diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2009-09-10 22:34:56 +0200 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2009-09-23 07:33:45 -0400 |
| commit | 716a203f171fda4bcb3e2bf9f2564b331ac1f85a (patch) | |
| tree | 75514074d7d9e850ff5cd74f625b0e2930c6b367 | |
| parent | 87b8670b2749d02ffdc6c06506ac692b09db5be2 (diff) | |
| download | sssd-716a203f171fda4bcb3e2bf9f2564b331ac1f85a.tar.gz sssd-716a203f171fda4bcb3e2bf9f2564b331ac1f85a.tar.xz sssd-716a203f171fda4bcb3e2bf9f2564b331ac1f85a.zip | |
Allow entering parent groups as FQDN
Allow entering parent groups for groupadd,useradd,usermod as FQDN. Since
members and parents must be from the same domain, error out if we can't
determine the domain of member.
Fixes: #121
| -rw-r--r-- | server/tools/sss_groupadd.c | 2 | ||||
| -rw-r--r-- | server/tools/sss_groupdel.c | 2 | ||||
| -rw-r--r-- | server/tools/sss_groupmod.c | 16 | ||||
| -rw-r--r-- | server/tools/sss_useradd.c | 9 | ||||
| -rw-r--r-- | server/tools/sss_userdel.c | 2 | ||||
| -rw-r--r-- | server/tools/sss_usermod.c | 16 | ||||
| -rw-r--r-- | server/tools/tools_util.c | 40 | ||||
| -rw-r--r-- | server/tools/tools_util.h | 3 |
8 files changed, 83 insertions, 7 deletions
diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c index f528730c9..72bd0fdff 100644 --- a/server/tools/sss_groupadd.c +++ b/server/tools/sss_groupadd.c @@ -126,7 +126,7 @@ int main(int argc, const char **argv) /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_groupname); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c index 6677eb96b..3134279d9 100644 --- a/server/tools/sss_groupdel.c +++ b/server/tools/sss_groupdel.c @@ -124,7 +124,7 @@ int main(int argc, const char **argv) /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_groupname); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c index caf446615..1ecf076c1 100644 --- a/server/tools/sss_groupmod.c +++ b/server/tools/sss_groupmod.c @@ -149,7 +149,7 @@ int main(int argc, const char **argv) ret = parse_name_domain(tctx, pc_groupname); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } @@ -163,6 +163,13 @@ int main(int argc, const char **argv) ERROR("Internal error while parsing parameters\n"); goto fini; } + + ret = parse_group_name_domain(tctx, tctx->octx->addgroups); + if (ret != EOK) { + DEBUG(1, ("Cannot parse FQDN groups to add the group to\n")); + ERROR("Member groups must be in the same domain as parent group\n"); + goto fini; + } } if (rmgroups) { @@ -172,6 +179,13 @@ int main(int argc, const char **argv) ERROR("Internal error while parsing parameters\n"); goto fini; } + + ret = parse_group_name_domain(tctx, tctx->octx->rmgroups); + if (ret != EOK) { + DEBUG(1, ("Cannot parse FQDN groups to remove the group from\n")); + ERROR("Member groups must be in the same domain as parent group\n"); + goto fini; + } } if (id_in_range(tctx->octx->gid, tctx->octx->domain) != EOK) { diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c index becf205aa..61034bef6 100644 --- a/server/tools/sss_useradd.c +++ b/server/tools/sss_useradd.c @@ -221,7 +221,7 @@ int main(int argc, const char **argv) /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_username); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } @@ -233,6 +233,13 @@ int main(int argc, const char **argv) ERROR("Internal error while parsing parameters\n"); goto fini; } + + ret = parse_group_name_domain(tctx, tctx->octx->addgroups); + if (ret != EOK) { + DEBUG(1, ("Cannot parse FQDN groups to add the user to\n")); + ERROR("Groups must be in the same domain as user\n"); + goto fini; + } } /* Same as shadow-utils useradd, -g can specify gid or group name */ diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c index 7c20a6908..83db3cd57 100644 --- a/server/tools/sss_userdel.c +++ b/server/tools/sss_userdel.c @@ -124,7 +124,7 @@ int main(int argc, const char **argv) /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_username); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c index 02ed74e46..5be1dfb64 100644 --- a/server/tools/sss_usermod.c +++ b/server/tools/sss_usermod.c @@ -165,7 +165,7 @@ int main(int argc, const char **argv) /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_username); if (ret != EOK) { - ERROR("Cannot get domain information\n"); + ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } @@ -183,6 +183,13 @@ int main(int argc, const char **argv) ERROR("Internal error while parsing parameters\n"); goto fini; } + + ret = parse_group_name_domain(tctx, tctx->octx->addgroups); + if (ret != EOK) { + DEBUG(1, ("Cannot parse FQDN groups to add the user to\n")); + ERROR("Groups must be in the same domain as user\n"); + goto fini; + } } if (rmgroups) { @@ -192,6 +199,13 @@ int main(int argc, const char **argv) ERROR("Internal error while parsing parameters\n"); goto fini; } + + ret = parse_group_name_domain(tctx, tctx->octx->rmgroups); + if (ret != EOK) { + DEBUG(1, ("Cannot parse FQDN groups to remove the user from\n")); + ERROR("Groups must be in the same domain as user\n"); + goto fini; + } } tctx->octx->gecos = pc_gecos; diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c index eeec13c0a..a6ccbc943 100644 --- a/server/tools/tools_util.c +++ b/server/tools/tools_util.c @@ -135,6 +135,44 @@ int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out) return EOK; } +int parse_group_name_domain(struct tools_ctx *tctx, + char **groups) +{ + int i; + int ret; + char *name = NULL; + char *domain = NULL; + + if (!groups) { + return EOK; + } + + for (i = 0; groups[i]; ++i) { + ret = sss_parse_name(tctx, tctx->snctx, groups[i], &domain, &name); + + /* If FQDN is specified, it must be within the same domain as user */ + if (domain) { + if (strcmp(domain, tctx->octx->domain->name) != 0) { + return EINVAL; + } + + /* Use only groupname */ + talloc_zfree(groups[i]); + groups[i] = talloc_strdup(tctx, name); + if (groups[i] == NULL) { + return ENOMEM; + } + } + + talloc_zfree(name); + talloc_zfree(domain); + } + + talloc_zfree(name); + talloc_zfree(domain); + return EOK; +} + int parse_name_domain(struct tools_ctx *tctx, const char *fullname) { @@ -152,7 +190,7 @@ int parse_name_domain(struct tools_ctx *tctx, DEBUG(5, ("Parsed domain: %s\n", domain)); /* only the local domain, whatever named is allowed in tools */ if (strcasecmp(domain, tctx->local->name) != 0) { - DEBUG(0, ("Invalid domain %s specified in FQDN\n", domain)); + DEBUG(1, ("Invalid domain %s specified in FQDN\n", domain)); return EINVAL; } } diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h index c63b90332..f17e68dac 100644 --- a/server/tools/tools_util.h +++ b/server/tools/tools_util.h @@ -70,6 +70,9 @@ int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out); +int parse_group_name_domain(struct tools_ctx *tctx, + char **groups); + void tools_transaction_done(struct tevent_req *req); #endif /* __TOOLS_UTIL_H__ */ |