sss_usermod.c revision 9c124af8868a7d3908c03ec369e28daef17d5f12
fa9e4066f08beec538e775443c5be79dd423fcabahrens sss_usermod
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2009
fa9e4066f08beec538e775443c5be79dd423fcabahrens This program is free software; you can redistribute it and/or modify
fa9e4066f08beec538e775443c5be79dd423fcabahrens it under the terms of the GNU General Public License as published by
fa9e4066f08beec538e775443c5be79dd423fcabahrens the Free Software Foundation; either version 3 of the License, or
fa9e4066f08beec538e775443c5be79dd423fcabahrens (at your option) any later version.
fa9e4066f08beec538e775443c5be79dd423fcabahrens This program is distributed in the hope that it will be useful,
fa9e4066f08beec538e775443c5be79dd423fcabahrens but WITHOUT ANY WARRANTY; without even the implied warranty of
fa9e4066f08beec538e775443c5be79dd423fcabahrens MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
fa9e4066f08beec538e775443c5be79dd423fcabahrens GNU General Public License for more details.
fa9e4066f08beec538e775443c5be79dd423fcabahrens You should have received a copy of the GNU General Public License
fa9e4066f08beec538e775443c5be79dd423fcabahrens along with this program. If not, see <http://www.gnu.org/licenses/>.
fa9e4066f08beec538e775443c5be79dd423fcabahrens { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL },
fa9e4066f08beec538e775443c5be79dd423fcabahrens { "uid", 'u', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_uid, 0, _("The UID of the user"), NULL },
fa9e4066f08beec538e775443c5be79dd423fcabahrens { "gid", 'g', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_gid, 0, _("The GID of the user"), NULL },
fa9e4066f08beec538e775443c5be79dd423fcabahrens { "gecos", 'c', POPT_ARG_STRING, &pc_gecos, 0, _("The comment string"), NULL },
fa9e4066f08beec538e775443c5be79dd423fcabahrens { "home", 'h', POPT_ARG_STRING, &pc_home, 0, _("Home directory"), NULL },
fa9e4066f08beec538e775443c5be79dd423fcabahrens { "shell", 's', POPT_ARG_STRING, &pc_shell, 0, _("Login shell"), NULL },
104e2ed78d9ef0a0f89f320108b8ca29ca3850d5perrin { "append-group", 'a', POPT_ARG_STRING, NULL, 'a', _("Groups to add this user to"), NULL },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { "remove-group", 'r', POPT_ARG_STRING, NULL, 'r', _("Groups to remove this user from"), NULL },
fa9e4066f08beec538e775443c5be79dd423fcabahrens { "lock", 'L', POPT_ARG_NONE, NULL, 'L', _("Lock the account"), NULL },
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw { "unlock", 'U', POPT_ARG_NONE, NULL, 'U', _("Unlock the account"), NULL },
55434c770c89aa1b84474f2559a106803511aba0ek { "selinux-user", 'Z', POPT_ARG_STRING, &pc_selinux_user, 0, _("The SELinux user for user's login"), NULL },
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret)));
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee /* parse parameters */
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee pc = poptGetContext(NULL, argc, argv, long_options, 0);
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee switch (ret) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens /* username is an argument without --option */
104e2ed78d9ef0a0f89f320108b8ca29ca3850d5perrin DEBUG(1, ("init_sss_tools failed (%d): %s\n", ret, strerror(ret)));
fa9e4066f08beec538e775443c5be79dd423fcabahrens ERROR("Error initializing the tools - no local domain\n");
fa9e4066f08beec538e775443c5be79dd423fcabahrens /* if the domain was not given as part of FQDN, default to local domain */
fa9e4066f08beec538e775443c5be79dd423fcabahrens /* check the username to be able to give sensible error message */
fa9e4066f08beec538e775443c5be79dd423fcabahrens ret = sysdb_getpwnam_sync(tctx, tctx->ev, tctx->sysdb,
fa9e4066f08beec538e775443c5be79dd423fcabahrens "modifying users is allowed only in local domain\n");
c25056de36a33f2a76f79dcf64593f731d258013gw if (id_in_range(tctx->octx->uid, tctx->octx->domain) != EOK) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens ERROR("The selected UID is outside the allowed range\n");
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee ret = parse_groups(tctx, addgroups, &tctx->octx->addgroups);
4e9583b23260dab68308b306795694143381ab0fTom Erickson DEBUG(1, ("Cannot parse groups to add the user to\n"));
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee ret = parse_group_name_domain(tctx, tctx->octx->addgroups);
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee DEBUG(1, ("Cannot parse FQDN groups to add the user to\n"));
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee /* Check group names in the LOCAL domain */
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee ret = check_group_names(tctx, tctx->octx->addgroups, &badgroup);
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee "only groups in local domain are allowed\n", badgroup);
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee ret = parse_groups(tctx, rmgroups, &tctx->octx->rmgroups);
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee DEBUG(1, ("Cannot parse groups to remove the user from\n"));
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee ret = parse_group_name_domain(tctx, tctx->octx->rmgroups);
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee DEBUG(1, ("Cannot parse FQDN groups to remove the user from\n"));
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee /* Check group names in the LOCAL domain */
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee ret = check_group_names(tctx, tctx->octx->rmgroups, &badgroup);
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee "only groups in local domain are allowed\n", badgroup);
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee /* usermod */
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee ret = usermod(tctx, tctx->ev, tctx->sysdb, tctx->handle, tctx->octx);
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee /* cancel transaction */
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee /* Set SELinux login context - must be done after transaction is done
4e9583b23260dab68308b306795694143381ab0fTom Erickson * b/c libselinux calls getpwnam */
4e9583b23260dab68308b306795694143381ab0fTom Erickson ret = set_seuser(tctx->octx->name, pc_selinux_user);
4e9583b23260dab68308b306795694143381ab0fTom Erickson ERROR("Could not modify user - check if group names are correct\n");
b5fca8f855054d167d04d3b4de5210c83ed2083ctomee ERROR("Could not modify user - user already member of groups?\n");
4e9583b23260dab68308b306795694143381ab0fTom Erickson ERROR("Transaction error. Could not modify user.\n");