|
 |
4de095 |
From 68cf1c69d2a19caca93d838745389f005ad66f5c Mon Sep 17 00:00:00 2001
|
|
|
4de095 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
4de095 |
Date: Sun, 5 Feb 2017 20:25:23 +0100
|
|
|
4de095 |
Subject: [PATCH 162/162] SUDO: Only store lowercased attribute value once
|
|
|
4de095 |
MIME-Version: 1.0
|
|
|
4de095 |
Content-Type: text/plain; charset=UTF-8
|
|
|
4de095 |
Content-Transfer-Encoding: 8bit
|
|
|
4de095 |
|
|
|
4de095 |
The current code doesn't handle the situation where lowercasing the
|
|
|
4de095 |
sudoUser attribute would yield the same value again.
|
|
|
4de095 |
|
|
|
4de095 |
For example:
|
|
|
4de095 |
sudoUser: TUSER
|
|
|
4de095 |
sudoUser tuser
|
|
|
4de095 |
would break.
|
|
|
4de095 |
|
|
|
4de095 |
This patch switches to using the utility function
|
|
|
4de095 |
sysdb_attrs_add_lower_case_string() which already checks for duplicates.
|
|
|
4de095 |
|
|
|
4de095 |
Resolves:
|
|
|
4de095 |
https://fedorahosted.org/sssd/ticket/3301
|
|
|
4de095 |
|
|
|
4de095 |
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
4de095 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
4de095 |
(cherry picked from commit a5ecc93abb01cece628fdef04ebad43bba267419)
|
|
|
4de095 |
(cherry picked from commit d5ddca8b44d00b92d4a70ea90d48247635a4e1ca)
|
|
|
4de095 |
---
|
|
|
4de095 |
src/db/sysdb_sudo.c | 17 +++--------------
|
|
|
4de095 |
src/tests/cmocka/test_sysdb_sudo.c | 5 +++++
|
|
|
4de095 |
2 files changed, 8 insertions(+), 14 deletions(-)
|
|
|
4de095 |
|
|
|
4de095 |
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
|
|
|
4de095 |
index f5160f19012028f92723b9012fad85d803aa5137..97a1bee99c0255579f42cc7263d3d755429cd417 100644
|
|
|
4de095 |
--- a/src/db/sysdb_sudo.c
|
|
|
4de095 |
+++ b/src/db/sysdb_sudo.c
|
|
|
4de095 |
@@ -857,7 +857,6 @@ static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain,
|
|
|
4de095 |
{
|
|
|
4de095 |
TALLOC_CTX *tmp_ctx;
|
|
|
4de095 |
const char **users = NULL;
|
|
|
4de095 |
- const char *lowered = NULL;
|
|
|
4de095 |
errno_t ret;
|
|
|
4de095 |
|
|
|
4de095 |
if (domain->case_sensitive == true || rule == NULL) {
|
|
|
4de095 |
@@ -884,19 +883,9 @@ static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain,
|
|
|
4de095 |
}
|
|
|
4de095 |
|
|
|
4de095 |
for (int i = 0; users[i] != NULL; i++) {
|
|
|
4de095 |
- lowered = sss_tc_utf8_str_tolower(tmp_ctx, users[i]);
|
|
|
4de095 |
- if (lowered == NULL) {
|
|
|
4de095 |
- DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
|
|
|
4de095 |
- ret = ENOMEM;
|
|
|
4de095 |
- goto done;
|
|
|
4de095 |
- }
|
|
|
4de095 |
-
|
|
|
4de095 |
- if (strcmp(users[i], lowered) == 0) {
|
|
|
4de095 |
- /* It protects us from adding duplicate. */
|
|
|
4de095 |
- continue;
|
|
|
4de095 |
- }
|
|
|
4de095 |
-
|
|
|
4de095 |
- ret = sysdb_attrs_add_string(rule, SYSDB_SUDO_CACHE_AT_USER, lowered);
|
|
|
4de095 |
+ ret = sysdb_attrs_add_lower_case_string(rule, true,
|
|
|
4de095 |
+ SYSDB_SUDO_CACHE_AT_USER,
|
|
|
4de095 |
+ users[i]);
|
|
|
4de095 |
if (ret != EOK) {
|
|
|
4de095 |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
4de095 |
"Unable to add %s attribute [%d]: %s\n",
|
|
|
4de095 |
diff --git a/src/tests/cmocka/test_sysdb_sudo.c b/src/tests/cmocka/test_sysdb_sudo.c
|
|
|
4de095 |
index f21ff3655efbdc5b66a1fdbc24a51ec8174c3c8c..34afe120d97e99e3213a85bf7489a5e0f6309e4b 100644
|
|
|
4de095 |
--- a/src/tests/cmocka/test_sysdb_sudo.c
|
|
|
4de095 |
+++ b/src/tests/cmocka/test_sysdb_sudo.c
|
|
|
4de095 |
@@ -335,6 +335,11 @@ void test_store_sudo_case_insensitive(void **state)
|
|
|
4de095 |
|
|
|
4de095 |
test_ctx->tctx->dom->case_sensitive = false;
|
|
|
4de095 |
|
|
|
4de095 |
+ ret = sysdb_attrs_add_lower_case_string(rule, false,
|
|
|
4de095 |
+ SYSDB_SUDO_CACHE_AT_USER,
|
|
|
4de095 |
+ users[0].name);
|
|
|
4de095 |
+ assert_int_equal(ret, EOK);
|
|
|
4de095 |
+
|
|
|
4de095 |
ret = sysdb_sudo_store(test_ctx->tctx->dom, &rule, 1);
|
|
|
4de095 |
assert_int_equal(ret, EOK);
|
|
|
4de095 |
|
|
|
4de095 |
--
|
|
|
4de095 |
2.9.3
|
|
|
4de095 |
|