diff options
author | Pavel Reichl <preichl@redhat.com> | 2015-01-13 17:43:30 -0500 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-01-15 10:33:31 +0100 |
commit | b49c6abe12721ee8442be1c1bd6c15443b518ca2 (patch) | |
tree | 39f95a4bae7a1c3239229b6cd7b9bcd23f3601b1 | |
parent | f3d91181d4ee9da3f8bbf4ddf8782951c0ae46c1 (diff) | |
download | sssd-b49c6abe12721ee8442be1c1bd6c15443b518ca2.tar.gz sssd-b49c6abe12721ee8442be1c1bd6c15443b518ca2.tar.xz sssd-b49c6abe12721ee8442be1c1bd6c15443b518ca2.zip |
GPO: add systemd-user to gpo default permit list
Resolves:
https://fedorahosted.org/sssd/ticket/2556
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
-rw-r--r-- | src/man/sssd-ad.5.xml | 5 | ||||
-rw-r--r-- | src/providers/ad/ad_gpo.c | 4 |
2 files changed, 8 insertions, 1 deletions
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 7997b780f..c9bb653a0 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -579,6 +579,11 @@ ad_gpo_map_permit = +my_pam_service, -sudo sudo-i </para> </listitem> + <listitem> + <para> + systemd-user + </para> + </listitem> </itemizedlist> </para> </listitem> diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 1ab40af0a..a9879b41b 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -187,6 +187,7 @@ int ad_gpo_process_cse_recv(struct tevent_req *req); #define GPO_CROND "crond" #define GPO_SUDO "sudo" #define GPO_SUDO_I "sudo-i" +#define GPO_SYSTEMD_USER "systemd-user" struct gpo_map_option_entry { enum gpo_map_type gpo_map_type; @@ -203,7 +204,8 @@ const char *gpo_map_remote_interactive_defaults[] = {GPO_SSHD, NULL}; const char *gpo_map_network_defaults[] = {GPO_FTP, GPO_SAMBA, NULL}; const char *gpo_map_batch_defaults[] = {GPO_CROND, NULL}; const char *gpo_map_service_defaults[] = {NULL}; -const char *gpo_map_permit_defaults[] = {GPO_SUDO, GPO_SUDO_I, NULL}; +const char *gpo_map_permit_defaults[] = {GPO_SUDO, GPO_SUDO_I, + GPO_SYSTEMD_USER, NULL}; const char *gpo_map_deny_defaults[] = {NULL}; struct gpo_map_option_entry gpo_map_option_entries[] = { |