From 3fa31631d74d09ce6b52b6b8cd3c994c9f2a2db4 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 1 Aug 2014 08:00:46 +0200 Subject: SUDO: Use the override_space option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://fedorahosted.org/sssd/ticket/2397 With this path, a user whose name is "space user" would match a sudo rule while using the override_default_space option. Please note that the option is only a client-side override, so the sudoUser attribute must contain the space in order to match the original name. In other words, when substituting space ( ) for underscore (_), this attribute would match: sudoUser: space user this would not: sudoUser: space_user Reviewed-by: Pavel Březina Reviewed-by: Lukáš Slebodník (cherry picked from commit 3b96d478851fbbe391ab30e3d6a0afdb9ecdd4a0) --- src/responder/sudo/sudosrv.c | 2 -- src/responder/sudo/sudosrv_get_sudorules.c | 8 ++++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index cafe9da53..8a197159b 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -132,8 +132,6 @@ int sudo_process_init(TALLOC_CTX *mem_ctx, sudo_dp_reconnect_init, iter); } - /* Get responder options */ - /* Get sudo_timed option */ ret = confdb_get_bool(sudo_ctx->rctx->cdb, CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_TIMED, diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c index 48a40af30..579874d13 100644 --- a/src/responder/sudo/sudosrv_get_sudorules.c +++ b/src/responder/sudo/sudosrv_get_sudorules.c @@ -108,6 +108,14 @@ static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx) goto done; } + name = sss_reverse_replace_space(tmp_ctx, name, + cmd_ctx->sudo_ctx->rctx->override_space); + if (name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_reverse_replace_whitespaces failed\n"); + return ENOMEM; + } + DEBUG(SSSDBG_FUNC_DATA, "Requesting info about [%s@%s]\n", name, dom->name); -- cgit