-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fixes: #240 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkrxfaEACgkQHsardTLnvCV42ACfR7q6eEBeOIXtxntfXVT9SjzD 7moAoNlJLNnYWsxt5ouosuC8xn/DU6p6 =MVy0 -----END PGP SIGNATURE-----
>From 1a558b9024bee8d27d5c689939274b5f0f135aee Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Mon, 2 Nov 2009 11:40:21 +0100 Subject: [PATCH] Do not delete users, groups outside domain range Fixes: 240 --- server/tools/sss_groupdel.c | 17 +++++++++++++++++ server/tools/sss_userdel.c | 27 ++++++++++++++++----------- 2 files changed, 33 insertions(+), 11 deletions(-) diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c index d6e3dfd..80e2244 100644 --- a/server/tools/sss_groupdel.c +++ b/server/tools/sss_groupdel.c @@ -90,6 +90,23 @@ int main(int argc, const char **argv) goto fini; } + ret = sysdb_getgrnam_sync(tctx, tctx->ev, tctx->sysdb, + tctx->octx->name, tctx->local, + &tctx->octx); + if (ret != EOK) { + ERROR("Cannot find group in local domain, " + "modifying groups is allowed only in local domain\n"); + ret = EXIT_FAILURE; + goto fini; + } + + if (id_in_range(tctx->octx->gid, tctx->octx->domain) != EOK) { + ERROR("Group %s is outside the defined ID range for domain\n", + tctx->octx->name); + ret = EXIT_FAILURE; + goto fini; + } + start_transaction(tctx); if (tctx->error != EOK) { goto done; diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c index d4088cb..9266e6b 100644 --- a/server/tools/sss_userdel.c +++ b/server/tools/sss_userdel.c @@ -121,17 +121,22 @@ int main(int argc, const char **argv) goto fini; } - if (tctx->octx->remove_homedir) { - ret = sysdb_getpwnam_sync(tctx, - tctx->ev, - tctx->sysdb, - tctx->octx->name, - tctx->local, - &tctx->octx); - if (ret != EOK) { - /* Error message will be printed in the switch */ - goto done; - } + ret = sysdb_getpwnam_sync(tctx, + tctx->ev, + tctx->sysdb, + tctx->octx->name, + tctx->local, + &tctx->octx); + if (ret != EOK) { + /* Error message will be printed in the switch */ + goto done; + } + + if (id_in_range(tctx->octx->uid, tctx->octx->domain) != EOK) { + ERROR("User %s is outside the defined ID range for domain\n", + tctx->octx->name); + ret = EXIT_FAILURE; + goto fini; } start_transaction(tctx); -- 1.6.2.5
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel