SUDO: Use the override_space option

https://fedorahosted.org/sssd/ticket/2397

With this path, a user whose name is "space user" would match a sudo
rule while using the override_default_space option. Please note that the
option is only a client-side override, so the sudoUser attribute must
contain the space in order to match the original name. In other words,
when substituting space ( ) for underscore (_), this attribute would match:
    sudoUser: space user
this would not:
    sudoUser: space_user

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

2 files changed, 8 insertions, 2 deletions

diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index cafe9da53..8a197159b 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -132,8 +132,6 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
                             sudo_dp_reconnect_init, iter);
     }
 
-    /* Get responder options */
-
     /* Get sudo_timed option */
     ret = confdb_get_bool(sudo_ctx->rctx->cdb,
                           CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_TIMED,
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index 4b35a1aed..a23665b65 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -108,6 +108,14 @@ static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx)
             goto done;
         }
 
+        name = sss_reverse_replace_space(tmp_ctx, name,
+                                         cmd_ctx->sudo_ctx->rctx->override_space);
+        if (name == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "sss_reverse_replace_whitespaces failed\n");
+            return ENOMEM;
+        }
+
         DEBUG(SSSDBG_FUNC_DATA, "Requesting info about [%s@%s]\n",
               name, dom->name);