Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.2:Staging:N
sssd
0010-SUDO-Allow-defaults-sudoRole-without-sudoU...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0010-SUDO-Allow-defaults-sudoRole-without-sudoUser-attrib.patch of Package sssd
From 2cbee33b203b03eb5baa9f61a0d847cfb6175f50 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <scabrero@suse.de> Date: Fri, 17 May 2019 12:34:41 +0200 Subject: [PATCH 1/2] SUDO: Allow defaults sudoRole without sudoUser attribute MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 10170fe683add7a71b3f03d11e485ea102c677bd) (cherry picked from commit 2173201b5c998715e67e85beb96167e5ab6c2822) --- src/db/sysdb_sudo.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index ff8c95105..174b99b46 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -882,7 +882,8 @@ sysdb_sudo_add_sss_attrs(struct sysdb_attrs *rule, } static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain, - struct sysdb_attrs *rule) + struct sysdb_attrs *rule, + const char *name) { TALLOC_CTX *tmp_ctx; const char **users = NULL; @@ -900,10 +901,13 @@ static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain, ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_USER, tmp_ctx, &users); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Unable to get %s attribute [%d]: %s\n", - SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret)); - ret = ERR_MALFORMED_ENTRY; - goto done; + /* Allow "defaults" sudoRole without sudoUser attribute */ + if (name != NULL && !sss_string_equal(false, "defaults", name)) { + DEBUG(SSSDBG_OP_FAILURE, "Unable to get %s attribute [%d]: %s\n", + SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret)); + ret = ERR_MALFORMED_ENTRY; + goto done; + } } if (users == NULL) { @@ -946,7 +950,7 @@ sysdb_sudo_store_rule(struct sss_domain_info *domain, DEBUG(SSSDBG_TRACE_FUNC, "Adding sudo rule %s\n", name); - ret = sysdb_sudo_add_lowered_users(domain, rule); + ret = sysdb_sudo_add_lowered_users(domain, rule, name); if (ret != EOK) { return ret; } -- 2.21.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor