Overview

File 0010-SUDO-Allow-defaults-sudoRole-without-sudoUser-attrib.patch of Package sssd.23770

From 2cbee33b203b03eb5baa9f61a0d847cfb6175f50 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Fri, 17 May 2019 12:34:41 +0200
Subject: [PATCH 1/2] SUDO: Allow defaults sudoRole without sudoUser attribute
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Samuel Cabrero <scabrero@suse.de>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 10170fe683add7a71b3f03d11e485ea102c677bd)
(cherry picked from commit 2173201b5c998715e67e85beb96167e5ab6c2822)
---
 src/db/sysdb_sudo.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index ff8c95105..174b99b46 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -882,7 +882,8 @@ sysdb_sudo_add_sss_attrs(struct sysdb_attrs *rule,
 }
 
 static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain,
-                                            struct sysdb_attrs *rule)
+                                            struct sysdb_attrs *rule,
+                                            const char *name)
 {
     TALLOC_CTX *tmp_ctx;
     const char **users = NULL;
@@ -900,10 +901,13 @@ static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain,
     ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_USER, tmp_ctx,
                                        &users);
     if (ret != EOK) {
-        DEBUG(SSSDBG_OP_FAILURE, "Unable to get %s attribute [%d]: %s\n",
-              SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret));
-        ret = ERR_MALFORMED_ENTRY;
-        goto done;
+        /* Allow "defaults" sudoRole without sudoUser attribute */
+        if (name != NULL && !sss_string_equal(false, "defaults", name)) {
+            DEBUG(SSSDBG_OP_FAILURE, "Unable to get %s attribute [%d]: %s\n",
+                  SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret));
+            ret = ERR_MALFORMED_ENTRY;
+            goto done;
+        }
     }
 
     if (users == NULL) {
@@ -946,7 +950,7 @@ sysdb_sudo_store_rule(struct sss_domain_info *domain,
 
     DEBUG(SSSDBG_TRACE_FUNC, "Adding sudo rule %s\n", name);
 
-    ret = sysdb_sudo_add_lowered_users(domain, rule);
+    ret = sysdb_sudo_add_lowered_users(domain, rule, name);
     if (ret != EOK) {
         return ret;
     }
-- 
2.21.0
openSUSE Build Service is sponsored by
Places