summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/tools/sss_groupadd.c91
-rw-r--r--server/tools/sss_groupdel.c101
-rw-r--r--server/tools/sss_groupmod.c111
-rw-r--r--server/tools/sss_useradd.c134
-rw-r--r--server/tools/sss_userdel.c100
-rw-r--r--server/tools/sss_usermod.c161
-rw-r--r--server/tools/tools_util.c120
-rw-r--r--server/tools/tools_util.h18
8 files changed, 73 insertions, 763 deletions
diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c
index 3d4d4c6d..d0c02839 100644
--- a/server/tools/sss_groupadd.c
+++ b/server/tools/sss_groupadd.c
@@ -32,18 +32,6 @@
#include "db/sysdb.h"
#include "tools/tools_util.h"
-#ifndef GROUPADD
-#define GROUPADD SHADOW_UTILS_PATH"/groupadd "
-#endif
-
-#ifndef GROUPADD_GID
-#define GROUPADD_GID "-g %u "
-#endif
-
-#ifndef GROUPADD_GROUPNAME
-#define GROUPADD_GROUPNAME "%s "
-#endif
-
static void add_group_req_done(struct tevent_req *req)
{
struct ops_ctx *data = tevent_req_callback_data(req, struct ops_ctx);
@@ -110,36 +98,6 @@ static void add_group_done(struct tevent_req *subreq)
return add_group_terminate(data, ret);
}
-static int groupadd_legacy(struct ops_ctx *ctx)
-{
- int ret = EOK;
- char *command = NULL;
-
- command = talloc_asprintf(ctx, "%s ", GROUPADD);
- if (command == NULL) {
- DEBUG(1, ("Cannot allocate memory for command string\n"));
- return ENOMEM;
- }
-
- APPEND_PARAM(command, GROUPADD_GID, ctx->gid);
- APPEND_STRING(command, ctx->name);
-
- ret = system(command);
- if (ret) {
- if (ret == -1) {
- DEBUG(1, ("system(3) failed\n"));
- } else {
- DEBUG(1, ("Could not exec '%s', return code: %d\n",
- command, WEXITSTATUS(ret)));
- }
- talloc_free(command);
- return EFAULT;
- }
-
- talloc_free(command);
- return ret;
-}
-
int main(int argc, const char **argv)
{
gid_t pc_gid = 0;
@@ -152,7 +110,6 @@ int main(int argc, const char **argv)
0, _("The GID of the group"), NULL },
POPT_TABLEEND
};
- struct sss_domain_info *dom;
poptContext pc = NULL;
struct tools_ctx *ctx = NULL;
struct tevent_req *req;
@@ -207,59 +164,21 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = parse_name_domain(data, pc_groupname);
+ ret = get_domain(data, pc_groupname);
if (ret != EOK) {
+ ERROR("Cannot get domain information\n");
ret = EXIT_FAILURE;
goto fini;
}
data->gid = pc_gid;
- ret = get_domain_by_id(data->ctx, data->gid, &dom);
- if (ret != EOK) {
- ERROR("Cannot get domain info\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
- if (data->domain && data->gid && data->domain != dom) {
- ERROR("Selected domain %s conflicts with selected GID %llu\n",
- data->domain->name, (unsigned long long int) data->gid);
+ /* arguments processed, go on to actual work */
+ if (id_in_range(data->gid, data->domain) != EOK) {
+ ERROR("The selected GID is outside the allowed range\n");
ret = EXIT_FAILURE;
goto fini;
}
- if (data->domain == NULL && dom) {
- data->domain = dom;
- }
-
- ret = get_domain_type(data->ctx, data->domain);
- switch (ret) {
- case ID_IN_LOCAL:
- break;
-
- case ID_IN_LEGACY_LOCAL:
- ret = groupadd_legacy(data);
- if(ret != EOK) {
- ERROR("Cannot add group to domain using the legacy tools\n");
- }
- goto fini;
-
- case ID_OUTSIDE:
- ERROR("The selected GID is outside all domain ranges\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- case ID_IN_OTHER:
- DEBUG(1, ("Cannot add group to domain %s\n", dom->name));
- ERROR("Unsupported domain type");
- ret = EXIT_FAILURE;
- goto fini;
-
- default:
- DEBUG(1, ("Unknown return code %d from get_domain_type\n", ret));
- ERROR("Error looking up domain\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
/* add_group */
req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c
index 81e72007..74d3071c 100644
--- a/server/tools/sss_groupdel.c
+++ b/server/tools/sss_groupdel.c
@@ -32,15 +32,6 @@
#include "util/util.h"
#include "tools/tools_util.h"
-#ifndef GROUPDEL
-#define GROUPDEL SHADOW_UTILS_PATH"/groupdel "
-#endif
-
-#ifndef GROUPDEL_GROUPNAME
-#define GROUPDEL_GROUPNAME "%s "
-#endif
-
-
static void groupdel_req_done(struct tevent_req *req)
{
struct ops_ctx *data = tevent_req_callback_data(req, struct ops_ctx);
@@ -114,30 +105,6 @@ static void group_del_done(struct tevent_req *subreq)
return groupdel_done(data, ret, NULL);
}
-static int groupdel_legacy(struct ops_ctx *ctx)
-{
- int ret = EOK;
- char *command = NULL;
-
- APPEND_STRING(command, GROUPDEL);
- APPEND_PARAM(command, GROUPDEL_GROUPNAME, ctx->name);
-
- ret = system(command);
- if (ret) {
- if (ret == -1) {
- DEBUG(1, ("system(3) failed\n"));
- } else {
- DEBUG(1, ("Could not exec '%s', return code: %d\n",
- command, WEXITSTATUS(ret)));
- }
- talloc_free(command);
- return EFAULT;
- }
-
- talloc_free(command);
- return ret;
-}
-
int main(int argc, const char **argv)
{
int ret = EXIT_SUCCESS;
@@ -145,10 +112,8 @@ int main(int argc, const char **argv)
struct ops_ctx *data = NULL;
struct tools_ctx *ctx = NULL;
struct tevent_req *req;
- struct sss_domain_info *dom;
struct group *grp_info;
const char *pc_groupname = NULL;
- enum id_domain domain_type;
poptContext pc = NULL;
struct poptOption long_options[] = {
@@ -204,8 +169,10 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = parse_name_domain(data, pc_groupname);
+ /* if the domain was not given as part of FQDN, default to local domain */
+ ret = get_domain(data, pc_groupname);
if (ret != EOK) {
+ ERROR("Cannot get domain information\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -217,53 +184,11 @@ int main(int argc, const char **argv)
}
/* arguments processed, go on to actual work */
- ret = get_domain_by_id(data->ctx, data->gid, &dom);
- if (ret != EOK) {
- ERROR("Cannot get domain info\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
- if (data->domain && data->gid && data->domain != dom) {
- ERROR("Selected domain %s conflicts with selected GID %llu\n",
- data->domain->name, (unsigned long long int) data->gid);
+ if (id_in_range(data->gid, data->domain) != EOK) {
+ ERROR("The selected GID is outside the allowed range\n");
ret = EXIT_FAILURE;
goto fini;
}
- if (data->domain == NULL && dom) {
- data->domain = dom;
- }
-
- domain_type = get_domain_type(data->ctx, data->domain);
- switch (domain_type) {
- case ID_IN_LOCAL:
- break;
-
- case ID_IN_LEGACY_LOCAL:
- ret = groupdel_legacy(data);
- if(ret != EOK) {
- ERROR("Cannot delete group from domain using the legacy tools\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
- break; /* Also delete possible cached entries in sysdb */
-
- case ID_OUTSIDE:
- ERROR("The selected GID is outside all domain ranges\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- case ID_IN_OTHER:
- DEBUG(1, ("Cannot remove group from domain %s\n", dom->name));
- ERROR("Unsupported domain type\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- default:
- DEBUG(1, ("Unknown return code %d from get_domain_type\n", domain_type));
- ERROR("Error looking up domain\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
/* groupdel */
req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
@@ -282,21 +207,7 @@ int main(int argc, const char **argv)
if (data->error) {
ret = data->error;
DEBUG(1, ("sysdb operation failed (%d)[%s]\n", ret, strerror(ret)));
- switch (ret) {
- case ENOENT:
- /* if we got ENOENT after deleting group from legacy domain
- * that just means there was no cached entry to delete */
- if (domain_type == ID_IN_LEGACY_LOCAL) {
- ret = EXIT_SUCCESS;
- goto fini;
- }
- ERROR("No such user\n");
- break;
-
- default:
- ERROR("Internal error. Could not remove group.\n");
- break;
- }
+ ERROR("Internal error. Could not remove group.\n");
ret = EXIT_FAILURE;
goto fini;
}
diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c
index 857d4a0a..464c165d 100644
--- a/server/tools/sss_groupmod.c
+++ b/server/tools/sss_groupmod.c
@@ -33,18 +33,6 @@
#include "db/sysdb.h"
#include "tools/tools_util.h"
-#ifndef GROUPMOD
-#define GROUPMOD SHADOW_UTILS_PATH"/groupmod "
-#endif
-
-#ifndef GROUPMOD_GID
-#define GROUPMOD_GID "-g %u "
-#endif
-
-#ifndef GROUPMOD_GROUPNAME
-#define GROUPMOD_GROUPNAME "%s "
-#endif
-
static void mod_group_req_done(struct tevent_req *req)
{
struct ops_ctx *data = tevent_req_callback_data(req, struct ops_ctx);
@@ -260,56 +248,6 @@ static void add_to_groups_done(struct tevent_req *req)
return add_to_groups(data);
}
-static int groupmod_legacy(struct tools_ctx *tools_ctx,
- struct ops_ctx *ctx,
- struct sss_domain_info *old_domain)
-{
- int ret = EOK;
- char *command = NULL;
- struct sss_domain_info *dom = NULL;
-
- APPEND_STRING(command, GROUPMOD);
-
- if (ctx->addgroups || ctx->rmgroups) {
- ERROR("Group nesting is not supported in this domain\n");
- talloc_free(command);
- return EINVAL;
- }
-
- if (ctx->gid) {
- ret = get_domain_by_id(tools_ctx, ctx->gid, &dom);
- if (ret != EOK) {
- ERROR("Cannot get domain info\n");
- talloc_free(command);
- return EINVAL;
- }
- if (dom == old_domain) {
- APPEND_PARAM(command, GROUPMOD_GID, ctx->gid);
- } else {
- ERROR("Changing gid only allowed inside the same domain\n");
- talloc_free(command);
- return EINVAL;
- }
- }
-
- APPEND_PARAM(command, GROUPMOD_GROUPNAME, ctx->name);
-
- ret = system(command);
- if (ret) {
- if (ret == -1) {
- DEBUG(1, ("system(3) failed\n"));
- } else {
- DEBUG(1, ("Could not exec '%s', return code: %d\n",
- command, WEXITSTATUS(ret)));
- }
- talloc_free(command);
- return EFAULT;
- }
-
- talloc_free(command);
- return ret;
-}
-
int main(int argc, const char **argv)
{
gid_t pc_gid = 0;
@@ -327,7 +265,6 @@ int main(int argc, const char **argv)
POPT_TABLEEND
};
poptContext pc = NULL;
- struct sss_domain_info *dom;
struct ops_ctx *data = NULL;
struct tools_ctx *ctx = NULL;
struct tevent_req *req;
@@ -403,8 +340,10 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = parse_name_domain(data, pc_groupname);
+ /* if the domain was not given as part of FQDN, default to local domain */
+ ret = get_domain(data, pc_groupname);
if (ret != EOK) {
+ ERROR("Cannot get domain information\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -417,51 +356,11 @@ int main(int argc, const char **argv)
old_gid = grp_info->gr_gid;
}
- ret = get_domain_by_id(data->ctx, data->gid, &dom);
- if (ret != EOK) {
- ERROR("Cannot get domain info\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
- if (data->domain && data->gid && data->domain != dom) {
- ERROR("Selected domain %s conflicts with selected GID %llu\n",
- data->domain->name, (unsigned long long int) data->gid);
+ if (id_in_range(data->gid, data->domain) != EOK) {
+ ERROR("The selected GID is outside the allowed range\n");
ret = EXIT_FAILURE;
goto fini;
}
- if (data->domain == NULL && dom) {
- data->domain = dom;
- }
-
- ret = get_domain_type(data->ctx, data->domain);
- switch (ret) {
- case ID_IN_LOCAL:
- break;
-
- case ID_IN_LEGACY_LOCAL:
- ret = groupmod_legacy(ctx, data, data->domain);
- if(ret != EOK) {
- ERROR("Cannot delete group from domain using the legacy tools\n");
- }
- goto fini;
-
- case ID_OUTSIDE:
- ERROR("The selected GID is outside all domain ranges\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- case ID_IN_OTHER:
- DEBUG(1, ("Cannot modify group from domain %s\n", dom->name));
- ERROR("Unsupported domain type\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- default:
- DEBUG(1, ("Unknown return code %d from get_domain_type\n", ret));
- ERROR("Error looking up domain\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
if (!req) {
diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c
index e03cf261..f621036b 100644
--- a/server/tools/sss_useradd.c
+++ b/server/tools/sss_useradd.c
@@ -34,47 +34,6 @@
#include "tools/tools_util.h"
#include "util/sssd-i18n.h"
-/* Define default command strings if not redefined by user */
-#ifndef USERADD
-#define USERADD SHADOW_UTILS_PATH"/useradd "
-#endif
-
-#ifndef USERADD_UID
-#define USERADD_UID "-u %u "
-#endif
-
-#ifndef USERADD_GID
-#define USERADD_GID "-g %u "
-#endif
-
-#ifndef USERADD_GECOS
-#define USERADD_GECOS "-c %s "
-#endif
-
-#ifndef USERADD_HOME
-#define USERADD_HOME "-d %s "
-#endif
-
-#ifndef USERADD_SHELL
-#define USERADD_SHELL "-s %s "
-#endif
-
-#ifndef USERADD_GROUPS
-#define USERADD_GROUPS "-G %s "
-#endif
-
-#ifndef USERADD_UID_MIN
-#define USERADD_UID_MIN "-K UID_MIN=%d "
-#endif
-
-#ifndef USERADD_UID_MAX
-#define USERADD_UID_MAX "-K UID_MAX=%d "
-#endif
-
-#ifndef USERADD_USERNAME
-#define USERADD_USERNAME "%s "
-#endif
-
/* Default settings for user attributes */
#define CONFDB_DFL_SECTION "config/user_defaults"
@@ -277,50 +236,6 @@ static void add_to_groups_done(struct tevent_req *subreq)
return add_to_groups(data);
}
-static int useradd_legacy(struct ops_ctx *ctx, char *grouplist)
-{
- int ret = EOK;
- char *command = NULL;
-
- APPEND_STRING(command, USERADD);
-
- APPEND_PARAM(command, USERADD_SHELL, ctx->shell);
-
- APPEND_PARAM(command, USERADD_GECOS, ctx->gecos);
-
- APPEND_PARAM(command, USERADD_HOME, ctx->home);
-
- APPEND_PARAM(command, USERADD_UID, ctx->uid);
-
- APPEND_PARAM(command, USERADD_GID, ctx->gid);
-
- APPEND_PARAM(command, USERADD_UID_MIN, ctx->domain->id_min);
-
- /* id_max == 0 means no limit */
- if (ctx->domain->id_max) {
- APPEND_PARAM(command, USERADD_UID_MAX, ctx->domain->id_max);
- }
-
- APPEND_PARAM(command, USERADD_GROUPS, grouplist);
-
- APPEND_PARAM(command, USERADD_USERNAME, ctx->name);
-
- ret = system(command);
- if (ret) {
- if (ret == -1) {
- DEBUG(1, ("system(3) failed\n"));
- } else {
- DEBUG(1, ("Could not exec '%s', return code: %d\n",
- command, WEXITSTATUS(ret)));
- }
- talloc_free(command);
- return EFAULT;
- }
-
- talloc_free(command);
- return ret;
-}
-
int main(int argc, const char **argv)
{
uid_t pc_uid = 0;
@@ -343,7 +258,6 @@ int main(int argc, const char **argv)
POPT_TABLEEND
};
poptContext pc = NULL;
- struct sss_domain_info *dom = NULL;
struct ops_ctx *data = NULL;
struct tools_ctx *ctx = NULL;
struct tevent_req *req;
@@ -412,8 +326,10 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = parse_name_domain(data, pc_username);
+ /* if the domain was not given as part of FQDN, default to local domain */
+ ret = get_domain(data, pc_username);
if (ret != EOK) {
+ ERROR("Cannot get domain information\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -480,51 +396,11 @@ int main(int argc, const char **argv)
}
/* arguments processed, go on to actual work */
- ret = get_domain_by_id(data->ctx, data->uid, &dom);
- if (ret != EOK) {
- ERROR("Cannot get domain info\n");
+ if (id_in_range(data->uid, data->domain) != EOK) {
+ ERROR("The selected UID is outside the allowed range\n");
ret = EXIT_FAILURE;
goto fini;
}
- if (data->domain && data->uid && data->domain != dom) {
- ERROR("Selected domain %s conflicts with selected UID %llu\n",
- data->domain->name, (unsigned long long int) data->uid);
- ret = EXIT_FAILURE;
- goto fini;
- }
- if (data->domain == NULL && dom) {
- data->domain = dom;
- }
-
- ret = get_domain_type(data->ctx, data->domain);
- switch (ret) {
- case ID_IN_LOCAL:
- break;
-
- case ID_IN_LEGACY_LOCAL:
- ret = useradd_legacy(data, groups);
- if(ret != EOK) {
- ERROR("Cannot add user to domain using the legacy tools\n");
- }
- goto fini;
-
- case ID_OUTSIDE:
- ERROR("The selected UID is outside all domain ranges\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- case ID_IN_OTHER:
- DEBUG(1, ("Cannot add user to domain %s\n", dom->name));
- ERROR("Unsupported domain type\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- default:
- DEBUG(1, ("Unknown return code %d from get_domain_type\n", ret));
- ERROR("Error looking up domain\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
/* useradd */
req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c
index 3454e8bb..00ccc867 100644
--- a/server/tools/sss_userdel.c
+++ b/server/tools/sss_userdel.c
@@ -32,14 +32,6 @@
#include "util/util.h"
#include "tools/tools_util.h"
-#ifndef USERDEL
-#define USERDEL SHADOW_UTILS_PATH"/userdel "
-#endif
-
-#ifndef USERDEL_USERNAME
-#define USERDEL_USERNAME "%s "
-#endif
-
static void userdel_req_done(struct tevent_req *req)
{
struct ops_ctx *data = tevent_req_callback_data(req, struct ops_ctx);
@@ -115,40 +107,14 @@ static void user_del_done(struct tevent_req *subreq)
return userdel_done(data, ret, NULL);
}
-static int userdel_legacy(struct ops_ctx *ctx)
-{
- int ret = EOK;
- char *command = NULL;
-
- APPEND_STRING(command, USERDEL);
- APPEND_PARAM(command, USERDEL_USERNAME, ctx->name);
-
- ret = system(command);
- if (ret) {
- if (ret == -1) {
- DEBUG(1, ("system(3) failed\n"));
- } else {
- DEBUG(1, ("Could not exec '%s', return code: %d\n",
- command, WEXITSTATUS(ret)));
- }
- talloc_free(command);
- return EFAULT;
- }
-
- talloc_free(command);
- return ret;
-}
-
int main(int argc, const char **argv)
{
int ret = EXIT_SUCCESS;
struct ops_ctx *data = NULL;
struct tools_ctx *ctx = NULL;
struct tevent_req *req;
- struct sss_domain_info *dom;
struct passwd *pwd_info;
const char *pc_username = NULL;
- enum id_domain domain_type;
int pc_debug = 0;
poptContext pc = NULL;
@@ -205,8 +171,10 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = parse_name_domain(data, pc_username);
+ /* if the domain was not given as part of FQDN, default to local domain */
+ ret = get_domain(data, pc_username);
if (ret != EOK) {
+ ERROR("Cannot get domain information\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -217,53 +185,11 @@ int main(int argc, const char **argv)
data->uid = pwd_info->pw_uid;
}
- ret = get_domain_by_id(data->ctx, data->uid, &dom);
- if (ret != EOK) {
- ERROR("Cannot get domain info\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
- if (data->domain && data->uid && data->domain != dom) {
- ERROR("Selected domain %s conflicts with selected UID %llu\n",
- data->domain->name, (unsigned long long int) data->uid);
