SSSD / sssd

Clone

3a18e33 sudo: format runas attributes to correct output name

1 file Authored by pbrezina 5 years ago, Committed by jhrozek 5 years ago,
raw patch tree parent
1 file changed. 99 lines added. 2 lines removed.
src/responder/sudo/sudosrv_get_sudorules.c
file modified
+99 -2 
    sudo: format runas attributes to correct output name
    
    sudo internally calls getpwnam and getgrnam on user and groups
    that should be used for the invoked command. Output of these calls
    is compared to values in runAsUser/Group attributes.
    
    When different output format is used then what is present in LDAP,
    this comparison will fail, denying user to use sudo. Now, we convert
    these attributes into correct output name, respecting domain resolution
    order, fully qualified domains and fqname format.
    
    E.g. sudo call:
    sudo -u tuser@ipa.vm -g tgroup@ipa.vm id
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3957
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
    (cherry picked from commit 0aa657165f189035c160beda4840e3271fc56c88)
file modified
+99 -2
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.