rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0048-sudo-respect-case-sensitivity-in-sudo-responder.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   0d602d36847336304a90b4e47bd50f0dbf4e68a8
  2.   SOURCES
  3.   0048-sudo-respect-case-sensitivity-in-sudo-responder.patch
Blob History Raw
0d602d 
From 2d9286102f23ea9d13213f1176ba669b9315a75f Mon Sep 17 00:00:00 2001
0d602d 
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
0d602d 
Date: Thu, 6 Sep 2018 13:38:56 +0200
0d602d 
Subject: [PATCH] sudo: respect case sensitivity in sudo responder
0d602d 
MIME-Version: 1.0
0d602d 
Content-Type: text/plain; charset=UTF-8
0d602d 
Content-Transfer-Encoding: 8bit
0d602d
0d602d 
If the domain is not case sensitive and the case of the original user
0d602d 
or group name differs from the name in the rule we failed to find the
0d602d 
rule.
0d602d
0d602d 
Now we filter the rule only with lower cased values in such domain.
0d602d
0d602d 
Steps to reproduce:
0d602d 
1. Add user/group with upper case, e.g. USER-1
0d602d 
2. Add sudo rule with lower cased name, e.g. sudoUser: user-1
0d602d 
3. Login to system with lower case, e.g. user-1
0d602d 
4. Run sudo -l
0d602d
0d602d 
Without the patch, rule is not found.
0d602d
0d602d 
Resolves:
0d602d 
https://pagure.io/SSSD/sssd/issue/3820
0d602d
0d602d 
Reviewed-by: Michal Židek <mzidek@redhat.com>
0d602d 
(cherry picked from commit d7f0b58e2896ed2ef9ed5a390815c1e4df6caaee)
0d602d 
---
0d602d 
 src/db/sysdb_sudo.c | 17 ++++++++++++++---
0d602d 
 1 file changed, 14 insertions(+), 3 deletions(-)
0d602d
0d602d 
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
0d602d 
index 3ad462d8f..19ed97b86 100644
0d602d 
--- a/src/db/sysdb_sudo.c
0d602d 
+++ b/src/db/sysdb_sudo.c
0d602d 
@@ -418,7 +418,17 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
0d602d 
         ret = EINVAL;
0d602d 
         goto done;
0d602d 
     }
0d602d 
-    DEBUG(SSSDBG_TRACE_FUNC, "original name: %s\n", orig_name);
0d602d 
+
0d602d 
+    DEBUG(SSSDBG_TRACE_FUNC, "Original name: %s\n", orig_name);
0d602d 
+
0d602d 
+    orig_name = sss_get_cased_name(tmp_ctx, orig_name, domain->case_sensitive);
0d602d 
+    if (orig_name == NULL) {
0d602d 
+        DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n");
0d602d 
+        ret = ENOMEM;
0d602d 
+        goto done;
0d602d 
+    }
0d602d 
+
0d602d 
+    DEBUG(SSSDBG_TRACE_FUNC, "Cased name: %s\n", orig_name);
0d602d
0d602d 
     if (_uid != NULL) {
0d602d 
         uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0);
0d602d 
@@ -450,8 +460,9 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
0d602d 
                     continue;
0d602d 
                 }
0d602d
0d602d 
-                sysdb_groupnames[num_groups] = talloc_strdup(sysdb_groupnames,
0d602d 
-                                                             groupname);
0d602d 
+                sysdb_groupnames[num_groups] = \
0d602d 
+                    sss_get_cased_name(sysdb_groupnames, groupname,
0d602d 
+                                       domain->case_sensitive);
0d602d 
                 if (sysdb_groupnames[num_groups] == NULL) {
0d602d 
                     DEBUG(SSSDBG_MINOR_FAILURE, "Cannot strdup %s\n", groupname);
0d602d 
                     continue;
0d602d 
--
0d602d 
2.19.1
0d602d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation