dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0005-ipa-store-sudo-runas-attribute-with-internal-fqname.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   ef02227990945931bbf0ff8bb25df7a47fb2b6ce
  2.   SOURCES
  3.   0005-ipa-store-sudo-runas-attribute-with-internal-fqname.patch
Blob History Raw
841ac7 
From 5ad7f5e817b2bd8ca0f49b1001f4fb987de32c08 Mon Sep 17 00:00:00 2001
841ac7 
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
841ac7 
Date: Wed, 27 Feb 2019 14:04:54 +0100
841ac7 
Subject: [PATCH 5/6] ipa: store sudo runas attribute with internal fqname
841ac7
841ac7 
We need to be able to differentiate between external users and IPA user.
841ac7
841ac7 
Resolves:
841ac7 
https://pagure.io/SSSD/sssd/issue/3957
841ac7
841ac7 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
841ac7 
(cherry picked from commit d411febc98da36eb961b9251c1674af802151786)
841ac7 
---
841ac7 
 src/providers/ipa/ipa_sudo_conversion.c | 25 +++++++++++++++++++++++--
841ac7 
 1 file changed, 23 insertions(+), 2 deletions(-)
841ac7
841ac7 
diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c
841ac7 
index bfa66b2c6..9586e6a2a 100644
841ac7 
--- a/src/providers/ipa/ipa_sudo_conversion.c
841ac7 
+++ b/src/providers/ipa/ipa_sudo_conversion.c
841ac7 
@@ -908,6 +908,27 @@ convert_group(TALLOC_CTX *mem_ctx,
841ac7 
     return rdn;
841ac7 
 }
841ac7
841ac7 
+static const char *
841ac7 
+convert_group_fqdn(TALLOC_CTX *mem_ctx,
841ac7 
+                   struct ipa_sudo_conv *conv,
841ac7 
+                   const char *value,
841ac7 
+                   bool *skip_entry)
841ac7 
+{
841ac7 
+    const char *shortname = NULL;
841ac7 
+    char *fqdn = NULL;
841ac7 
+
841ac7 
+    *skip_entry = false;
841ac7 
+
841ac7 
+    shortname = convert_group(mem_ctx, conv, value, skip_entry);
841ac7 
+    if (shortname == NULL) {
841ac7 
+        return NULL;
841ac7 
+    }
841ac7 
+
841ac7 
+    fqdn = sss_create_internal_fqname(mem_ctx, shortname, conv->dom->name);
841ac7 
+    talloc_free(discard_const(shortname));
841ac7 
+    return fqdn;
841ac7 
+}
841ac7 
+
841ac7 
 static const char *
841ac7 
 convert_runasextusergroup(TALLOC_CTX *mem_ctx,
841ac7 
                           struct ipa_sudo_conv *conv,
841ac7 
@@ -954,8 +975,8 @@ convert_attributes(struct ipa_sudo_conv *conv,
841ac7 
     } table[] = {{SYSDB_NAME,                            SYSDB_SUDO_CACHE_AT_CN         , NULL},
841ac7 
                  {SYSDB_IPA_SUDORULE_HOST,               SYSDB_SUDO_CACHE_AT_HOST       , convert_host},
841ac7 
                  {SYSDB_IPA_SUDORULE_USER,               SYSDB_SUDO_CACHE_AT_USER       , convert_user_fqdn},
841ac7 
-                 {SYSDB_IPA_SUDORULE_RUNASUSER,          SYSDB_SUDO_CACHE_AT_RUNASUSER  , convert_user},
841ac7 
-                 {SYSDB_IPA_SUDORULE_RUNASGROUP,         SYSDB_SUDO_CACHE_AT_RUNASGROUP , convert_group},
841ac7 
+                 {SYSDB_IPA_SUDORULE_RUNASUSER,          SYSDB_SUDO_CACHE_AT_RUNASUSER  , convert_user_fqdn},
841ac7 
+                 {SYSDB_IPA_SUDORULE_RUNASGROUP,         SYSDB_SUDO_CACHE_AT_RUNASGROUP , convert_group_fqdn},
841ac7 
                  {SYSDB_IPA_SUDORULE_OPTION,             SYSDB_SUDO_CACHE_AT_OPTION     , NULL},
841ac7 
                  {SYSDB_IPA_SUDORULE_NOTAFTER,           SYSDB_SUDO_CACHE_AT_NOTAFTER   , NULL},
841ac7 
                  {SYSDB_IPA_SUDORULE_NOTBEFORE,          SYSDB_SUDO_CACHE_AT_NOTBEFORE  , NULL},
841ac7 
--
841ac7 
2.19.1
841ac7

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation