#1239 [RFE] sudo: send username and uid while requesting default options
Closed: Fixed None Opened 7 years ago by pbrezina.

Sudo client sends two synchronous requests to sssd:
1. for default options providing none information (sss_sudo_send_recv_defaults())
2. for user rules providing username (sss_sudo_send_recv())

This can end up in mixing sudoers from two domains:
1. we have domains A, B (both sudo enabled) and user X@B
2. X@B does sudo
3. sudo requests default options - we will return cn=defaults from A
4. sudo requests rule for X - we will return rules from B

We should send username and uid in sss_sudo_send_recv_defaults(). Then find the domain the user is a member of and return this domain name to sudo.

Sudo will then request the rules giving us username, uid and domain.


I need some clarification here. Does SUDO provide us with this information when requesting defaults, or does this require a modification of the SUDO binary to include it?

It requires modification of the SUDO binary and our API.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9 beta
summary: sudo: send username and uid while requesting default options => [RFE] sudo: send username and uid while requesting default options
type: defect => enhancement

Fields changed

owner: somebody => pbrezina
status: new => assigned

Fields changed

patch: 0 => 1

Fields changed

milestone: SSSD 1.9.0 beta 1 => SSSD 1.9.0 beta 2

Fields changed

milestone: SSSD 1.9.0 beta 2 => SSSD 1.9.0 beta 3

Fields changed

milestone: SSSD 1.9.0 beta 3 => SSSD 1.9.0 beta 4

Fixed by too many patches to list. Complete as of b8e7073

component: SSSD => SUDO Responder
resolution: => fixed
status: assigned => closed

Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.0 beta 4

2 years ago

Login to comment on this ticket.

Metadata