Allow entering parent groups as FQDN

Allow entering parent groups for groupadd,useradd,usermod as FQDN. Since
members and parents must be from the same domain, error out if we can't
determine the domain of member.

Fixes: #121

1 files changed, 39 insertions, 1 deletions

diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c
index eeec13c0a..a6ccbc943 100644
--- a/server/tools/tools_util.c
+++ b/server/tools/tools_util.c
@@ -135,6 +135,44 @@ int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out)
     return EOK;
 }
 
+int parse_group_name_domain(struct tools_ctx *tctx,
+                            char **groups)
+{
+    int i;
+    int ret;
+    char *name = NULL;
+    char *domain = NULL;
+
+    if (!groups) {
+        return EOK;
+    }
+
+    for (i = 0; groups[i]; ++i) {
+        ret = sss_parse_name(tctx, tctx->snctx, groups[i], &domain, &name);
+
+        /* If FQDN is specified, it must be within the same domain as user */
+        if (domain) {
+            if (strcmp(domain, tctx->octx->domain->name) != 0) {
+                return EINVAL;
+            }
+
+            /* Use only groupname */
+            talloc_zfree(groups[i]);
+            groups[i] = talloc_strdup(tctx, name);
+            if (groups[i] == NULL) {
+                return ENOMEM;
+            }
+        }
+
+        talloc_zfree(name);
+        talloc_zfree(domain);
+    }
+
+    talloc_zfree(name);
+    talloc_zfree(domain);
+    return EOK;
+}
+
 int parse_name_domain(struct tools_ctx *tctx,
                       const char *fullname)
 {
@@ -152,7 +190,7 @@ int parse_name_domain(struct tools_ctx *tctx,
         DEBUG(5, ("Parsed domain: %s\n", domain));
         /* only the local domain, whatever named is allowed in tools */
         if (strcasecmp(domain, tctx->local->name) != 0) {
-            DEBUG(0, ("Invalid domain %s specified in FQDN\n", domain));
+            DEBUG(1, ("Invalid domain %s specified in FQDN\n", domain));
             return EINVAL;
         }
     }