SSSD / sssd

Clone

e75601b SUDO: Don't save duplicates when saving qualified names

Authored and Committed by jhrozek 5 years ago
raw patch tree parent
2 files changed. 73 lines added. 7 lines removed.
src/providers/ldap/sdap_async_sudo.c
file modified
+37 -7
src/tests/intg/test_sudo.py
file modified
+36 -0 
    SUDO: Don't save duplicates when saving qualified names
    
    The sudoUser attribute which is part of the sudo rule can contain any
    name that sudo can parse on the LDAP side. Internally, however, the
    attribute is always qualified with the name of the SSSD domain.
    
    This patch makes sure that if two or more sudoUser attributes contain
    the same name in both qualified and an unqualified form, the rule is
    actually saved. Previously, the rule would have failed to be saved and
    the sysdb sudo code would have errored out with EEXIST.
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3596
    
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
file modified
+37 -7
file modified
+36 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.