URL: https://github.com/SSSD/sssd/pull/649 Author: pbrezina Title: #649: sudo: respect case sensitivity in sudo responder Action: opened
PR body: """ If the domain is not case sensitive and the case of the original user or group name differs from the name in the rule we failed to find the rule. Now we filter the rule only with lower cased values in such domain. Steps to reproduce: 1. Add user/group with upper case, e.g. USER-1 2. Add sudo rule with lower cased name, e.g. sudoUser: user-1 3. Login to system with lower case, e.g. user-1 4. Run sudo -l Without the patch, rule is not found. Resolves: https://pagure.io/SSSD/sssd/issue/3820 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/649/head:pr649 git checkout pr649
From 42ea031104f7c9cb869ba1cd2453e073bb51f7b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Thu, 6 Sep 2018 13:38:56 +0200 Subject: [PATCH] sudo: respect case sensitivity in sudo responder If the domain is not case sensitive and the case of the original user or group name differs from the name in the rule we failed to find the rule. Now we filter the rule only with lower cased values in such domain. Steps to reproduce: 1. Add user/group with upper case, e.g. USER-1 2. Add sudo rule with lower cased name, e.g. sudoUser: user-1 3. Login to system with lower case, e.g. user-1 4. Run sudo -l Without the patch, rule is not found. Resolves: https://pagure.io/SSSD/sssd/issue/3820 --- src/db/sysdb_sudo.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 3ad462d8fd..19ed97b866 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -418,7 +418,17 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, ret = EINVAL; goto done; } - DEBUG(SSSDBG_TRACE_FUNC, "original name: %s\n", orig_name); + + DEBUG(SSSDBG_TRACE_FUNC, "Original name: %s\n", orig_name); + + orig_name = sss_get_cased_name(tmp_ctx, orig_name, domain->case_sensitive); + if (orig_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n"); + ret = ENOMEM; + goto done; + } + + DEBUG(SSSDBG_TRACE_FUNC, "Cased name: %s\n", orig_name); if (_uid != NULL) { uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); @@ -450,8 +460,9 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, continue; } - sysdb_groupnames[num_groups] = talloc_strdup(sysdb_groupnames, - groupname); + sysdb_groupnames[num_groups] = \ + sss_get_cased_name(sysdb_groupnames, groupname, + domain->case_sensitive); if (sysdb_groupnames[num_groups] == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot strdup %s\n", groupname); continue;
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org