|
 |
45d81b |
From 81ae14a34ad568b39b0077cc88112941802df27d Mon Sep 17 00:00:00 2001
|
|
|
45d81b |
From: =?UTF-8?q?Petr=20=C4=8Cech?= <pcech@redhat.com>
|
|
|
45d81b |
Date: Wed, 12 Oct 2016 16:48:38 +0200
|
|
|
45d81b |
Subject: [PATCH 152/153] SYSDB: Adding lowercase sudoUser form
|
|
|
45d81b |
MIME-Version: 1.0
|
|
|
45d81b |
Content-Type: text/plain; charset=UTF-8
|
|
|
45d81b |
Content-Transfer-Encoding: 8bit
|
|
|
45d81b |
|
|
|
45d81b |
If domain is not case sensitive we add lowercase form of usernames
|
|
|
45d81b |
to sudoUser attributes. So we actually able to apply sudoRule on
|
|
|
45d81b |
user Administrator@... with login admnistrator@...
|
|
|
45d81b |
|
|
|
45d81b |
Resolves:
|
|
|
45d81b |
https://fedorahosted.org/sssd/ticket/3203
|
|
|
45d81b |
|
|
|
45d81b |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
45d81b |
(cherry picked from commit f4a1046bb88d7a0ab3617e49ae94bfa849d10645)
|
|
|
45d81b |
---
|
|
|
45d81b |
src/db/sysdb_sudo.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
45d81b |
1 file changed, 64 insertions(+)
|
|
|
45d81b |
|
|
|
45d81b |
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
|
|
|
45d81b |
index 601fb63f236a7ed9eede130fd8cf4c3a1559fc4b..4bd93ffc60caa1ce48b72ee207899da0c4196d61 100644
|
|
|
45d81b |
--- a/src/db/sysdb_sudo.c
|
|
|
45d81b |
+++ b/src/db/sysdb_sudo.c
|
|
|
45d81b |
@@ -852,6 +852,65 @@ sysdb_sudo_add_sss_attrs(struct sysdb_attrs *rule,
|
|
|
45d81b |
return EOK;
|
|
|
45d81b |
}
|
|
|
45d81b |
|
|
|
45d81b |
+static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain,
|
|
|
45d81b |
+ struct sysdb_attrs *rule)
|
|
|
45d81b |
+{
|
|
|
45d81b |
+ TALLOC_CTX *tmp_ctx;
|
|
|
45d81b |
+ const char **users = NULL;
|
|
|
45d81b |
+ const char *lowered = NULL;
|
|
|
45d81b |
+ errno_t ret;
|
|
|
45d81b |
+
|
|
|
45d81b |
+ if (domain->case_sensitive == true || rule == NULL) {
|
|
|
45d81b |
+ return EOK;
|
|
|
45d81b |
+ }
|
|
|
45d81b |
+
|
|
|
45d81b |
+ tmp_ctx = talloc_new(NULL);
|
|
|
45d81b |
+ if (tmp_ctx == NULL) {
|
|
|
45d81b |
+ return ENOMEM;
|
|
|
45d81b |
+ }
|
|
|
45d81b |
+
|
|
|
45d81b |
+ ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_USER, tmp_ctx,
|
|
|
45d81b |
+ &users);
|
|
|
45d81b |
+ if (ret != EOK) {
|
|
|
45d81b |
+ DEBUG(SSSDBG_OP_FAILURE, "Unable to get %s attribute [%d]: %s\n",
|
|
|
45d81b |
+ SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret));
|
|
|
45d81b |
+ goto done;
|
|
|
45d81b |
+ }
|
|
|
45d81b |
+
|
|
|
45d81b |
+ if (users == NULL) {
|
|
|
45d81b |
+ ret = EOK;
|
|
|
45d81b |
+ goto done;
|
|
|
45d81b |
+ }
|
|
|
45d81b |
+
|
|
|
45d81b |
+ for (int i = 0; users[i] != NULL; i++) {
|
|
|
45d81b |
+ lowered = sss_tc_utf8_str_tolower(tmp_ctx, users[i]);
|
|
|
45d81b |
+ if (lowered == NULL) {
|
|
|
45d81b |
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
|
|
|
45d81b |
+ ret = ENOMEM;
|
|
|
45d81b |
+ goto done;
|
|
|
45d81b |
+ }
|
|
|
45d81b |
+
|
|
|
45d81b |
+ if (strcmp(users[i], lowered) == 0) {
|
|
|
45d81b |
+ /* It protects us from adding duplicate. */
|
|
|
45d81b |
+ continue;
|
|
|
45d81b |
+ }
|
|
|
45d81b |
+
|
|
|
45d81b |
+ ret = sysdb_attrs_add_string(rule, SYSDB_SUDO_CACHE_AT_USER, lowered);
|
|
|
45d81b |
+ if (ret != EOK) {
|
|
|
45d81b |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
45d81b |
+ "Unable to add %s attribute [%d]: %s\n",
|
|
|
45d81b |
+ SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret));
|
|
|
45d81b |
+ goto done;
|
|
|
45d81b |
+ }
|
|
|
45d81b |
+ }
|
|
|
45d81b |
+
|
|
|
45d81b |
+ ret = EOK;
|
|
|
45d81b |
+
|
|
|
45d81b |
+done:
|
|
|
45d81b |
+ talloc_zfree(tmp_ctx);
|
|
|
45d81b |
+ return ret;
|
|
|
45d81b |
+}
|
|
|
45d81b |
+
|
|
|
45d81b |
static errno_t
|
|
|
45d81b |
sysdb_sudo_store_rule(struct sss_domain_info *domain,
|
|
|
45d81b |
struct sysdb_attrs *rule,
|
|
|
45d81b |
@@ -868,6 +927,11 @@ sysdb_sudo_store_rule(struct sss_domain_info *domain,
|
|
|
45d81b |
|
|
|
45d81b |
DEBUG(SSSDBG_TRACE_FUNC, "Adding sudo rule %s\n", name);
|
|
|
45d81b |
|
|
|
45d81b |
+ ret = sysdb_sudo_add_lowered_users(domain, rule);
|
|
|
45d81b |
+ if (ret != EOK) {
|
|
|
45d81b |
+ return ret;
|
|
|
45d81b |
+ }
|
|
|
45d81b |
+
|
|
|
45d81b |
ret = sysdb_sudo_add_sss_attrs(rule, name, cache_timeout, now);
|
|
|
45d81b |
if (ret != EOK) {
|
|
|
45d81b |
return ret;
|
|
|
45d81b |
--
|
|
|
45d81b |
2.7.4
|
|
|
45d81b |
|