-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patch attached.
Jakub
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkqC9KgACgkQHsardTLnvCUiLgCg10+VZwOr4hYAzshueEri6517
/LMAnRVXuFlhSW/SDB2PhL5DjNsdanHh
=eYfp
-----END PGP SIGNATURE-----
>From 1d23d3a45daf66cdf02d681a96dc8dd1208785ba Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Wed, 12 Aug 2009 18:21:53 +0200
Subject: [PATCH] Tools ID range fixes
The tools did not take the special case where id_max = 0 (no limit)
into account.
Also disallow adding users when ID is specified outside any domain.
Resolves trac tickets #86 and #89
---
server/tools/sss_groupadd.c | 6 +++++-
server/tools/sss_useradd.c | 11 +++++++++--
server/tools/tools_util.c | 3 ++-
3 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c
index 05f814a..5c4733d 100644
--- a/server/tools/sss_groupadd.c
+++ b/server/tools/sss_groupadd.c
@@ -237,13 +237,17 @@ int main(int argc, const char **argv)
break;
case ID_IN_LEGACY_LOCAL:
- case ID_OUTSIDE:
ret = groupadd_legacy(data);
if(ret != EOK) {
ERROR("Cannot add group to domain using the legacy tools\n");
}
goto fini;
+ case ID_OUTSIDE:
+ ERROR("The selected GID is outside all domain ranges\n");
+ ret = EXIT_FAILURE;
+ goto fini;
+
case ID_IN_OTHER:
DEBUG(1, ("Cannot add group to domain %s\n", dom->name));
ERROR("Unsupported domain type");
diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c
index 35dcee7..51f0eed 100644
--- a/server/tools/sss_useradd.c
+++ b/server/tools/sss_useradd.c
@@ -296,7 +296,10 @@ static int useradd_legacy(struct ops_ctx *ctx, char *grouplist)
APPEND_PARAM(command, USERADD_UID_MIN, ctx->domain->id_min);
- APPEND_PARAM(command, USERADD_UID_MAX, ctx->domain->id_max);
+ /* id_max == 0 means no limit */
+ if (ctx->domain->id_max) {
+ APPEND_PARAM(command, USERADD_UID_MAX, ctx->domain->id_max);
+ }
APPEND_PARAM(command, USERADD_GROUPS, grouplist);
@@ -499,13 +502,17 @@ int main(int argc, const char **argv)
break;
case ID_IN_LEGACY_LOCAL:
- case ID_OUTSIDE:
ret = useradd_legacy(data, groups);
if(ret != EOK) {
ERROR("Cannot add user to domain using the legacy tools\n");
}
goto fini;
+ case ID_OUTSIDE:
+ ERROR("The selected UID is outside all domain ranges\n");
+ ret = EXIT_FAILURE;
+ goto fini;
+
case ID_IN_OTHER:
DEBUG(1, ("Cannot add user to domain %s\n", dom->name));
ERROR("Unsupported domain type\n");
diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c
index 1e0e91d..79f73ac 100644
--- a/server/tools/tools_util.c
+++ b/server/tools/tools_util.c
@@ -108,7 +108,8 @@ int get_domain_by_id(struct tools_ctx *ctx,
if (id) {
for (dom = ctx->domains; dom; dom = dom->next) {
- if (id >= dom->id_min && id <= dom->id_max) {
+ if (id >= dom->id_min &&
+ (dom->id_max == 0 || id <= dom->id_max)) {
break;
}
}
--
1.6.2.5
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
