rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0208-sudo-sanitize-filter-values.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   e543c9d626dd9ae2c4419f0d768897dc2bae585a
  2.   SOURCES
  3.   0208-sudo-sanitize-filter-values.patch
Blob History Raw
e543c9 
From ea10cbf8ec9669f4041c1df511b5f1b48aecce21 Mon Sep 17 00:00:00 2001
e543c9 
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
e543c9 
Date: Thu, 9 Apr 2015 13:03:08 +0200
e543c9 
Subject: [PATCH 208/208] sudo: sanitize filter values
e543c9
e543c9 
Resolves:
e543c9 
https://fedorahosted.org/sssd/ticket/2613
e543c9
e543c9 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
e543c9 
(cherry picked from commit c526cd124515cc2d44a413dcbfd4a74ddb490150)
e543c9 
(cherry picked from commit 2fb2a267d0d15cce84b0ccea7e088a4b580e42fb)
e543c9 
---
e543c9 
 src/db/sysdb_sudo.c | 15 +++++++++++++--
e543c9 
 1 file changed, 13 insertions(+), 2 deletions(-)
e543c9
e543c9 
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
e543c9 
index 261ed82d672cd95f0c0f429a177dae39d3b9c204..cd072dd2900757c69f7fd7f559559e310ceccda7 100644
e543c9 
--- a/src/db/sysdb_sudo.c
e543c9 
+++ b/src/db/sysdb_sudo.c
e543c9 
@@ -221,6 +221,7 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
e543c9 
     TALLOC_CTX *tmp_ctx = NULL;
e543c9 
     char *filter = NULL;
e543c9 
     char *specific_filter = NULL;
e543c9 
+    char *sanitized = NULL;
e543c9 
     time_t now;
e543c9 
     errno_t ret;
e543c9 
     int i;
e543c9 
@@ -246,9 +247,14 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
e543c9 
     }
e543c9
e543c9 
     if ((flags & SYSDB_SUDO_FILTER_USERNAME) && (username != NULL)) {
e543c9 
+        ret = sss_filter_sanitize(tmp_ctx, username, &sanitized);
e543c9 
+        if (ret != EOK) {
e543c9 
+            goto done;
e543c9 
+        }
e543c9 
+
e543c9 
         specific_filter = talloc_asprintf_append(specific_filter, "(%s=%s)",
e543c9 
                                                  SYSDB_SUDO_CACHE_AT_USER,
e543c9 
-                                                 username);
e543c9 
+                                                 sanitized);
e543c9 
         NULL_CHECK(specific_filter, ret, done);
e543c9 
     }
e543c9
e543c9 
@@ -261,9 +267,14 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
e543c9
e543c9 
     if ((flags & SYSDB_SUDO_FILTER_GROUPS) && (groupnames != NULL)) {
e543c9 
         for (i=0; groupnames[i] != NULL; i++) {
e543c9 
+            ret = sss_filter_sanitize(tmp_ctx, groupnames[i], &sanitized);
e543c9 
+            if (ret != EOK) {
e543c9 
+                goto done;
e543c9 
+            }
e543c9 
+
e543c9 
             specific_filter = talloc_asprintf_append(specific_filter, "(%s=%%%s)",
e543c9 
                                                      SYSDB_SUDO_CACHE_AT_USER,
e543c9 
-                                                     groupnames[i]);
e543c9 
+                                                     sanitized);
e543c9 
             NULL_CHECK(specific_filter, ret, done);
e543c9 
         }
e543c9 
     }
e543c9 
--
e543c9 
2.4.3
e543c9

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation