https://fedorahosted.org/sssd/ticket/2969
From 97fccb9e2ea2ae723d0ccb42e691ff176516a495 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Fri, 4 Mar 2016 10:40:21 +0100 Subject: [PATCH 1/3] IPA SUDO: fix typo
--- src/providers/ipa/ipa_sudo_conversion.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index ff63551c045003bc81c440ee63aeb28f3fe06647..84de01e622d611d4fee9f9b12e3147d54654626b 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -228,7 +228,7 @@ process_rulemember(TALLOC_CTX *mem_ctx, ret = store_rulemember(mem_ctx, &rulemember->cmds, conv->cmds, members[i]); if (ret == EOK) { - DEBUG(SSSDBG_TRACE_INTERNAL, "Found sudo command group %s\n", + DEBUG(SSSDBG_TRACE_INTERNAL, "Found sudo command %s\n", members[i]); } else if (ret != EEXIST) { goto done; -- 2.1.0
From c52d088507726fa09c57d8bed277fe3c6fa5e83e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Fri, 4 Mar 2016 11:01:35 +0100 Subject: [PATCH 2/3] IPA SUDO: support old ipasudocmd rdn FreeIPA versions older than 3.1 have rdn sudoCmd instead of ipaUniqueID. Resolves: https://fedorahosted.org/sssd/ticket/2969 --- src/providers/ipa/ipa_sudo_conversion.c | 36 +++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index 84de01e622d611d4fee9f9b12e3147d54654626b..144802d518b5587b2b48aeacb007d6801921de16 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -38,8 +38,8 @@ #define MATCHDN_CMDGROUPS MATCHDN(SUDO_DN_CMDGROUPS) #define MATCHDN_CMDS MATCHDN(SUDO_DN_CMDS) -#define MATCHRDN_CMDGROUPS(map) (map)[IPA_AT_SUDOCMDGROUP_NAME].name, MATCHDN_CMDGROUPS -#define MATCHRDN_CMDS(map) (map)[IPA_AT_SUDOCMD_UUID].name, MATCHDN_CMDS +#define MATCHRDN_CMDGROUPS(map) (map)[IPA_AT_SUDOCMDGROUP_NAME].name, MATCHDN_CMDGROUPS +#define MATCHRDN_CMDS(attr, map) (map)[attr].name, MATCHDN_CMDS #define MATCHRDN_USER(map) (map)[SDAP_AT_USER_NAME].name, "cn", "users", "cn", "accounts" #define MATCHRDN_GROUP(map) (map)[SDAP_AT_GROUP_NAME].name, "cn", "groups", "cn", "accounts" @@ -187,6 +187,32 @@ done: return ret; } +static bool is_ipacmdgroup(struct ipa_sudo_conv *conv, const char *dn) +{ + if (ipa_check_rdn_bool(conv->sysdb, dn, + MATCHRDN_CMDGROUPS(conv->map_cmdgroup))) { + return true; + } + + return false; +} + +static bool is_ipacmd(struct ipa_sudo_conv *conv, const char *dn) +{ + if (ipa_check_rdn_bool(conv->sysdb, dn, + MATCHRDN_CMDS(IPA_AT_SUDOCMD_UUID, conv->map_cmd))) { + return true; + } + + /* For older versions of FreeIPA than 3.1. */ + if (ipa_check_rdn_bool(conv->sysdb, dn, + MATCHRDN_CMDS(IPA_AT_SUDOCMD_CMD, conv->map_cmd))) { + return true; + } + + return false; +} + static errno_t process_rulemember(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, @@ -213,8 +239,7 @@ process_rulemember(TALLOC_CTX *mem_ctx, } for (i = 0; members[i] != NULL; i++) { - if (ipa_check_rdn_bool(conv->sysdb, members[i], - MATCHRDN_CMDGROUPS(conv->map_cmdgroup))) { + if (is_ipacmdgroup(conv, members[i])) { ret = store_rulemember(mem_ctx, &rulemember->cmdgroups, conv->cmdgroups, members[i]); if (ret == EOK) { @@ -223,8 +248,7 @@ process_rulemember(TALLOC_CTX *mem_ctx, } else if (ret != EEXIST) { goto done; } - } else if (ipa_check_rdn_bool(conv->sysdb, members[i], - MATCHRDN_CMDS(conv->map_cmd))) { + } else if (is_ipacmd(conv, members[i])) { ret = store_rulemember(mem_ctx, &rulemember->cmds, conv->cmds, members[i]); if (ret == EOK) { -- 2.1.0
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org