https://fedorahosted.org/sssd/ticket/2969
From 97fccb9e2ea2ae723d0ccb42e691ff176516a495 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Fri, 4 Mar 2016 10:40:21 +0100
Subject: [PATCH 1/3] IPA SUDO: fix typo
---
src/providers/ipa/ipa_sudo_conversion.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c
index ff63551c045003bc81c440ee63aeb28f3fe06647..84de01e622d611d4fee9f9b12e3147d54654626b 100644
--- a/src/providers/ipa/ipa_sudo_conversion.c
+++ b/src/providers/ipa/ipa_sudo_conversion.c
@@ -228,7 +228,7 @@ process_rulemember(TALLOC_CTX *mem_ctx,
ret = store_rulemember(mem_ctx, &rulemember->cmds,
conv->cmds, members[i]);
if (ret == EOK) {
- DEBUG(SSSDBG_TRACE_INTERNAL, "Found sudo command group %s\n",
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Found sudo command %s\n",
members[i]);
} else if (ret != EEXIST) {
goto done;
--
2.1.0
From c52d088507726fa09c57d8bed277fe3c6fa5e83e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Fri, 4 Mar 2016 11:01:35 +0100
Subject: [PATCH 2/3] IPA SUDO: support old ipasudocmd rdn
FreeIPA versions older than 3.1 have rdn sudoCmd instead of ipaUniqueID.
Resolves:
https://fedorahosted.org/sssd/ticket/2969
---
src/providers/ipa/ipa_sudo_conversion.c | 36 +++++++++++++++++++++++++++------
1 file changed, 30 insertions(+), 6 deletions(-)
diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c
index 84de01e622d611d4fee9f9b12e3147d54654626b..144802d518b5587b2b48aeacb007d6801921de16 100644
--- a/src/providers/ipa/ipa_sudo_conversion.c
+++ b/src/providers/ipa/ipa_sudo_conversion.c
@@ -38,8 +38,8 @@
#define MATCHDN_CMDGROUPS MATCHDN(SUDO_DN_CMDGROUPS)
#define MATCHDN_CMDS MATCHDN(SUDO_DN_CMDS)
-#define MATCHRDN_CMDGROUPS(map) (map)[IPA_AT_SUDOCMDGROUP_NAME].name, MATCHDN_CMDGROUPS
-#define MATCHRDN_CMDS(map) (map)[IPA_AT_SUDOCMD_UUID].name, MATCHDN_CMDS
+#define MATCHRDN_CMDGROUPS(map) (map)[IPA_AT_SUDOCMDGROUP_NAME].name, MATCHDN_CMDGROUPS
+#define MATCHRDN_CMDS(attr, map) (map)[attr].name, MATCHDN_CMDS
#define MATCHRDN_USER(map) (map)[SDAP_AT_USER_NAME].name, "cn", "users", "cn", "accounts"
#define MATCHRDN_GROUP(map) (map)[SDAP_AT_GROUP_NAME].name, "cn", "groups", "cn", "accounts"
@@ -187,6 +187,32 @@ done:
return ret;
}
+static bool is_ipacmdgroup(struct ipa_sudo_conv *conv, const char *dn)
+{
+ if (ipa_check_rdn_bool(conv->sysdb, dn,
+ MATCHRDN_CMDGROUPS(conv->map_cmdgroup))) {
+ return true;
+ }
+
+ return false;
+}
+
+static bool is_ipacmd(struct ipa_sudo_conv *conv, const char *dn)
+{
+ if (ipa_check_rdn_bool(conv->sysdb, dn,
+ MATCHRDN_CMDS(IPA_AT_SUDOCMD_UUID, conv->map_cmd))) {
+ return true;
+ }
+
+ /* For older versions of FreeIPA than 3.1. */
+ if (ipa_check_rdn_bool(conv->sysdb, dn,
+ MATCHRDN_CMDS(IPA_AT_SUDOCMD_CMD, conv->map_cmd))) {
+ return true;
+ }
+
+ return false;
+}
+
static errno_t
process_rulemember(TALLOC_CTX *mem_ctx,
struct ipa_sudo_conv *conv,
@@ -213,8 +239,7 @@ process_rulemember(TALLOC_CTX *mem_ctx,
}
for (i = 0; members[i] != NULL; i++) {
- if (ipa_check_rdn_bool(conv->sysdb, members[i],
- MATCHRDN_CMDGROUPS(conv->map_cmdgroup))) {
+ if (is_ipacmdgroup(conv, members[i])) {
ret = store_rulemember(mem_ctx, &rulemember->cmdgroups,
conv->cmdgroups, members[i]);
if (ret == EOK) {
@@ -223,8 +248,7 @@ process_rulemember(TALLOC_CTX *mem_ctx,
} else if (ret != EEXIST) {
goto done;
}
- } else if (ipa_check_rdn_bool(conv->sysdb, members[i],
- MATCHRDN_CMDS(conv->map_cmd))) {
+ } else if (is_ipacmd(conv, members[i])) {
ret = store_rulemember(mem_ctx, &rulemember->cmds,
conv->cmds, members[i]);
if (ret == EOK) {
--
2.1.0
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
