Learn more about these different git repos.
Other Git URLs
Sudo client sends two synchronous requests to sssd:
1. for default options providing none information (sss_sudo_send_recv_defaults())
2. for user rules providing username (sss_sudo_send_recv())
This can end up in mixing sudoers from two domains:
1. we have domains A, B (both sudo enabled) and user X@B
2. X@B does sudo
3. sudo requests default options - we will return cn=defaults from A
4. sudo requests rule for X - we will return rules from B
We should send username and uid in sss_sudo_send_recv_defaults(). Then find the domain the user is a member of and return this domain name to sudo.
Sudo will then request the rules giving us username, uid and domain.
I need some clarification here. Does SUDO provide us with this information when requesting defaults, or does this require a modification of the SUDO binary to include it?
It requires modification of the SUDO binary and our API.
milestone: NEEDS_TRIAGE => SSSD 1.9 beta
summary: sudo: send username and uid while requesting default options => [RFE] sudo: send username and uid while requesting default options
type: defect => enhancement
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=801431
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=801431 801431]
owner: somebody => pbrezina
status: new => assigned
patch: 0 => 1
milestone: SSSD 1.9.0 beta 1 => SSSD 1.9.0 beta 2
milestone: SSSD 1.9.0 beta 2 => SSSD 1.9.0 beta 3
milestone: SSSD 1.9.0 beta 3 => SSSD 1.9.0 beta 4
Fixed by too many patches to list. Complete as of b8e7073
component: SSSD => SUDO Responder
resolution: => fixed
status: assigned => closed
Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.0 beta 4
to comment on this ticket.