c63b9033..f17e68da 100644
--- a/server/tools/tools_util.h
+++ b/server/tools/tools_util.h
@@ -70,6 +70,9 @@ int parse_groups(TALLOC_CTX *mem_ctx,
const char *optstr,
char ***_out);
+int parse_group_name_domain(struct tools_ctx *tctx,
+ char **groups);
+
void tools_transaction_done(struct tevent_req *req);
#endif /* __TOOLS_UTIL_H__ */