diff options
-rw-r--r-- | server/tools/sss_groupadd.c | 91 | ||||
-rw-r--r-- | server/tools/sss_groupdel.c | 101 | ||||
-rw-r--r-- | server/tools/sss_groupmod.c | 111 | ||||
-rw-r--r-- | server/tools/sss_useradd.c | 134 | ||||
-rw-r--r-- | server/tools/sss_userdel.c | 100 | ||||
-rw-r--r-- | server/tools/sss_usermod.c | 161 | ||||
-rw-r--r-- | server/tools/tools_util.c | 120 | ||||
-rw-r--r-- | server/tools/tools_util.h | 18 |
8 files changed, 73 insertions, 763 deletions
diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c index 3d4d4c6d..d0c02839 100644 --- a/server/tools/sss_groupadd.c +++ b/server/tools/sss_groupadd.c @@ -32,18 +32,6 @@ #include "db/sysdb.h" #include "tools/tools_util.h" -#ifndef GROUPADD -#define GROUPADD SHADOW_UTILS_PATH"/groupadd " -#endif - -#ifndef GROUPADD_GID -#define GROUPADD_GID "-g %u " -#endif - -#ifndef GROUPADD_GROUPNAME -#define GROUPADD_GROUPNAME "%s " -#endif - static void add_group_req_done(struct tevent_req *req) { struct ops_ctx *data = tevent_req_callback_data(req, struct ops_ctx); @@ -110,36 +98,6 @@ static void add_group_done(struct tevent_req *subreq) return add_group_terminate(data, ret); } -static int groupadd_legacy(struct ops_ctx *ctx) -{ - int ret = EOK; - char *command = NULL; - - command = talloc_asprintf(ctx, "%s ", GROUPADD); - if (command == NULL) { - DEBUG(1, ("Cannot allocate memory for command string\n")); - return ENOMEM; - } - - APPEND_PARAM(command, GROUPADD_GID, ctx->gid); - APPEND_STRING(command, ctx->name); - - ret = system(command); - if (ret) { - if (ret == -1) { - DEBUG(1, ("system(3) failed\n")); - } else { - DEBUG(1, ("Could not exec '%s', return code: %d\n", - command, WEXITSTATUS(ret))); - } - talloc_free(command); - return EFAULT; - } - - talloc_free(command); - return ret; -} - int main(int argc, const char **argv) { gid_t pc_gid = 0; @@ -152,7 +110,6 @@ int main(int argc, const char **argv) 0, _("The GID of the group"), NULL }, POPT_TABLEEND }; - struct sss_domain_info *dom; poptContext pc = NULL; struct tools_ctx *ctx = NULL; struct tevent_req *req; @@ -207,59 +164,21 @@ int main(int argc, const char **argv) goto fini; } - ret = parse_name_domain(data, pc_groupname); + ret = get_domain(data, pc_groupname); if (ret != EOK) { + ERROR("Cannot get domain information\n"); ret = EXIT_FAILURE; goto fini; } data->gid = pc_gid; - ret = get_domain_by_id(data->ctx, data->gid, &dom); - if (ret != EOK) { - ERROR("Cannot get domain info\n"); - ret = EXIT_FAILURE; - goto fini; - } - if (data->domain && data->gid && data->domain != dom) { - ERROR("Selected domain %s conflicts with selected GID %llu\n", - data->domain->name, (unsigned long long int) data->gid); + /* arguments processed, go on to actual work */ + if (id_in_range(data->gid, data->domain) != EOK) { + ERROR("The selected GID is outside the allowed range\n"); ret = EXIT_FAILURE; goto fini; } - if (data->domain == NULL && dom) { - data->domain = dom; - } - - ret = get_domain_type(data->ctx, data->domain); - switch (ret) { - case ID_IN_LOCAL: - break; - - case ID_IN_LEGACY_LOCAL: - ret = groupadd_legacy(data); - if(ret != EOK) { - ERROR("Cannot add group to domain using the legacy tools\n"); - } - goto fini; - - case ID_OUTSIDE: - ERROR("The selected GID is outside all domain ranges\n"); - ret = EXIT_FAILURE; - goto fini; - - case ID_IN_OTHER: - DEBUG(1, ("Cannot add group to domain %s\n", dom->name)); - ERROR("Unsupported domain type"); - ret = EXIT_FAILURE; - goto fini; - - default: - DEBUG(1, ("Unknown return code %d from