From 7fb74edcde011adef137357c916494409a94f1a1 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 12 Aug 2009 18:21:53 +0200
Subject: Tools ID range fixes

The tools did not take the special case where id_max = 0 (no limit)
into account.

Also disallow adding users when ID is specified outside any domain.

Resolves trac tickets #86 and #89
---
 server/tools/sss_useradd.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'server/tools/sss_useradd.c')

diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c
index 35dcee760..51f0eed83 100644
--- a/server/tools/sss_useradd.c
+++ b/server/tools/sss_useradd.c
@@ -296,7 +296,10 @@ static int useradd_legacy(struct ops_ctx *ctx, char *grouplist)
 
     APPEND_PARAM(command, USERADD_UID_MIN, ctx->domain->id_min);
 
-    APPEND_PARAM(command, USERADD_UID_MAX, ctx->domain->id_max);
+    /* id_max == 0 means no limit */
+    if (ctx->domain->id_max) {
+        APPEND_PARAM(command, USERADD_UID_MAX, ctx->domain->id_max);
+    }
 
     APPEND_PARAM(command, USERADD_GROUPS, grouplist);
 
@@ -499,13 +502,17 @@ int main(int argc, const char **argv)
             break;
 
         case ID_IN_LEGACY_LOCAL:
-        case ID_OUTSIDE:
             ret = useradd_legacy(data, groups);
             if(ret != EOK) {
                 ERROR("Cannot add user to domain using the legacy tools\n");
             }
             goto fini;
 
+        case ID_OUTSIDE:
+            ERROR("The selected UID is outside all domain ranges\n");
+            ret = EXIT_FAILURE;
+            goto fini;
+
         case ID_IN_OTHER:
             DEBUG(1, ("Cannot add user to domain %s\n", dom->name));
             ERROR("Unsupported domain type\n");
-- 
cgit