From 7fb74edcde011adef137357c916494409a94f1a1 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 12 Aug 2009 18:21:53 +0200
Subject: Tools ID range fixes

The tools did not take the special case where id_max = 0 (no limit)
into account.

Also disallow adding users when ID is specified outside any domain.

Resolves trac tickets #86 and #89
---
 server/tools/sss_groupadd.c |  6 +++++-
 server/tools/sss_useradd.c  | 11 +++++++++--
 server/tools/tools_util.c   |  3 ++-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c
index 05f814a77..5c4733d7b 100644
--- a/server/tools/sss_groupadd.c
+++ b/server/tools/sss_groupadd.c
@@ -237,13 +237,17 @@ int main(int argc, const char **argv)
             break;
 
         case ID_IN_LEGACY_LOCAL:
-        case ID_OUTSIDE:
             ret = groupadd_legacy(data);
             if(ret != EOK) {
                 ERROR("Cannot add group to domain using the legacy tools\n");
             }
             goto fini;
 
+        case ID_OUTSIDE:
+            ERROR("The selected GID is outside all domain ranges\n");
+            ret = EXIT_FAILURE;
+            goto fini;
+
         case ID_IN_OTHER:
             DEBUG(1, ("Cannot add group to domain %s\n", dom->name));
             ERROR("Unsupported domain type");
diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c
index 35dcee760..51f0eed83 100644
--- a/server/tools/sss_useradd.c
+++ b/server/tools/sss_useradd.c
@@ -296,7 +296,10 @@ static int useradd_legacy(struct ops_ctx *ctx, char *grouplist)
 
     APPEND_PARAM(command, USERADD_UID_MIN, ctx->domain->id_min);
 
-    APPEND_PARAM(command, USERADD_UID_MAX, ctx->domain->id_max);
+    /* id_max == 0 means no limit */
+    if (ctx->domain->id_max) {
+        APPEND_PARAM(command, USERADD_UID_MAX, ctx->domain->id_max);
+    }
 
     APPEND_PARAM(command, USERADD_GROUPS, grouplist);
 
@@ -499,13 +502,17 @@ int main(int argc, const char **argv)
             break;
 
         case ID_IN_LEGACY_LOCAL:
-        case ID_OUTSIDE:
             ret = useradd_legacy(data, groups);
             if(ret != EOK) {
                 ERROR("Cannot add user to domain using the legacy tools\n");
             }
             goto fini;
 
+        case ID_OUTSIDE:
+            ERROR("The selected UID is outside all domain ranges\n");
+            ret = EXIT_FAILURE;
+            goto fini;
+
         case ID_IN_OTHER:
             DEBUG(1, ("Cannot add user to domain %s\n", dom->name));
             ERROR("Unsupported domain type\n");
diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c
index 1e0e91de9..79f73ac66 100644
--- a/server/tools/tools_util.c
+++ b/server/tools/tools_util.c
@@ -108,7 +108,8 @@ int get_domain_by_id(struct tools_ctx *ctx,
 
     if (id) {
         for (dom = ctx->domains; dom; dom = dom->next) {
-            if (id >= dom->id_min && id <= dom->id_max) {
+            if (id >= dom->id_min &&
+                (dom->id_max == 0 || id <= dom->id_max)) {
                 break;
             }
         }
-- 
cgit