dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0150-simple-access-provider-non-existing-object.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   e543c9d626dd9ae2c4419f0d768897dc2bae585a
  2.   SOURCES
  3.   0150-simple-access-provider-non-existing-object.patch
Blob History Raw
905b4d 
From 79f128801d598ca57a6acebade01136525a47e00 Mon Sep 17 00:00:00 2001
905b4d 
From: Pavel Reichl <preichl@redhat.com>
905b4d 
Date: Wed, 4 Jun 2014 17:41:31 +0100
905b4d 
Subject: [PATCH] simple access provider: non-existing object
905b4d 
MIME-Version: 1.0
905b4d 
Content-Type: text/plain; charset=UTF-8
905b4d 
Content-Transfer-Encoding: 8bit
905b4d
905b4d 
Resolves:
905b4d 
https://fedorahosted.org/sssd/ticket/2519
905b4d
905b4d 
Not existing user/group in simple_allow_users/simple_allow_groups should not
905b4d 
imply access denied.
905b4d
905b4d 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
905b4d 
---
905b4d 
 src/providers/simple/simple_access_check.c | 35 +++++++++++++++++++++---------
905b4d 
 1 file changed, 25 insertions(+), 10 deletions(-)
905b4d
905b4d 
diff --git a/src/providers/simple/simple_access_check.c b/src/providers/simple/simple_access_check.c
905b4d 
index 13c66d58f71225a6c458c19e7fb9d26fd15c08ea..d6662871948afffa2cd822614a671149d2f3bf1a 100644
905b4d 
--- a/src/providers/simple/simple_access_check.c
905b4d 
+++ b/src/providers/simple/simple_access_check.c
905b4d 
@@ -24,6 +24,11 @@
905b4d 
 #include "util/sss_utf8.h"
905b4d 
 #include "db/sysdb.h"
905b4d
905b4d 
+#define NON_EXIST_USR_ALLOW "The user %s does not exist. Possible typo in simple_allow_users.\n"
905b4d 
+#define NON_EXIST_USR_DENY  "The user %s does not exist. Possible typo in simple_deny_users.\n"
905b4d 
+#define NON_EXIST_GRP_ALLOW "The group %s does not exist. Possible typo in simple_allow_groups.\n"
905b4d 
+#define NON_EXIST_GRP_DENY  "The group %s does not exist. Possible typo in simple_deny_groups.\n"
905b4d 
+
905b4d 
 static bool
905b4d 
 is_posix(const struct ldb_message *group)
905b4d 
 {
905b4d 
@@ -53,9 +58,11 @@ simple_check_users(struct simple_ctx *ctx, const char *username,
905b4d 
             domain = find_domain_by_object_name(ctx->domain,
905b4d 
                                                 ctx->allow_users[i]);
905b4d 
             if (domain == NULL) {
905b4d 
-                DEBUG(SSSDBG_CRIT_FAILURE, "Invalid user %s!\n",
905b4d 
-                                            ctx->allow_users[i]);
905b4d 
-                return EINVAL;
905b4d 
+                DEBUG(SSSDBG_CRIT_FAILURE, NON_EXIST_USR_ALLOW,
905b4d 
+                      ctx->allow_users[i]);
905b4d 
+                sss_log(SSS_LOG_CRIT, NON_EXIST_USR_ALLOW,
905b4d 
+                        ctx->allow_users[i]);
905b4d 
+                continue;
905b4d 
             }
905b4d
905b4d 
             if (sss_string_equal(domain->case_sensitive, username,
905b4d 
@@ -86,8 +93,10 @@ simple_check_users(struct simple_ctx *ctx, const char *username,
905b4d 
             domain = find_domain_by_object_name(ctx->domain,
905b4d 
                                                 ctx->deny_users[i]);
905b4d 
             if (domain == NULL) {
905b4d 
-                DEBUG(SSSDBG_CRIT_FAILURE, "Invalid user %s!\n",
905b4d 
-                                            ctx->deny_users[i]);
905b4d 
+                DEBUG(SSSDBG_CRIT_FAILURE, NON_EXIST_USR_DENY,
905b4d 
+                      ctx->deny_users[i]);
905b4d 
+                sss_log(SSS_LOG_CRIT, NON_EXIST_USR_DENY,
905b4d 
+                        ctx->deny_users[i]);
905b4d 
                 return EINVAL;
905b4d 
             }
905b4d
905b4d 
@@ -125,9 +134,12 @@ simple_check_groups(struct simple_ctx *ctx, const char **group_names,
905b4d 
             domain = find_domain_by_object_name(ctx->domain,
905b4d 
                                                 ctx->allow_groups[i]);
905b4d 
             if (domain == NULL) {
905b4d 
-                DEBUG(SSSDBG_CRIT_FAILURE, "Invalid group %s!\n",
905b4d 
-                                            ctx->allow_groups[i]);
905b4d 
-                return EINVAL;
905b4d 
+                DEBUG(SSSDBG_CRIT_FAILURE, NON_EXIST_GRP_ALLOW,
905b4d 
+                      ctx->allow_groups[i]);
905b4d 
+                sss_log(SSS_LOG_CRIT, NON_EXIST_GRP_ALLOW,
905b4d 
+                        ctx->allow_groups[i]);
905b4d 
+
905b4d 
+                continue;
905b4d 
             }
905b4d
905b4d 
             for(j = 0; group_names[j]; j++) {
905b4d 
@@ -158,8 +170,11 @@ simple_check_groups(struct simple_ctx *ctx, const char **group_names,
905b4d 
             domain = find_domain_by_object_name(ctx->domain,
905b4d 
                                                 ctx->deny_groups[i]);
905b4d 
             if (domain == NULL) {
905b4d 
-                DEBUG(SSSDBG_CRIT_FAILURE, "Invalid group %s!\n",
905b4d 
-                                            ctx->deny_groups[i]);
905b4d 
+                DEBUG(SSSDBG_CRIT_FAILURE, NON_EXIST_GRP_DENY,
905b4d 
+                      ctx->deny_groups[i]);
905b4d 
+                sss_log(SSS_LOG_CRIT, NON_EXIST_GRP_DENY,
905b4d 
+                        ctx->deny_groups[i]);
905b4d 
+
905b4d 
                 return EINVAL;
905b4d 
             }
905b4d
905b4d 
--
905b4d 
1.9.3
905b4d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation