rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0069-SYSDB-Only-generate-new-UID-in-local-domain.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   ecf7095b458fd37aa15bb4b2037d5dc9a7979e1c
  2.   SOURCES
  3.   0069-SYSDB-Only-generate-new-UID-in-local-domain.patch
Blob History Raw
ecf709 
From ee344275c041f68e943360c975e3356ba251cef8 Mon Sep 17 00:00:00 2001
ecf709 
From: Jakub Hrozek <jhrozek@redhat.com>
ecf709 
Date: Tue, 28 Mar 2017 14:49:31 +0200
ecf709 
Subject: [PATCH 69/72] SYSDB: Only generate new UID in local domain
ecf709
ecf709 
To avoid issues where a user with no UID but without the posix=false
ecf709 
flag was passed to sysdb, we only allow generating the new ID in the
ecf709 
local domain. This might prevent bugs where non-POSIX users would get a
ecf709 
UID created by sysdb which might allow accessing resources owned by that
ecf709 
UID.
ecf709
ecf709 
Reviewed-by: Sumit Bose <sbose@redhat.com>
ecf709 
---
ecf709 
 src/db/sysdb_ops.c | 6 ++++++
ecf709 
 1 file changed, 6 insertions(+)
ecf709
ecf709 
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
ecf709 
index 3cf9d903f25b9ccd506d7957c94040bdc7d658a3..4d7b2abd8026c90aaf4e7be687102e459cf3690e 100644
ecf709 
--- a/src/db/sysdb_ops.c
ecf709 
+++ b/src/db/sysdb_ops.c
ecf709 
@@ -1422,6 +1422,12 @@ int sysdb_get_new_id(struct sss_domain_info *domain,
ecf709 
         return ENOMEM;
ecf709 
     }
ecf709
ecf709 
+    if (strcasecmp(domain->provider, "local") != 0) {
ecf709 
+        DEBUG(SSSDBG_CRIT_FAILURE,
ecf709 
+              "Generating new ID is only supported in the local domain!\n");
ecf709 
+        return ENOTSUP;
ecf709 
+    }
ecf709 
+
ecf709 
     base_dn = sysdb_domain_dn(tmp_ctx, domain);
ecf709 
     if (!base_dn) {
ecf709 
         talloc_zfree(tmp_ctx);
ecf709 
--
ecf709 
2.9.3
ecf709

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation