]>
Commit | Line | Data |
---|---|---|
92ae11e3 SS |
1 | From b87ca4233342e1537fda5ce731db77cf24e422c3 Mon Sep 17 00:00:00 2001 |
2 | From: =?UTF-8?q?Petr=20=C4=8Cech?= <pcech@redhat.com> | |
3 | Date: Wed, 12 Oct 2016 16:48:38 +0200 | |
4 | Subject: [PATCH 22/39] SYSDB: Adding lowercase sudoUser form | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | If domain is not case sensitive we add lowercase form of usernames | |
10 | to sudoUser attributes. So we actually able to apply sudoRule on | |
11 | user Administrator@... with login admnistrator@... | |
12 | ||
13 | Resolves: | |
14 | https://fedorahosted.org/sssd/ticket/3203 | |
15 | ||
16 | Reviewed-by: Pavel Březina <pbrezina@redhat.com> | |
17 | (cherry picked from commit f4a1046bb88d7a0ab3617e49ae94bfa849d10645) | |
18 | (cherry picked from commit 88239b7f17f599aefa88a8a31c2d0ea44b766c87) | |
19 | --- | |
20 | src/db/sysdb_sudo.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++ | |
21 | 1 file changed, 64 insertions(+) | |
22 | ||
23 | diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c | |
24 | index 601fb63f2..4bd93ffc6 100644 | |
25 | --- a/src/db/sysdb_sudo.c | |
26 | +++ b/src/db/sysdb_sudo.c | |
27 | @@ -852,6 +852,65 @@ sysdb_sudo_add_sss_attrs(struct sysdb_attrs *rule, | |
28 | return EOK; | |
29 | } | |
30 | ||
31 | +static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain, | |
32 | + struct sysdb_attrs *rule) | |
33 | +{ | |
34 | + TALLOC_CTX *tmp_ctx; | |
35 | + const char **users = NULL; | |
36 | + const char *lowered = NULL; | |
37 | + errno_t ret; | |
38 | + | |
39 | + if (domain->case_sensitive == true || rule == NULL) { | |
40 | + return EOK; | |
41 | + } | |
42 | + | |
43 | + tmp_ctx = talloc_new(NULL); | |
44 | + if (tmp_ctx == NULL) { | |
45 | + return ENOMEM; | |
46 | + } | |
47 | + | |
48 | + ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_USER, tmp_ctx, | |
49 | + &users); | |
50 | + if (ret != EOK) { | |
51 | + DEBUG(SSSDBG_OP_FAILURE, "Unable to get %s attribute [%d]: %s\n", | |
52 | + SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret)); | |
53 | + goto done; | |
54 | + } | |
55 | + | |
56 | + if (users == NULL) { | |
57 | + ret = EOK; | |
58 | + goto done; | |
59 | + } | |
60 | + | |
61 | + for (int i = 0; users[i] != NULL; i++) { | |
62 | + lowered = sss_tc_utf8_str_tolower(tmp_ctx, users[i]); | |
63 | + if (lowered == NULL) { | |
64 | + DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n"); | |
65 | + ret = ENOMEM; | |
66 | + goto done; | |
67 | + } | |
68 | + | |
69 | + if (strcmp(users[i], lowered) == 0) { | |
70 | + /* It protects us from adding duplicate. */ | |
71 | + continue; | |
72 | + } | |
73 | + | |
74 | + ret = sysdb_attrs_add_string(rule, SYSDB_SUDO_CACHE_AT_USER, lowered); | |
75 | + if (ret != EOK) { | |
76 | + DEBUG(SSSDBG_OP_FAILURE, | |
77 | + "Unable to add %s attribute [%d]: %s\n", | |
78 | + SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret)); | |
79 | + goto done; | |
80 | + } | |
81 | + } | |
82 | + | |
83 | + ret = EOK; | |
84 | + | |
85 | +done: | |
86 | + talloc_zfree(tmp_ctx); | |
87 | + return ret; | |
88 | +} | |
89 | + | |
90 | static errno_t | |
91 | sysdb_sudo_store_rule(struct sss_domain_info *domain, | |
92 | struct sysdb_attrs *rule, | |
93 | @@ -868,6 +927,11 @@ sysdb_sudo_store_rule(struct sss_domain_info *domain, | |
94 | ||
95 | DEBUG(SSSDBG_TRACE_FUNC, "Adding sudo rule %s\n", name); | |
96 | ||
97 | + ret = sysdb_sudo_add_lowered_users(domain, rule); | |
98 | + if (ret != EOK) { | |
99 | + return ret; | |
100 | + } | |
101 | + | |
102 | ret = sysdb_sudo_add_sss_attrs(rule, name, cache_timeout, now); | |
103 | if (ret != EOK) { | |
104 | return ret; | |
105 | -- | |
106 | 2.11.0 | |
107 |