+ if (id_in_range(data->uid, data->domain) != EOK) {
+ ERROR("The selected UID is outside the allowed range\n");
ret = EXIT_FAILURE;
goto fini;
}
- if (data->domain == NULL && dom) {
- data->domain = dom;
- }
-
- domain_type = get_domain_type(data->ctx, data->domain);
- switch (domain_type) {
- case ID_IN_LOCAL:
- break;
-
- case ID_IN_LEGACY_LOCAL:
- ret = userdel_legacy(data);
- if(ret != EOK) {
- ERROR("Cannot delete user from domain using the legacy tools\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
- break; /* Also delete possible cached entries in sysdb */
-
- case ID_OUTSIDE:
- ERROR("The selected UID is outside all domain ranges\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- case ID_IN_OTHER:
- DEBUG(1, ("Cannot remove user from domain %s\n", dom->name));
- ERROR("Unsupported domain type\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- default:
- DEBUG(1, ("Unknown return code %d from get_domain_type\n", domain_type));
- ERROR("Error looking up domain\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
/* userdel */
req = sysdb_transaction_send(ctx, ctx->ev, data->ctx->sysdb);
@@ -282,21 +208,7 @@ int main(int argc, const char **argv)
if (data->error) {
ret = data->error;
DEBUG(1, ("sysdb operation failed (%d)[%s]\n", ret, strerror(ret)));
- switch (ret) {
- case ENOENT:
- /* if we got ENOENT after deleting user from legacy domain
- * that just means there was no cached entry to delete */
- if (domain_type == ID_IN_LEGACY_LOCAL) {
- ret = EXIT_SUCCESS;
- goto fini;
- }
- ERROR("No such user\n");
- break;
-
- default:
- ERROR("Internal error. Could not remove user.\n");
- break;
- }
+ ERROR("Internal error. Could not remove user.\n");
ret = EXIT_FAILURE;
goto fini;
}
diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c
index 6f3e8611..a49dc8e5 100644
--- a/server/tools/sss_usermod.c
+++ b/server/tools/sss_usermod.c
@@ -45,43 +45,6 @@
} \
} while(0)
-/* Define default command strings if not redefined by user */
-#ifndef USERMOD
-#define USERMOD SHADOW_UTILS_PATH"/usermod "
-#endif
-
-#ifndef USERMOD_UID
-#define USERMOD_UID "-u %u "
-#endif
-
-#ifndef USERMOD_GID
-#define USERMOD_GID "-g %u "
-#endif
-
-#ifndef USERMOD_GECOS
-#define USERMOD_GECOS "-c %s "
-#endif
-
-#ifndef USERMOD_HOME
-#define USERMOD_HOME "-d %s "
-#endif
-
-#ifndef USERMOD_SHELL
-#define USERMOD_SHELL "-s %s "
-#endif
-
-#ifndef USERMOD_LOCK
-#define USERMOD_LOCK "--lock "
-#endif
-
-#ifndef USERMOD_UNLOCK
-#define USERMOD_UNLOCK "--unlock "
-#endif
-
-#ifndef USERMOD_USERNAME
-#define USERMOD_USERNAME "%s"
-#endif
-
static void mod_user_req_done(struct tevent_req *req)
{
struct ops_ctx *data = tevent_req_callback_data(req, struct ops_ctx);
@@ -286,80 +249,6 @@ static void add_to_groups_done(struct tevent_req *req)
return add_to_groups(data);
}
-static int usermod_legacy(struct tools_ctx *tools_ctx, struct ops_ctx *ctx,
- uid_t uid, gid_t gid,
- const char *gecos, const char *home,
- const char *shell, int lock,
- struct sss_domain_info *old_domain)
-{
- int ret = EOK;
- char *command = NULL;
- struct sss_domain_info *dom = NULL;
-
- APPEND_STRING(command, USERMOD);
-
- if (uid) {
- ret = get_domain_by_id(tools_ctx, ctx->gid, &dom);
- if (ret != EOK) {
- ERROR("Cannot get domain info\n");
- talloc_free(command);
- return EINVAL;
- }
- if (dom == old_domain) {
- APPEND_PARAM(command, USERMOD_UID, uid);
- } else {
- ERROR("Changing uid only allowed inside the same domain\n");
- talloc_free(command);
- return EINVAL;
- }
- }
-
- if (gid) {
