diff options
author | Pavel Březina <pbrezina@redhat.com> | 2014-07-14 14:23:50 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-07-22 18:36:57 +0200 |
commit | e1c8821cd260c7c5322843b5f295888b3e29dc22 (patch) | |
tree | 49155c23c4e68938e640e263ec349b9482b3068f /src/providers/ldap | |
parent | e00a71a43980963adf9b9f5e3d2f356f175498e9 (diff) | |
download | sssd-e1c8821cd260c7c5322843b5f295888b3e29dc22.tar.gz sssd-e1c8821cd260c7c5322843b5f295888b3e29dc22.tar.xz sssd-e1c8821cd260c7c5322843b5f295888b3e29dc22.zip |
sudo: fetch sudoRunAs attribute
This attribute was used in pre 1.7 versions of sudo and it is now
deprecated by sudoRunAsUser and sudoRunAsGroup. However, some users
still use this attribute so we need to support it to ensure backward
compatibility.
This patch makes sure that this attribute is downloaded if present and
provided to sudo. Sudo than decides how to handle it.
The new mapping option is not present in a man page since this
attribute is deprecated in sudo for a very long time.
Resolves:
https://fedorahosted.org/sssd/ticket/2212
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 7c30e60c525ea798aaab142766ff00eef4b5df3b)
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/ldap_opts.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index 3da527474..217436113 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -319,6 +319,7 @@ struct sdap_attr_map native_sudorule_map[] = { { "ldap_sudorule_host", "sudoHost", SYSDB_SUDO_CACHE_AT_HOST, NULL }, { "ldap_sudorule_user", "sudoUser", SYSDB_SUDO_CACHE_AT_USER, NULL }, { "ldap_sudorule_option", "sudoOption", SYSDB_SUDO_CACHE_AT_OPTION, NULL }, + { "ldap_sudorule_runas", "sudoRunAs", SYSDB_SUDO_CACHE_AT_RUNAS, NULL }, { "ldap_sudorule_runasuser", "sudoRunAsUser", SYSDB_SUDO_CACHE_AT_RUNASUSER, NULL }, { "ldap_sudorule_runasgroup", "sudoRunAsGroup", SYSDB_SUDO_CACHE_AT_RUNASGROUP, NULL }, { "ldap_sudorule_notbefore", "sudoNotBefore", SYSDB_SUDO_CACHE_AT_NOTBEFORE, NULL }, |