From d3f7600e85259adc3eec0b1f74fd3ce26163e13c Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Nov 14 2012 16:15:42 +0000 Subject: sudo: do not send domain name with username This caused troubles with subdomain users and it is not really necessary. This patch does not change the protocol itself, that should be done on the earliest possible occasion. Part of https://fedorahosted.org/sssd/ticket/1616 --- diff --git a/src/responder/sudo/sudosrv_cmd.c b/src/responder/sudo/sudosrv_cmd.c index d0c5781..0aed691 100644 --- a/src/responder/sudo/sudosrv_cmd.c +++ b/src/responder/sudo/sudosrv_cmd.c @@ -84,7 +84,7 @@ static errno_t sudosrv_cmd_send_error(TALLOC_CTX *mem_ctx, return EFAULT; } - ret = sudosrv_build_response(mem_ctx, error, NULL, 0, NULL, + ret = sudosrv_build_response(mem_ctx, error, 0, NULL, &response_body, &response_len); if (ret != EOK) { return ret; @@ -117,7 +117,7 @@ errno_t sudosrv_cmd_done(struct sudo_cmd_ctx *cmd_ctx, int ret) /* send result */ ret = sudosrv_build_response(cmd_ctx, SSS_SUDO_ERROR_OK, - cmd_ctx->domain->name, num_rules, rules, + num_rules, rules, &response_body, &response_len); if (ret != EOK) { return EFAULT; diff --git a/src/responder/sudo/sudosrv_private.h b/src/responder/sudo/sudosrv_private.h index b805940..c9eae57 100644 --- a/src/responder/sudo/sudosrv_private.h +++ b/src/responder/sudo/sudosrv_private.h @@ -103,7 +103,6 @@ errno_t sudosrv_parse_query_recv(TALLOC_CTX *mem_ctx, errno_t sudosrv_build_response(TALLOC_CTX *mem_ctx, uint32_t error, - const char *domain, int rules_num, struct sysdb_attrs **rules, uint8_t **_response_body, diff --git a/src/responder/sudo/sudosrv_query.c b/src/responder/sudo/sudosrv_query.c index d76ecbb..998b602 100644 --- a/src/responder/sudo/sudosrv_query.c +++ b/src/responder/sudo/sudosrv_query.c @@ -188,7 +188,6 @@ done: */ errno_t sudosrv_build_response(TALLOC_CTX *mem_ctx, uint32_t error, - const char *domain, int rules_num, struct sysdb_attrs **rules, uint8_t **_response_body, @@ -217,8 +216,9 @@ errno_t sudosrv_build_response(TALLOC_CTX *mem_ctx, goto done; } - /* domain name */ - ret = sudosrv_response_append_string(tmp_ctx, domain, strlen(domain) + 1, + /* domain name - deprecated + * TODO: when possible change the protocol */ + ret = sudosrv_response_append_string(tmp_ctx, "\0", 1, &response_body, &response_len); if (ret != EOK) { goto fail; diff --git a/src/sss_client/sudo/sss_sudo.c b/src/sss_client/sudo/sss_sudo.c index e2bb3e0..92f5754 100644 --- a/src/sss_client/sudo/sss_sudo.c +++ b/src/sss_client/sudo/sss_sudo.c @@ -100,23 +100,10 @@ int sss_sudo_send_recv(uid_t uid, return EINVAL; } - if (domainname != NULL) { - ret = asprintf(&fullname, "%s@%s", username, domainname); - if (ret == -1) { - return ENOMEM; - } - } else { - fullname = strdup(username); - if (fullname == NULL) { - return ENOMEM; - } - } - /* send query and receive response */ - ret = sss_sudo_send_recv_generic(SSS_SUDO_GET_SUDORULES, uid, fullname, + ret = sss_sudo_send_recv_generic(SSS_SUDO_GET_SUDORULES, uid, username, _error, NULL, _result); - free(fullname); return ret; } diff --git a/src/sss_client/sudo/sss_sudo_response.c b/src/sss_client/sudo/sss_sudo_response.c index 471d42e..7d4bcc5 100644 --- a/src/sss_client/sudo/sss_sudo_response.c +++ b/src/sss_client/sudo/sss_sudo_response.c @@ -67,14 +67,17 @@ int sss_sudo_parse_response(const char *message, return ret; } - /* domain name */ + /* domain name - deprecated + * it won't be used, but we will read it anyway to ease parsing + * TODO: when possible change the protocol */ ret = sss_sudo_parse_string(message, message_len, &cursor, &domainname); if (ret != EOK) { return ret; } + free(domainname); if (_domainname != NULL) { - *_domainname = domainname; + *_domainname = NULL; } /* result */