Skip to content

Commit

Permalink
Do not delete users, groups outside domain range
Browse files Browse the repository at this point in the history 
Fixes: 240
  • Loading branch information
@jhrozek @sgallagher
jhrozek authored and sgallagher committed Nov 4, 2009
1 parent a98abcc commit 73df935
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 11 deletions.
18 changes: 18 additions & 0 deletions server/tools/sss_groupdel.c
View file
Expand Up @@ -90,6 +90,24 @@ int main(int argc, const char **argv)
goto fini;
}

ret = sysdb_getgrnam_sync(tctx, tctx->ev, tctx->sysdb,
tctx->octx->name, tctx->local,
&tctx->octx);
if (ret != EOK) {
ERROR("Cannot find group in local domain, "
"modifying groups is allowed only in local domain\n");
ret = EXIT_FAILURE;
goto fini;
}

if ((tctx->octx->gid < tctx->local->id_min) ||
(tctx->local->id_max && tctx->octx->gid > tctx->local->id_max)) {
ERROR("Group %s is outside the defined ID range for domain\n",
tctx->octx->name);
ret = EXIT_FAILURE;
goto fini;
}

start_transaction(tctx);
if (tctx->error != EOK) {
goto done;
Expand Down
28 changes: 17 additions & 11 deletions server/tools/sss_userdel.c
View file
Expand Up @@ -121,17 +121,23 @@ int main(int argc, const char **argv)
goto fini;
}

if (tctx->octx->remove_homedir) {
ret = sysdb_getpwnam_sync(tctx,
tctx->ev,
tctx->sysdb,
tctx->octx->name,
tctx->local,
&tctx->octx);
if (ret != EOK) {
/* Error message will be printed in the switch */
goto done;
}
ret = sysdb_getpwnam_sync(tctx,
tctx->ev,
tctx->sysdb,
tctx->octx->name,
tctx->local,
&tctx->octx);
if (ret != EOK) {
/* Error message will be printed in the switch */
goto done;
}

if ((tctx->octx->uid < tctx->local->id_min) ||
(tctx->local->id_max && tctx->octx->uid > tctx->local->id_max)) {
ERROR("User %s is outside the defined ID range for domain\n",
tctx->octx->name);
ret = EXIT_FAILURE;
goto fini;
}

start_transaction(tctx);
Expand Down

0 comments on commit 73df935

Please sign in to comment.