diff options
-rw-r--r-- | server/tools/sss_groupadd.c | 2 | ||||
-rw-r--r-- | server/tools/sss_groupdel.c | 2 | ||||
-rw-r--r-- | server/tools/sss_groupmod.c | 16 | ||||
-rw-r--r-- | server/tools/sss_useradd.c | 9 | ||||
-rw-r--r-- | server/tools/sss_userdel.c | 2 | ||||
-rw-r--r-- | server/tools/sss_usermod.c | 16 | ||||
-rw-r--r-- | server/tools/tools_util.c | 40 | ||||
-rw-r--r-- | server/tools/tools_util.h | 3 |
8 files changed, 83 insertions, 7 deletions
diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c index f528730c..72bd0fdf 100644 --- a/server/tools/sss_groupadd.c +++ b/server/tools/sss_groupadd.c @@ -126,7 +126,7 @@ int main(int argc, const char **argv) /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_groupname); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c index 6677eb96..3134279d 100644 --- a/server/tools/sss_groupdel.c +++ b/server/tools/sss_groupdel.c @@ -124,7 +124,7 @@ int main(int argc, const char **argv) /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_groupname); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c index caf44661..1ecf076c 100644 --- a/server/tools/sss_groupmod.c +++ b/server/tools/sss_groupmod.c @@ -149,7 +149,7 @@ int main(int argc, const char **argv) ret = parse_name_domain(tctx, pc_groupname); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } @@ -163,6 +163,13 @@ int main(int argc, const char **argv) ERROR("Internal error while parsing parameters\n"); goto fini; } + + ret = parse_group_name_domain(tctx, tctx->octx->addgroups); + if (ret != EOK) { + DEBUG(1, ("Cannot parse FQDN groups to add the group to\n")); + ERROR("Member groups must be in the same domain as parent group\n"); + goto fini; + } } if (rmgroups) { @@ -172,6 +179,13 @@ int main(int argc, const char **argv) ERROR("Internal error while parsing parameters\n"); goto fini; } + + ret = parse_group_name_domain(tctx, tctx->octx->rmgroups); + if (ret != EOK) { + DEBUG(1, ("Cannot parse FQDN groups to remove the group from\n")); + ERROR("Member groups must be in the same domain as parent group\n"); + goto fini; + } } if (id_in_range(tctx->octx->gid, tctx->octx->domain) != EOK) { diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c index becf205a..61034bef 100644 --- a/server/tools/sss_useradd.c +++ b/server/tools/sss_useradd.c @@ -221,7 +221,7 @@ int main(int argc, const char **argv) /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_username); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } @@ -233,6 +233,13 @@ int main(int argc, const char **argv) ERROR("Internal error while parsing parameters\n"); goto fini; } + + ret = parse_group_name_domain(tctx, tctx->octx->addgroups); + if (ret != EOK) { + DEBUG(1, ("Cannot parse FQDN groups to add the user to\n")); + ERROR("Groups must be in the same domain as user\n"); + goto fini; + } } /* Same as shadow-utils useradd, -g can specify gid or group name */ diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c index 7c20a690..83db3cd5 100644 --- a/server/tools/sss_userdel.c +++ b/server/tools/sss_userdel.c @@ -124,7 +124,7 @@ int main(int argc, const char **argv) /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_username); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c index 02ed74e4..5be1dfb6 100644 --- a/server/tools/sss_usermod.c +++ b/server/tools/sss_usermod.c @@ -165,7 +165,7 @@ int main(int argc, const char **argv) /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_username); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } @@ -183,6 +183,13 @@ int main(int argc, const char **argv) ERROR("Internal error while parsing parameters\n"); goto fini; } + + ret = parse_group_name_domain(tctx, tctx->octx->addgroups); + if (ret != EOK) { + DEBUG(1, ("Cannot parse FQDN groups to add the user to\n")); + ERROR("Groups must be in the same domain as user\n"); + goto fini; + } } if (rmgroups) { @@ -192,6 +199,13 @@ int main(int argc, const char **argv) ERROR("Internal error while parsing parameters\n"); goto fini; } + + ret = parse_group_name_domain(tctx, tctx->octx->rmgroups); + if (ret != EOK) { + DEBUG(1, ("Cannot parse FQDN groups to remove the user from\n")); + ERROR("Groups must be in the same domain as user\n"); + goto fini; + } } tctx->octx->gecos = pc_gecos; diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c index eeec13c0..a6ccbc94 100644 --- a/server/tools/tools_util.c +++ b/server/tools/tools_util.c @@ -135,6 +135,44 @@ int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out) return EOK; } +int parse_group_name_domain(struct tools_ctx *tctx, + char **groups) +{ + int i; + int ret; + char *name = NULL; + char *domain = NULL; + + if (!groups) { + return EOK; + } + + for (i = 0; groups[i]; ++i) { + ret = sss_parse_name(tctx, tctx->snctx, groups[i], &domain, &name); + + /* If FQDN is specified, it must be within the same domain as user */ + if (domain) { + if (strcmp(domain, tctx->octx->domain->name) != 0) { + return EINVAL; + } + + /* Use only groupname */ + talloc_zfree(groups[i]); + groups[i] = talloc_strdup(tctx, name); + if (groups[i] == NULL) { + return ENOMEM; + } + } + + talloc_zfree(name); + talloc_zfree(domain); + } + + talloc_zfree(name); + talloc_zfree(domain); + return EOK; +} + int parse_name_domain(struct tools_ctx *tctx, const char *fullname) { @@ -152,7 +190,7 @@ int parse_name_domain(struct tools_ctx *tctx, DEBUG(5, ("Parsed domain: %s\n", domain)); /* only the local domain, whatever named is allowed in tools */ if (strcasecmp(domain, tctx->local->name) != 0) { - DEBUG(0, ("Invalid domain %s specified in FQDN\n", domain)); + DEBUG(1, ("Invalid domain %s specified in FQDN\n", domain)); return EINVAL; } } diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h index c63b9033..f17e68da 100644 --- a/server/tools/tools_util.h +++ b/server/tools/tools_util.h @@ -70,6 +70,9 @@ int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out); +int parse_group_name_domain(struct tools_ctx *tctx, + char **groups); + void tools_transaction_done(struct tevent_req *req); #endif /* __TOOLS_UTIL_H__ */ |