From 1e08c6f901ad477d9be4b74942487bb3e8573ce3 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 22 Apr 2009 17:00:12 +0200 Subject: fixes for user and group creation in LOCAL domain - added range check for supplied UIDs and GIDs - initialize pc_gid to 0 to trigger gid generation --- server/db/sysdb_ops.c | 19 +++++++++++++++++++ server/tools/sss_groupadd.c | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/server/db/sysdb_ops.c b/server/db/sysdb_ops.c index a75c3466d..7daf11706 100644 --- a/server/db/sysdb_ops.c +++ b/server/db/sysdb_ops.c @@ -868,6 +868,19 @@ int sysdb_add_user(struct sysdb_req *sysreq, return EINVAL; } + if (domain->id_max != 0 && (uid < domain->id_min || uid > domain->id_max)) { + DEBUG(2, ("Supplied uid [%d] is not in the allowed range [%d-%d].\n", + uid, domain->id_min, domain->id_max)); + return EINVAL; + } + + if (domain->id_max != 0 && (gid < domain->id_min || gid > domain->id_max)) { + DEBUG(2, ("Supplied gid [%d] is not in the allowed range [%d-%d].\n", + gid, domain->id_min, domain->id_max)); + return EINVAL; + } + + user_ctx = talloc(sysreq, struct user_add_ctx); if (!user_ctx) return ENOMEM; @@ -1052,6 +1065,12 @@ int sysdb_add_group(struct sysdb_req *sysreq, return EINVAL; } + if (domain->id_max != 0 && (gid < domain->id_min || gid > domain->id_max)) { + DEBUG(2, ("Supplied gid [%d] is not in the allowed range [%d-%d].\n", + gid, domain->id_min, domain->id_max)); + return EINVAL; + } + group_ctx = talloc(sysreq, struct group_add_ctx); if (!group_ctx) return ENOMEM; diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c index d05597164..6dde7ae83 100644 --- a/server/tools/sss_groupadd.c +++ b/server/tools/sss_groupadd.c @@ -77,7 +77,7 @@ static void add_group(struct sysdb_req *req, void *pvt) int main(int argc, const char **argv) { - gid_t pc_gid; + gid_t pc_gid = 0; struct poptOption long_options[] = { POPT_AUTOHELP { "gid", 'g', POPT_ARG_INT, &pc_gid, 0, "The GID of the group", NULL }, -- cgit