get_domain_type\n", ret)); - ERROR("Error looking up domain\n"); - ret = EXIT_FAILURE; - goto fini; - } /* add_group */ req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c index 81e72007..74d3071c 100644 --- a/server/tools/sss_groupdel.c +++ b/server/tools/sss_groupdel.c @@ -32,15 +32,6 @@ #include "util/util.h" #include "tools/tools_util.h" -#ifndef GROUPDEL -#define GROUPDEL SHADOW_UTILS_PATH"/groupdel " -#endif - -#ifndef GROUPDEL_GROUPNAME -#define GROUPDEL_GROUPNAME "%s " -#endif - - static void groupdel_req_done(struct tevent_req *req) { struct ops_ctx *data = tevent_req_callback_data(req, struct ops_ctx); @@ -114,30 +105,6 @@ static void group_del_done(struct tevent_req *subreq) return groupdel_done(data, ret, NULL); } -static int groupdel_legacy(struct ops_ctx *ctx) -{ - int ret = EOK; - char *command = NULL; - - APPEND_STRING(command, GROUPDEL); - APPEND_PARAM(command, GROUPDEL_GROUPNAME, ctx->name); - - ret = system(command); - if (ret) { - if (ret == -1) { - DEBUG(1, ("system(3) failed\n")); - } else { - DEBUG(1, ("Could not exec '%s', return code: %d\n", - command, WEXITSTATUS(ret))); - } - talloc_free(command); - return EFAULT; - } - - talloc_free(command); - return ret; -} - int main(int argc, const char **argv) { int ret = EXIT_SUCCESS; @@ -145,10 +112,8 @@ int main(int argc, const char **argv) struct ops_ctx *data = NULL; struct tools_ctx *ctx = NULL; struct tevent_req *req; - struct sss_domain_info *dom; struct group *grp_info; const char *pc_groupname = NULL; - enum id_domain domain_type; poptContext pc = NULL; struct poptOption long_options[] = { @@ -204,8 +169,10 @@ int main(int argc, const char **argv) goto fini; } - ret = parse_name_domain(data, pc_groupname); + /* if the domain was not given as part of FQDN, default to local domain */ + ret = get_domain(data, pc_groupname); if (ret != EOK) { + ERROR("Cannot get domain information\n"); ret = EXIT_FAILURE; goto fini; } @@ -217,53 +184,11 @@ int main(int argc, const char **argv) } /* arguments processed, go on to actual work */ - ret = get_domain_by_id(data->ctx, data->gid, &dom); - if (ret != EOK) { - ERROR("Cannot get domain info\n"); - ret = EXIT_FAILURE; - goto fini; - } - if (data->domain && data->gid && data->domain != dom) { - ERROR("Selected domain %s conflicts with selected GID %llu\n", - data->domain->name, (unsigned long long int) data->gid); + if (id_in_range(data->gid, data->domain) != EOK) { + ERROR("The selected GID is outside the allowed range\n"); ret = EXIT_FAILURE; goto fini; } - if (data->domain == NULL && dom) { - data->domain = dom; - } - - domain_type = get_domain_type(data->ctx, data->domain); - switch (domain_type) { - case ID_IN_LOCAL: - break; - - case ID_IN_LEGACY_LOCAL: - ret = groupdel_legacy(data); - if(ret != EOK) { - ERROR("Cannot delete group from domain using the legacy tools\n"); - ret = EXIT_FAILURE; - goto fini; - } - break; /* Also delete possible cached entries in sysdb */ - - case ID_OUTSIDE: - ERROR("The selected GID is outside all domain ranges\n"); - ret = EXIT_FAILURE; - goto fini; - - case ID_IN_OTHER: - DEBUG(1, ("Cannot remove group from domain %s\n", dom->name)); - ERROR("Unsupported domain type\n"); - ret = EXIT_FAILURE; - goto fini; - - default: - DEBUG(1, ("Unknown return code %d from get_domain_type\n", domain_type)); - ERROR("Error looking up domain\n"); - ret = EXIT_FAILURE; - goto fini; - } /* groupdel */ req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); @@ -282,21 +207,7 @@ int main(int argc, const char **argv) if (data->error) { ret = data->error; DEBUG(1, ("sysdb operation failed (%d)[%s]\n", ret, strerror(ret))); - switch (ret) { - case ENOENT: - /* if we got ENOENT after deleting group from legacy domain - * that just means there was no cached entry to delete */ - if (domain_type == ID_IN_LEGACY_LOCAL) { - ret = EXIT_SUCCESS; - goto fini; - } - ERROR("No such user\n"); - break; - - default: - ERROR("Internal error. Could not remove group.\n"); - break; - } + ERROR("Internal error. Could not remove group.\n"); ret = EXIT_FAILURE; goto fini; } diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c index 857d4a0a..464c165d 100644 --- a/server/tools/sss_groupmod.c +++ b/server/tools/sss_groupmod.c @@ -33,18 +33,6 @@ #include "db/sysdb.h" #include "tools/tools_util.h" -#ifndef GROUPMOD -#define GROUPMOD SHADOW_UTILS_PATH"/groupmod " -#endif - -#ifndef GROUPMOD_GID -#define GROUPMOD_GID "-g %u " -#endif - -#ifndef GROUPMOD_GROUPNAME -#define GROUPMOD_GROUPNAME "%s " -#endif - static void mod_group_req_done(struct tevent_req *req) { struct ops_ctx *data = tevent_req_callback_data(req, struct ops_ctx); @@ -260,56 +248,6 @@ static void add_to_groups_done(struct tevent_req *req) return add_to_groups(data); } -static int groupmod_legacy(struct tools_ctx *tools_ctx, - struct ops_ctx *ctx, - struct sss_domain_info *old_domain) -{ - int ret = EOK; - char *command = NULL; - struct sss_domain_info *dom = NULL; - - APPEND_STRING(command, GROUPMOD); - - if (ctx->addgroups || ctx->rmgroups) { - ERROR("Group nesting is not supported in this domain\n"); - talloc_free(command); - return EINVAL; - } - - if (ctx->gid) { - ret = get_domain_by_id(tools_ctx, ctx->gid, &dom); - if (ret != EOK) { - ERROR("Cannot get domain info\n"); - talloc_free(command); - return EINVAL; - } - if (dom == old_domain) { - APPEND_PARAM(command, GROUPMOD_GID, ctx->gid); - } else { - ERROR("Changing gid only allowed inside the same domain\n"); - talloc_free(command); - return EINVAL; - } - } - - APPEND_PARAM(command, GROUPMOD_GROUPNAME, ctx->name); - - ret = system(command); - if (ret) { - if (ret == -1) { - DEBUG(1, ("system(3) failed\n")); - } else { - DEBUG(1, ("Could not exec '%s', return code: %d\n", - command, WEXITSTATUS(ret))); - } - talloc_free(command); - return EFAULT; - } - - talloc_free(command); - return ret; -} - int main(int argc, const char **argv) { gid_t pc_gid = 0; @@ -327,7 +265,6 @@ int main(int argc, const char **argv) POPT_TABLEEND }; poptContext pc = NULL; - struct sss_domain_info *dom; struct ops_ctx *data = NULL; struct tools_ctx *ctx = NULL; struct tevent_req *req; @@ -403,8 +340,10 @@ int main(int argc, const char **argv) goto fini; } - ret = parse_name_domain(data, pc_groupname); + /* if the domain was not given as part of FQDN, default to local domain */ + ret = get_domain(data, pc_groupname); if (ret != EOK) { + ERROR("Cannot get domain information\n"); ret = EXIT_FAILURE; goto fini; } @@ -417,51 +356,11 @@ int main(int argc, const char **argv) old_gid = grp_info->gr_gid; } - ret = get_domain_by_id(data->ctx, data->gid, &dom); - if (ret != EOK) { - ERROR("Cannot get domain info\n"); - ret = EXIT_FAILURE; - goto fini; - } - if (data->domain && data->gid && data->domain != dom) { - ERROR("Selected domain %s conflicts with selected GID %llu\n", - data->domain->name, (unsigned long long int) data->gid); + if (id_in_range(data->gid, data->domain) != EOK) { + ERROR("The selected GID is outside the allowed range\n"); ret = EXIT_FAILURE; goto fini; } - if (data->domain == NULL && dom) { - data->domain = dom; - } - - ret = get_domain_type(data->ctx, data->domain); - switch (ret) { - case ID_IN_LOCAL: - break; - - case ID_IN_LEGACY_LOCAL: - ret = groupmod_legacy(ctx, data, data->domain); - if(ret != EOK) { - ERROR("Cannot delete group from domain using the legacy tools\n"); - } - goto fini; - - case ID_OUTSIDE: - ERROR("The selected GID is outside all domain ranges\n"); - ret = EXIT_FAILURE; - goto fini; - - case ID_IN_OTHER: - DEBUG(1, ("Cannot modify group from domain %s\n", dom->name)); - ERROR("Unsupported domain type\n"); - ret = EXIT_FAILURE; - goto fini; - - default: - DEBUG(1, ("Unknown return code %d from get_domain_type\n", ret)); - ERROR("Error looking up domain\n"); - ret = EXIT_FAILURE; - goto fini; - } req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); if (!req) { diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c index e03cf261..f621036b 100644 --- a/server/tools/sss_useradd.c +++ b/server/tools/sss_useradd.c @@ -34,47 +34,6 @@ #include "tools/tools_util.h" #include "util/sssd-i18n.h" -/* Define default command strings if not redefined by user */ -#ifndef USERADD -#define USERADD SHADOW_UTILS_PATH"/useradd " -#endif - -#ifndef USERADD_UID -#define USERADD_UID "-u %u " -#endif - -#ifndef USERADD_GID -#define USERADD_GID "-g %u " -#endif - -#ifndef USERADD_GECOS -#define USERADD_GECOS "-c %s " -#endif - -#ifndef USERADD_HOME -#define USERADD_HOME "-d %s " -#endif - -#ifndef USERADD_SHELL -#define USERADD_SHELL "-s %s " -#endif - -#ifndef USERADD_GROUPS -#define USERADD_GROUPS "-G %s " -#endif - -#ifndef USERADD_UID_MIN -#define USERADD_UID_MIN "-K UID_MIN=%d " -#endif - -#ifndef USERADD_UID_MAX -#define USERADD_UID_MAX "-K UID_MAX=%d " -#endif - -#ifndef USERADD_USERNAME -#define USERADD_USERNAME "%s " -#endif - /* Default settings for user attributes */ #define CONFDB_DFL_SECTION "config/user_defaults" @@ -277,50 +236,6 @@ static void add_to_groups_done(struct tevent_req *subreq) return add_to_groups(data); } -static int useradd_legacy(struct ops_ctx *ctx, char *grouplist) -{ - int ret = EOK; - char *command = NULL; - - APPEND_STRING(command, USERADD); - - APPEND_PARAM(command, USERADD_SHELL, ctx->shell); - - APPEND_PARAM(command, USERADD_GECOS, ctx->gecos); - - APPEND_PARAM(command, USERADD_HOME, ctx->home); - - APPEND_PARAM(command, USERADD_UID, ctx->uid); - - APPEND_PARAM(command, USERADD_GID, ctx->gid); - - APPEND_PARAM(command, USERADD_UID_MIN, ctx->domain->id_min); - - /* id_max == 0 means no limit */ - if (ctx->domain->id_max) { - APPEND_PARAM(command, USERADD_UID_MAX, ctx->domain->id_max); - } - - APPEND_PARAM(command, USERADD_GROUPS, grouplist); - - APPEND_PARAM(command, USERADD_USERNAME, ctx->name); - - ret = system(command); - if (ret) { - if (ret == -1) { - DEBUG(1, ("system(3) failed\n")); - } else { - DEBUG(1, ("Could not exec '%s', return code: %d\n", - command, WEXITSTATUS(ret))); - } - talloc_free(command); - return EFAULT; - } - - talloc_free(command); - return ret; -} - int main(int argc, const char **argv) { uid_t pc_uid = 0; @@ -343,7 +258,6 @@ int main(int argc, const char **argv) POPT_TABLEEND }; poptContext pc = NULL; - struct sss_domain_info *dom = NULL; struct ops_ctx *data = NULL; struct tools_ctx *ctx = NULL; struct tevent_req *req; @@ -412,8 +326,10 @@ int main(int argc, const char **argv) goto fini; } - ret = parse_name_domain(data, pc_username); + /* if the domain was not given as part of FQDN, default to local domain */ + ret = get_domain(data, pc_username); if (ret != EOK) { + ERROR("Cannot get domain information\n"); ret = EXIT_FAILURE; goto fini; } @@ -480,51 +396,11 @@ int main(int argc, const char **argv) } /* arguments processed, go on to actual work */ - ret = get_domain_by_id(data->ctx, data->uid, &dom); - if (ret != EOK) { - ERROR("Cannot get domain info\n"); + if (id_in_range(data->uid, data->domain) != EOK) { + ERROR("The selected UID is outside the allowed range\n"); ret = EXIT_FAILURE; goto fini; } - if (data->domain && data->uid && data->domain != dom) { - ERROR("Selected domain %s conflicts with selected UID %llu\n", - data->domain->name, (unsigned long long int) data->uid); - ret = EXIT_FAILURE; - goto fini; - } - if (data->domain == NULL && dom) { - data->domain = dom; - } - - ret = get_domain_type(data->ctx, data->domain); - switch (ret) { - case ID_IN_LOCAL: - break; - - case ID_IN_LEGACY_LOCAL: - ret = useradd_legacy(data, groups); - if(ret != EOK) { - ERROR("Cannot add user to domain using the legacy tools\n"); - } - goto fini; - - case ID_OUTSIDE: - ERROR("The selected UID is outside all domain ranges\n"); - ret = EXIT_FAILURE; - goto fini; - - case ID_IN_OTHER: - DEBUG(1, ("Cannot add user to domain %s\n", dom->name)); - ERROR("Unsupported domain type\n"); - ret = EXIT_FAILURE; - goto fini; - - default: - DEBUG(1, ("Unknown return code %d from get_domain_type\n", ret)); - ERROR("Error looking up domain\n"); - ret = EXIT_FAILURE; - goto fini; - } /* useradd */ req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c index 3454e8bb..00ccc867 100644 --- a/server/tools/sss_userdel.c +++ b/server/tools/sss_userdel.c @@ -32,14 +32,6 @@ #include "util/util.h" #include "tools/tools_util.h" -#ifndef USERDEL -#define USERDEL SHADOW_UTILS_PATH"/userdel " -#endif - -#ifndef USERDEL_USERNAME -#define USERDEL_USERNAME "%s " -#endif - static void userdel_req_done(struct tevent_req *req) { struct ops_ctx *data = tevent_req_callback_data(req, struct ops_ctx); @@ -115,40 +107,14 @@ static void user_del_done(struct tevent_req *subreq) return userdel_done(data, ret, NULL); } -static int userdel_legacy(struct ops_ctx *ctx) -{ - int ret = EOK; - char *command = NULL; - - APPEND_STRING(command, USERDEL); - APPEND_PARAM(command, USERDEL_USERNAME, ctx->name); - - ret = system(command); - if (ret) { - if (ret == -1) { - DEBUG(1, ("system(3) failed\n")); - } else { - DEBUG(1, ("Could not exec '%s', return code: %d\n", - command, WEXITSTATUS(ret))); - } - talloc_free(command); - return EFAULT; - } - - talloc_free(command); - return ret; -} - int main(int argc, const char **argv) { int ret = EXIT_SUCCESS; struct ops_ctx *data = NULL; struct tools_ctx *ctx = NULL; struct tevent_req *req; - struct sss_domain_info *dom; struct passwd *pwd_info; const char *pc_username = NULL; - enum id_domain domain_type; int pc_debug = 0; poptContext pc = NULL; @@ -205,8 +171,10 @@ int main(int argc, const char **argv) goto fini; } - ret = parse_name_domain(data, pc_username); + /* if the domain was not given as part of FQDN, default to local domain */ + ret = get_domain(data, pc_username); if (ret != EOK) { + ERROR("Cannot get domain information\n"); ret = EXIT_FAILURE; goto fini; } @@ -217,53 +185,11 @@ int main(int argc, const char **argv) data->uid = pwd_info->pw_uid; } - ret = get_domain_by_id(data->ctx, data->uid, &dom); - if (ret != EOK) { - ERROR("Cannot get domain info\n"); - ret = EXIT_FAILURE; - goto fini; - } - if (data->domain && data->uid && data->domain != dom) { - ERROR("Selected domain %s conflicts with selected UID %llu\n", - data->domain->name, (unsigned