From 1f6d7dfad2956cb2f6c33104eda4fdbefe380a42 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 27 Jul 2009 09:49:45 +0200 Subject: Parse fully qualified names in tools Allow adding users into different domains not only by specifying ID directly but also by specifying fully qualified name. Exit when both specifications are used in conflict. --- server/tools/sss_usermod.c | 54 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 11 deletions(-) (limited to 'server/tools/sss_usermod.c') diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c index ca6463fa..0e1055dd 100644 --- a/server/tools/sss_usermod.c +++ b/server/tools/sss_usermod.c @@ -289,7 +289,8 @@ static void add_to_groups_done(struct tevent_req *req) static int usermod_legacy(struct tools_ctx *tools_ctx, struct ops_ctx *ctx, uid_t uid, gid_t gid, const char *gecos, const char *home, - const char *shell, int lock, int old_domain) + const char *shell, int lock, + struct sss_domain_info *old_domain) { int ret = EOK; char *command = NULL; @@ -298,8 +299,13 @@ static int usermod_legacy(struct tools_ctx *tools_ctx, struct ops_ctx *ctx, APPEND_STRING(command, USERMOD); if (uid) { - ret = find_domain_for_id(tools_ctx, uid, &dom); - if (ret == old_domain) { + ret = get_domain_by_id(tools_ctx, ctx->gid, &dom); + if (ret != EOK) { + ERROR("Cannot get domain info\n"); + talloc_free(command); + return EINVAL; + } + if (dom == old_domain) { APPEND_PARAM(command, USERMOD_UID, uid); } else { ERROR("Changing uid only allowed inside the same domain\n"); @@ -309,8 +315,13 @@ static int usermod_legacy(struct tools_ctx *tools_ctx, struct ops_ctx *ctx, } if (gid) { - ret = find_domain_for_id(tools_ctx, gid, &dom); - if (ret == old_domain) { + ret = get_domain_by_id(tools_ctx, ctx->gid, &dom); + if (ret != EOK) { + ERROR("Cannot get domain info\n"); + talloc_free(command); + return EINVAL; + } + if (dom == old_domain) { APPEND_PARAM(command, USERMOD_GID, gid); } else { ERROR("Changing gid only allowed inside the same domain\n"); @@ -381,6 +392,7 @@ int main(int argc, const char **argv) int ret; struct passwd *pwd_info; uid_t old_uid = 0; + const char *pc_username = NULL; debug_prg_name = argv[0]; @@ -452,29 +464,49 @@ int main(int argc, const char **argv) } /* username is an argument without --option */ - data->name = poptGetArg(pc); - if (data->name == NULL) { + pc_username = poptGetArg(pc); + if (pc_username == NULL) { usage(pc, _("Specify user to modify\n")); ret = EXIT_FAILURE; goto fini; } + ret = parse_name_domain(data, pc_username); + if (ret != EOK) { + ret = EXIT_FAILURE; + goto fini; + } + pwd_info = getpwnam(data->name); if (pwd_info) { old_uid = pwd_info->pw_uid; } - ret = find_domain_for_id(ctx, old_uid, &dom); + ret = get_domain_by_id(data->ctx, data->uid, &dom); + if (ret != EOK) { + ERROR("Cannot get domain info\n"); + ret = EXIT_FAILURE; + goto fini; + } + if (data->domain && data->uid && data->domain != dom) { + ERROR("Selected domain %s conflicts with selected UID %llu\n", + data->domain->name, (unsigned long long int) data->uid); + ret = EXIT_FAILURE; + goto fini; + } + if (data->domain == NULL && dom) { + data->domain = dom; + } + + ret = get_domain_type(data->ctx, data->domain); switch (ret) { case ID_IN_LOCAL: - data->domain = dom; break; case ID_IN_LEGACY_LOCAL: - data->domain = dom; case ID_OUTSIDE: ret = usermod_legacy(ctx, data, pc_uid, pc_gid, pc_gecos, - pc_home, pc_shell, pc_lock, ret); + pc_home, pc_shell, pc_lock, data->domain); if(ret != EOK) { ERROR("Cannot delete user from domain using the legacy tools\n"); } -- cgit