Disallow all operations outside domains, fix deleting cache for files

One of the previous patches disallowed adding users and groups outside
known domains but it was missing disallowing modifying, deleting, etc.

Also don't error if there's no sysdb cache to delete after deleting
legacy user/domain.

Fixes: tickets #113,#114

1 files changed, 5 insertions, 1 deletions

diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c
index 175d08d13..cca9abc6e 100644
--- a/server/tools/sss_groupmod.c
+++ b/server/tools/sss_groupmod.c
@@ -439,13 +439,17 @@ int main(int argc, const char **argv)
             break;
 
         case ID_IN_LEGACY_LOCAL:
-        case ID_OUTSIDE:
             ret = groupmod_legacy(ctx, data, data->domain);
             if(ret != EOK) {
                 ERROR("Cannot delete group from domain using the legacy tools\n");
             }
             goto fini;
 
+        case ID_OUTSIDE:
+            ERROR("The selected GID is outside all domain ranges\n");
+            ret = EXIT_FAILURE;
+            goto fini;
+
         case ID_IN_OTHER:
             DEBUG(1, ("Cannot modify group from domain %s\n", dom->name));
             ERROR("Unsupported domain type\n");