- ret = get_domain_by_id(tools_ctx, ctx->gid, &dom);
- if (ret != EOK) {
- ERROR("Cannot get domain info\n");
- talloc_free(command);
- return EINVAL;
- }
- if (dom == old_domain) {
- APPEND_PARAM(command, USERMOD_GID, gid);
- } else {
- ERROR("Changing gid only allowed inside the same domain\n");
- talloc_free(command);
- return EINVAL;
- }
- }
-
- APPEND_PARAM(command, USERMOD_GECOS, gecos);
- APPEND_PARAM(command, USERMOD_HOME, home);
- APPEND_PARAM(command, USERMOD_SHELL, shell);
-
- if (lock == DO_LOCK) {
- APPEND_STRING(command, USERMOD_LOCK);
- }
-
- if (lock == DO_UNLOCK) {
- APPEND_STRING(command, USERMOD_UNLOCK);
- }
-
- APPEND_PARAM(command, USERMOD_USERNAME, ctx->name);
-
- ret = system(command);
- if (ret) {
- if (ret == -1) {
- DEBUG(1, ("system(3) failed\n"));
- } else {
- DEBUG(1, ("Could not exec '%s', return code: %d\n",
- command, WEXITSTATUS(ret)));
- }
- talloc_free(command);
- return EFAULT;
- }
-
- talloc_free(command);
- return ret;
-}
-
int main(int argc, const char **argv)
{
int pc_lock = 0;
@@ -384,7 +273,6 @@ int main(int argc, const char **argv)
POPT_TABLEEND
};
poptContext pc = NULL;
- struct sss_domain_info *dom;
struct ops_ctx *data = NULL;
struct tools_ctx *ctx = NULL;
struct tevent_req *req;
@@ -471,8 +359,10 @@ int main(int argc, const char **argv)
goto fini;
}
- ret = parse_name_domain(data, pc_username);
+ /* if the domain was not given as part of FQDN, default to local domain */
+ ret = get_domain(data, pc_username);
if (ret != EOK) {
+ ERROR("Cannot get domain information\n");
ret = EXIT_FAILURE;
goto fini;
}
@@ -482,52 +372,11 @@ int main(int argc, const char **argv)
old_uid = pwd_info->pw_uid;
}
- ret = get_domain_by_id(data->ctx, data->uid, &dom);
- if (ret != EOK) {
- ERROR("Cannot get domain info\n");
+ if (id_in_range(data->uid, data->domain) != EOK) {
+ ERROR("The selected UID is outside the allowed range\n");
ret = EXIT_FAILURE;
goto fini;
}
- if (data->domain && data->uid && data->domain != dom) {
- ERROR("Selected domain %s conflicts with selected UID %llu\n",
- data->domain->name, (unsigned long long int) data->uid);
- ret = EXIT_FAILURE;
- goto fini;
- }
- if (data->domain == NULL && dom) {
- data->domain = dom;
- }
-
- ret = get_domain_type(data->ctx, data->domain);
- switch (ret) {
- case ID_IN_LOCAL:
- break;
-
- case ID_IN_LEGACY_LOCAL:
- ret = usermod_legacy(ctx, data, pc_uid, pc_gid, pc_gecos,
- pc_home, pc_shell, pc_lock, data->domain);
- if(ret != EOK) {
- ERROR("Cannot delete user from domain using the legacy tools\n");
- }
- goto fini;
-
- case ID_OUTSIDE:
- ERROR("The selected UID is outside all domain ranges\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- case ID_IN_OTHER:
- DEBUG(1, ("Cannot modify user from domain %s\n", dom->name));
- ERROR("Unsupported domain type\n");
- ret = EXIT_FAILURE;
- goto fini;
-
- default:
- DEBUG(1, ("Unknown return code %d from find_domain_for_id\n", ret));
- ERROR("Error looking up domain\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
/* add parameters to changeset */
/* FIXME - might want to do this via attr:pc_var mapping in a loop */
diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c
index 6845735c..c23899c8 100644
--- a/server/tools/tools_util.c
+++ b/server/tools/tools_util.c
@@ -29,63 +29,6 @@
#include "db/sysdb.h"
#include "tools/tools_util.h"
-/*
- * Returns:
- * 0 = yes, local domain proxying to files
- * -1 = no, other type of domain
- * > 0 = error code
- */
-static int is_domain_local_legacy(struct tools_ctx *ctx, struct sss_domain_info *dom)
-{
- char *libname = NULL;
