diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2009-07-27 09:49:45 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-08-05 10:19:20 -0400 |
| commit | 1f6d7dfad2956cb2f6c33104eda4fdbefe380a42 (patch) | |
| tree | 3763e4fd1cfe233bbdcd342b26545577f141273e /server/tools/sss_usermod.c | |
| parent | a5fe74914ab920bfaed87c046c525ee7148623f2 (diff) | |
| download | sssd-1f6d7dfad2956cb2f6c33104eda4fdbefe380a42.tar.gz sssd-1f6d7dfad2956cb2f6c33104eda4fdbefe380a42.tar.xz sssd-1f6d7dfad2956cb2f6c33104eda4fdbefe380a42.zip | |
Parse fully qualified names in tools
Allow adding users into different domains not only by specifying
ID directly but also by specifying fully qualified name. Exit when
both specifications are used in conflict.
Diffstat (limited to 'server/tools/sss_usermod.c')
| -rw-r--r-- | server/tools/sss_usermod.c | 54 |
1 files changed, 43 insertions, 11 deletions
diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c index ca6463fa0..0e1055dd3 100644 --- a/server/tools/sss_usermod.c +++ b/server/tools/sss_usermod.c @@ -289,7 +289,8 @@ static void add_to_groups_done(struct tevent_req *req) static int usermod_legacy(struct tools_ctx *tools_ctx, struct ops_ctx *ctx, uid_t uid, gid_t gid, const char *gecos, const char *home, - const char *shell, int lock, int old_domain) + const char *shell, int lock, + struct sss_domain_info *old_domain) { int ret = EOK; char *command = NULL; @@ -298,8 +299,13 @@ static int usermod_legacy(struct tools_ctx *tools_ctx, struct ops_ctx *ctx, APPEND_STRING(command, USERMOD); if (uid) { - ret = find_domain_for_id(tools_ctx, uid, &dom); - if (ret == old_domain) { + ret = get_domain_by_id(tools_ctx, ctx->gid, &dom); + if (ret != EOK) { + ERROR("Cannot get domain info\n"); + talloc_free(command); + return EINVAL; + } + if (dom == old_domain) { APPEND_PARAM(command, USERMOD_UID, uid); } else { ERROR("Changing uid only allowed inside the same domain\n"); @@ -309,8 +315,13 @@ static int usermod_legacy(struct tools_ctx *tools_ctx, struct ops_ctx *ctx, } if (gid) { - ret = find_domain_for_id(tools_ctx, gid, &dom); - if (ret == old_domain) { + ret = get_domain_by_id(tools_ctx, ctx->gid, &dom); + if (ret != EOK) { + ERROR("Cannot get domain info\n"); + talloc_free(command); + return EINVAL; + } + if (dom == old_domain) { APPEND_PARAM(command, USERMOD_GID, gid); } else { ERROR("Changing gid only allowed inside the same domain\n"); @@ -381,6 +392,7 @@ int main(int argc, const char **argv) int ret; struct passwd *pwd_info; uid_t old_uid = 0; + const char *pc_username = NULL; debug_prg_name = argv[0]; @@ -452,29 +464,49 @@ int main(int argc, const char **argv) } /* username is an argument without --option */ - data->name = poptGetArg(pc); - if (data->name == NULL) { + pc_username = poptGetArg(pc); + if (pc_username == NULL) { usage(pc, _("Specify user to modify\n")); ret = EXIT_FAILURE; goto fini; } + ret = parse_name_domain(data, pc_username); + if (ret != EOK) { + ret = EXIT_FAILURE; + goto fini; + } + pwd_info = getpwnam(data->name); if (pwd_info) { old_uid = pwd_info->pw_uid; } - ret = find_domain_for_id(ctx, old_uid, &dom); + ret = get_domain_by_id(data->ctx, data->uid, &dom); + if (ret != EOK) { + ERROR("Cannot get domain info\n"); + ret = EXIT_FAILURE; + goto fini; + } + if (data->domain && data->uid && data->domain != dom) { + ERROR("Selected domain %s conflicts with selected UID %llu\n", + data->domain->name, (unsigned long long int) data->uid); + ret = EXIT_FAILURE; + goto fini; + } + if (data->domain == NULL && dom) { + data->domain = dom; + } + + ret = get_domain_type(data->ctx, data->domain); switch (ret) { case ID_IN_LOCAL: - data->domain = dom; break; case ID_IN_LEGACY_LOCAL: - data->domain = dom; case ID_OUTSIDE: ret = usermod_legacy(ctx, data, pc_uid, pc_gid, pc_gecos, - pc_home, pc_shell, pc_lock, ret); + pc_home, pc_shell, pc_lock, data->domain); if(ret != EOK) { ERROR("Cannot delete user from domain using the legacy tools\n"); } |