long long int) data->uid); + if (id_in_range(data->uid, data->domain) != EOK) { + ERROR("The selected UID is outside the allowed range\n"); ret = EXIT_FAILURE; goto fini; } - if (data->domain == NULL && dom) { - data->domain = dom; - } - - domain_type = get_domain_type(data->ctx, data->domain); - switch (domain_type) { - case ID_IN_LOCAL: - break; - - case ID_IN_LEGACY_LOCAL: - ret = userdel_legacy(data); - if(ret != EOK) { - ERROR("Cannot delete user from domain using the legacy tools\n"); - ret = EXIT_FAILURE; - goto fini; - } - break; /* Also delete possible cached entries in sysdb */ - - case ID_OUTSIDE: - ERROR("The selected UID is outside all domain ranges\n"); - ret = EXIT_FAILURE; - goto fini; - - case ID_IN_OTHER: - DEBUG(1, ("Cannot remove user from domain %s\n", dom->name)); - ERROR("Unsupported domain type\n"); - ret = EXIT_FAILURE; - goto fini; - - default: - DEBUG(1, ("Unknown return code %d from get_domain_type\n", domain_type)); - ERROR("Error looking up domain\n"); - ret = EXIT_FAILURE; - goto fini; - } /* userdel */ req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb); @@ -282,21 +208,7 @@ int main(int argc, const char **argv) if (data->error) { ret = data->error; DEBUG(1, ("sysdb operation failed (%d)[%s]\n", ret, strerror(ret))); - switch (ret) { - case ENOENT: - /* if we got ENOENT after deleting user from legacy domain - * that just means there was no cached entry to delete */ - if (domain_type == ID_IN_LEGACY_LOCAL) { - ret = EXIT_SUCCESS; - goto fini; - } - ERROR("No such user\n"); - break; - - default: - ERROR("Internal error. Could not remove user.\n"); - break; - } + ERROR("Internal error. Could not remove user.\n"); ret = EXIT_FAILURE; goto fini; } diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c index 6f3e8611..a49dc8e5 100644 --- a/server/tools/sss_usermod.c +++ b/server/tools/sss_usermod.c @@ -45,43 +45,6 @@ } \ } while(0) -/* Define default command strings if not redefined by user */ -#ifndef USERMOD -#define USERMOD SHADOW_UTILS_PATH"/usermod " -#endif - -#ifndef USERMOD_UID -#define USERMOD_UID "-u %u " -#endif - -#ifndef USERMOD_GID -#define USERMOD_GID "-g %u " -#endif - -#ifndef USERMOD_GECOS -#define USERMOD_GECOS "-c %s " -#endif - -#ifndef USERMOD_HOME -#define USERMOD_HOME "-d %s " -#endif - -#ifndef USERMOD_SHELL -#define USERMOD_SHELL "-s %s " -#endif - -#ifndef USERMOD_LOCK -#define USERMOD_LOCK "--lock " -#endif - -#ifndef USERMOD_UNLOCK -#define USERMOD_UNLOCK "--unlock " -#endif - -#ifndef USERMOD_USERNAME -#define USERMOD_USERNAME "%s" -#endif - static void mod_user_req_done(struct tevent_req *req) { struct ops_ctx *data = tevent_req_callback_data(req, struct ops_ctx); @@ -286,80 +249,6 @@ static void add_to_groups_done(struct tevent_req *req) return add_to_groups(data); } -static int usermod_legacy(struct tools_ctx *tools_ctx, struct ops_ctx *ctx, - uid_t uid, gid_t gid, - const char *gecos, const char *home, - const char *shell, int lock, - struct sss_domain_info *old_domain) -{ - int ret = EOK; - char *command = NULL; - struct sss_domain_info *dom = NULL; - - APPEND_STRING(command, USERMOD); - - if (uid) { - ret = get_domain_by_id(tools_ctx, ctx->gid, &dom); - if (ret != EOK) { - ERROR("Cannot get domain info\n"); - talloc_free(command); - return EINVAL; - } - if (dom == old_domain) { - APPEND_PARAM(command, USERMOD_UID, uid); - } else { - ERROR("Changing uid only allowed inside the same domain\n"); - talloc_free(command); - return EINVAL; - } - } - - if (gid) { - ret = get_domain_by_id(tools_ctx, ctx->gid, &dom); - if (ret != EOK) { - ERROR("Cannot get domain info\n"); - talloc_free(command); - return EINVAL; - } - if (dom == old_domain) { - APPEND_PARAM(command, USERMOD_GID, gid); - } else { - ERROR("Changing gid only allowed inside the same domain\n"); - talloc_free(command); - return EINVAL; - } - } - - APPEND_PARAM(command, USERMOD_GECOS, gecos); - APPEND_PARAM(command, USERMOD_HOME, home); - APPEND_PARAM(command, USERMOD_SHELL, shell); - - if (lock == DO_LOCK) { - APPEND_STRING(command, USERMOD_LOCK); - } - - if (lock == DO_UNLOCK) { - APPEND_STRING(command, USERMOD_UNLOCK); - } - - APPEND_PARAM(command, USERMOD_USERNAME, ctx->name); - - ret = system(command); - if (ret) { - if (ret == -1) { - DEBUG(1, ("system(3) failed\n")); - } else { - DEBUG(1, ("Could not exec '%s', return code: %d\n", - command, WEXITSTATUS(ret))); - } - talloc_free(command); - return EFAULT; - } - - talloc_free(command); - return ret; -} - int main(int argc, const char **argv) { int pc_lock = 0; @@ -384,7 +273,6 @@ int main(int argc, const char **argv) POPT_TABLEEND }; poptContext pc = NULL; - struct sss_domain_info *dom; struct ops_ctx *data = NULL; struct tools_ctx *ctx = NULL; struct tevent_req *req; @@ -471,8 +359,10 @@ int main(int argc, const char **argv) goto fini; } - ret = parse_name_domain(data, pc_username); + /* if the domain was not given as part of FQDN, default to local domain */ + ret = get_domain(data, pc_username); if (ret != EOK) { + ERROR("Cannot get domain information\n"); ret = EXIT_FAILURE; goto fini; } @@ -482,52 +372,11 @@ int main(int argc, const char **argv) old_uid = pwd_info->pw_uid; } - ret = get_domain_by_id(data->ctx, data->uid, &dom); - if (ret != EOK) { - ERROR("Cannot get domain info\n"); + if (id_in_range(data->uid, data->domain) != EOK) { + ERROR("The selected UID is outside the allowed range\n"); ret = EXIT_FAILURE; goto fini; } - if (data->domain && data->uid && data->domain != dom) { - ERROR("Selected domain %s conflicts with selected UID %llu\n", - data->domain->name, (unsigned long long int) data->uid); - ret = EXIT_FAILURE; - goto fini; - } - if (data->domain == NULL && dom) { - data->domain = dom; - } - - ret = get_domain_type(data->ctx, data->domain); - switch (ret) { - case ID_IN_LOCAL: - break; - - case ID_IN_LEGACY_LOCAL: - ret = usermod_legacy(ctx, data, pc_uid, pc_gid, pc_gecos, - pc_home, pc_shell, pc_lock, data->domain); - if(ret != EOK) { - ERROR("Cannot delete user from domain using the legacy tools\n"); - } - goto fini; - - case ID_OUTSIDE: - ERROR("The selected UID is outside all domain ranges\n"); - ret = EXIT_FAILURE; - goto fini; - - case ID_IN_OTHER: - DEBUG(1, ("Cannot modify user from domain %s\n", dom->name)); - ERROR("Unsupported domain type\n"); - ret = EXIT_FAILURE; - goto fini; - - default: - DEBUG(1, ("Unknown return code %d from find_domain_for_id\n", ret)); - ERROR("Error looking up domain\n"); - ret = EXIT_FAILURE; - goto fini; - } /* add parameters to changeset */ /* FIXME - might want to do this via attr:pc_var mapping in a loop */ diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c index 6845735c..c23899c8 100644 --- a/server/tools/tools_util.c +++ b/server/tools/tools_util.c @@ -29,63 +29,6 @@ #include "db/sysdb.h" #include "tools/tools_util.h" -/* - * Returns: - * 0 = yes, local domain proxying to files - * -1 = no, other type of domain - * > 0 = error code - */ -static int is_domain_local_legacy(struct tools_ctx *ctx, struct sss_domain_info *dom) -{ - char *libname = NULL; - char *conf_path = NULL; - int ret = -1; - - /* Is there a better way to find out? Having LEGACYLOCAL as reserved would help */ - conf_path = talloc_asprintf(ctx, "config/domains/%s", dom->name); - if (conf_path == NULL ) { - return ENOMEM; - } - - ret = confdb_get_string(ctx->confdb, ctx, conf_path, - "libName", NULL, &libname); - if (ret != EOK) { - talloc_free(conf_path); - return ret; - } - if (libname == NULL) { - talloc_free(conf_path); - return -1; - } - - if (strcasecmp(libname, "files") == 0) { - talloc_free(conf_path); - talloc_free(libname); - return EOK; - } - - talloc_free(conf_path); - talloc_free(libname); - return -1; -} - -enum id_domain get_domain_type(struct tools_ctx *ctx, - struct sss_domain_info *dom) -{ - if (dom == NULL) { - return ID_OUTSIDE; - } - - if (strcasecmp(dom->provider, "local") == 0) { - return ID_IN_LOCAL; - } else if (strcasecmp(dom->provider, "files") == 0 || - is_domain_local_legacy(ctx, dom) == 0) { - return ID_IN_LEGACY_LOCAL; - } - - return ID_IN_OTHER; -} - static struct sss_domain_info *get_local_domain(struct tools_ctx *ctx) { struct sss_domain_info *dom = NULL; @@ -100,34 +43,6 @@ static struct sss_domain_info *get_local_domain(struct tools_ctx *ctx) return dom; } -int get_domain_by_id(struct tools_ctx *ctx, - uint32_t id, - struct sss_domain_info **_dom) -{ - struct sss_domain_info *dom = NULL; - int ret = EOK; - - if (id) { - for (dom = ctx->domains; dom; dom = dom->next) { - if (id >= dom->id_min && - (dom->id_max == 0 || id <= dom->id_max)) { - break; - } - } - } - - if (dom == NULL && id == 0) { - dom = get_local_domain(ctx); - if (dom == NULL) { - DEBUG(1, ("Cannot find local domain info\n")); - ret = ENOENT; - } - } - - *_dom = dom; - return ret; -} - int setup_db(struct tools_ctx **tools_ctx) { struct sss_domain_info *dom; @@ -248,8 +163,8 @@ int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out) return EOK; } -int parse_name_domain(struct ops_ctx *octx, - const char *fullname) +static int parse_name_domain(struct ops_ctx *octx, + const char *fullname) { int ret; char *domain = NULL; @@ -282,6 +197,37 @@ int parse_name_domain(struct ops_ctx *octx, return EOK; } +int get_domain(struct ops_ctx *octx, + const char *fullname) +{ + int ret; + + ret = parse_name_domain(octx, fullname); + if (ret != EOK) { + return ret; + } + if (octx->domain == NULL) { + octx->domain = get_local_domain(octx->ctx); + if (octx->domain == NULL) { + return EINVAL; + } + } + + return EOK; +} + +int id_in_range(uint32_t id, + struct sss_domain_info *dom) +{ + if (id && + ((id < dom->id_min) || + (dom->id_max && id > dom->id_max))) { + return ERANGE; + } + + return EOK; +} + int set_locale(void) { char *c; diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h index 772ba36b..a8275e84 100644 --- a/server/tools/tools_util.h +++ b/server/tools/tools_util.h @@ -78,18 +78,16 @@ int setup_db(struct tools_ctx **ctx); void usage(poptContext pc, const char *error); -int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out); - -enum id_domain get_domain_type(struct tools_ctx *ctx, - struct sss_domain_info *dom); +int set_locale(void); -int get_domain_by_id(struct tools_ctx *ctx, - uint32_t id, - struct sss_domain_info **_dom); +int get_domain(struct ops_ctx *octx, + const char *fullname); -int set_locale(void); +int id_in_range(uint32_t id, + struct sss_domain_info *dom); -int parse_name_domain(struct ops_ctx *octx, - const char *fullname); +int parse_groups(TALLOC_CTX *mem_ctx, + const char *optstr, + char ***_out); #endif /* __TOOLS_UTIL_H__ */ |