- char *conf_path = NULL;
- int ret = -1;
-
- /* Is there a better way to find out? Having LEGACYLOCAL as reserved would help */
- conf_path = talloc_asprintf(ctx, "config/domains/%s", dom->name);
- if (conf_path == NULL ) {
- return ENOMEM;
- }
-
- ret = confdb_get_string(ctx->confdb, ctx, conf_path,
- "libName", NULL, &libname);
- if (ret != EOK) {
- talloc_free(conf_path);
- return ret;
- }
- if (libname == NULL) {
- talloc_free(conf_path);
- return -1;
- }
-
- if (strcasecmp(libname, "files") == 0) {
- talloc_free(conf_path);
- talloc_free(libname);
- return EOK;
- }
-
- talloc_free(conf_path);
- talloc_free(libname);
- return -1;
-}
-
-enum id_domain get_domain_type(struct tools_ctx *ctx,
- struct sss_domain_info *dom)
-{
- if (dom == NULL) {
- return ID_OUTSIDE;
- }
-
- if (strcasecmp(dom->provider, "local") == 0) {
- return ID_IN_LOCAL;
- } else if (strcasecmp(dom->provider, "files") == 0 ||
- is_domain_local_legacy(ctx, dom) == 0) {
- return ID_IN_LEGACY_LOCAL;
- }
-
- return ID_IN_OTHER;
-}
-
static struct sss_domain_info *get_local_domain(struct tools_ctx *ctx)
{
struct sss_domain_info *dom = NULL;
@@ -100,34 +43,6 @@ static struct sss_domain_info *get_local_domain(struct tools_ctx *ctx)
return dom;
}
-int get_domain_by_id(struct tools_ctx *ctx,
- uint32_t id,
- struct sss_domain_info **_dom)
-{
- struct sss_domain_info *dom = NULL;
- int ret = EOK;
-
- if (id) {
- for (dom = ctx->domains; dom; dom = dom->next) {
- if (id >= dom->id_min &&
- (dom->id_max == 0 || id <= dom->id_max)) {
- break;
- }
- }
- }
-
- if (dom == NULL && id == 0) {
- dom = get_local_domain(ctx);
- if (dom == NULL) {
- DEBUG(1, ("Cannot find local domain info\n"));
- ret = ENOENT;
- }
- }
-
- *_dom = dom;
- return ret;
-}
-
int setup_db(struct tools_ctx **tools_ctx)
{
struct sss_domain_info *dom;
@@ -248,8 +163,8 @@ int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out)
return EOK;
}
-int parse_name_domain(struct ops_ctx *octx,
- const char *fullname)
+static int parse_name_domain(struct ops_ctx *octx,
+ const char *fullname)
{
int ret;
char *domain = NULL;
@@ -282,6 +197,37 @@ int parse_name_domain(struct ops_ctx *octx,
return EOK;
}
+int get_domain(struct ops_ctx *octx,
+ const char *fullname)
+{
+ int ret;
+
+ ret = parse_name_domain(octx, fullname);
+ if (ret != EOK) {
+ return ret;
+ }
+ if (octx->domain == NULL) {
+ octx->domain = get_local_domain(octx->ctx);
+ if (octx->domain == NULL) {
+ return EINVAL;
+ }
+ }
+
+ return EOK;
+}
+
+int id_in_range(uint32_t id,
+ struct sss_domain_info *dom)
+{
+ if (id &&
+ ((id < dom->id_min) ||
+ (dom->id_max && id > dom->id_max))) {
+ return ERANGE;
+ }
+
+ return EOK;
+}
+
int set_locale(void)
{
char *c;
diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h
index 772ba36b..a8275e84 100644
--- a/server/tools/tools_util.h
+++ b/server/tools/tools_util.h
@@ -78,18 +78,16 @@ int setup_db(struct tools_ctx **ctx);
void usage(poptContext pc, const char *error);
-int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out);
-
-enum id_domain get_domain_type(struct tools_ctx *ctx,
- struct sss_domain_info *dom);
+int set_locale(void);
-int get_domain_by_id(struct tools_ctx *ctx,
- uint32_t id,
- struct sss_domain_info **_dom);
+int get_domain(struct ops_ctx *octx,
+ const char *fullname);
-int set_locale(void);
+int id_in_range(uint32_t id,
+ struct sss_domain_info *dom);
-int parse_name_domain(struct ops_ctx *octx,
- const char *fullname);
+int parse_groups(TALLOC_CTX *mem_ctx,
+ const char *optstr,
+ char ***_out);
#endif /* __TOOLS_UTIL_H__ */