-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
One of my previous patches disallowed adding users and groups outside
known domains but I forgot disallowing modifying, deleting, etc.
Fixes: ticket #114
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkqOZ7QACgkQHsardTLnvCWAyACePh6G5RKsvhlIVSKwRfeASHw3
rGAAn0XX6gphj2xLgPOvRb1NS9JboqWZ
=J7zs
-----END PGP SIGNATURE-----
>From 642a57b199d8817596874f5d2ea9b264838fa290 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Fri, 21 Aug 2009 11:18:49 +0200
Subject: [PATCH] Disallow all legacy operations outside domains
One of the previous patches disallowed adding users and groups outside
known domains but it was missing disallowing modifying, deleting, etc.
Fixes: ticket #114
---
server/tools/sss_groupdel.c | 6 +++++-
server/tools/sss_groupmod.c | 6 +++++-
server/tools/sss_userdel.c | 6 +++++-
server/tools/sss_usermod.c | 6 +++++-
4 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c
index 2c6d049..a70e415 100644
--- a/server/tools/sss_groupdel.c
+++ b/server/tools/sss_groupdel.c
@@ -141,7 +141,6 @@ int main(int argc, const char **argv)
break;
case ID_IN_LEGACY_LOCAL:
- case ID_OUTSIDE:
ret = groupdel_legacy(data);
if(ret != EOK) {
ERROR("Cannot delete group from domain using the legacy tools\n");
@@ -150,6 +149,11 @@ int main(int argc, const char **argv)
}
break; /* Also delete possible cached entries in sysdb */
+ case ID_OUTSIDE:
+ ERROR("The selected GID is outside all domain ranges\n");
+ ret = EXIT_FAILURE;
+ goto fini;
+
case ID_IN_OTHER:
DEBUG(1, ("Cannot remove group from domain %s\n", data->domain->name));
ERROR("Unsupported domain type\n");
diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c
index 4f681ea..2fc985b 100644
--- a/server/tools/sss_groupmod.c
+++ b/server/tools/sss_groupmod.c
@@ -222,13 +222,17 @@ int main(int argc, const char **argv)
break;
case ID_IN_LEGACY_LOCAL:
- case ID_OUTSIDE:
ret = groupmod_legacy(data->ctx, data, data->domain);
if(ret != EOK) {
ERROR("Cannot delete group from domain using the legacy tools\n");
}
goto fini;
+ case ID_OUTSIDE:
+ ERROR("The selected GID is outside all domain ranges\n");
+ ret = EXIT_FAILURE;
+ goto fini;
+
case ID_IN_OTHER:
DEBUG(1, ("Cannot modify group from domain %s\n", data->domain->name));
ERROR("Unsupported domain type\n");
diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c
index 38bb83b..bc08990 100644
--- a/server/tools/sss_userdel.c
+++ b/server/tools/sss_userdel.c
@@ -140,7 +140,6 @@ int main(int argc, const char **argv)
break;
case ID_IN_LEGACY_LOCAL:
- case ID_OUTSIDE:
ret = userdel_legacy(data);
if(ret != EOK) {
ERROR("Cannot delete user from domain using the legacy tools\n");
@@ -149,6 +148,11 @@ int main(int argc, const char **argv)
}
break; /* Also delete possible cached entries in sysdb */
+ case ID_OUTSIDE:
+ ERROR("The selected UID is outside all domain ranges\n");
+ ret = EXIT_FAILURE;
+ goto fini;
+
case ID_IN_OTHER:
DEBUG(1, ("Cannot remove user from domain %s\n", data->domain->name));
ERROR("Unsupported domain type\n");
diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c
index 23ae3cc..cdc8e3f 100644
--- a/server/tools/sss_usermod.c
+++ b/server/tools/sss_usermod.c
@@ -290,7 +290,6 @@ int main(int argc, const char **argv)
break;
case ID_IN_LEGACY_LOCAL:
- case ID_OUTSIDE:
ret = usermod_legacy(data->ctx, data, pc_uid, pc_gid, pc_gecos,
pc_home, pc_shell, pc_lock, data->domain);
if(ret != EOK) {
@@ -298,6 +297,11 @@ int main(int argc, const char **argv)
}
goto fini;
+ case ID_OUTSIDE:
+ ERROR("The selected UID is outside all domain ranges\n");
+ ret = EXIT_FAILURE;
+ goto fini;
+
case ID_IN_OTHER:
DEBUG(1, ("Cannot modify user from domain %s\n", data->domain->name));
ERROR("Unsupported domain type\n");
--
1.6.2.5
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
