diff options
| author | Petr Čech <pcech@redhat.com> | 2016-11-16 10:09:18 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-11-23 11:20:35 +0100 |
| commit | 7e23edbaa7a6bbd0b461d5792535896b6a77928b (patch) | |
| tree | 362fc9be127d12a2d471cf8e11ae6f9b18a313d5 /src/db | |
| parent | a7f085d6a04d4ecf9ebc29b57c868ad41b744dff (diff) | |
| download | sssd-7e23edbaa7a6bbd0b461d5792535896b6a77928b.tar.gz sssd-7e23edbaa7a6bbd0b461d5792535896b6a77928b.tar.xz sssd-7e23edbaa7a6bbd0b461d5792535896b6a77928b.zip | |
SYSDB: Fixing of sudorule without a sudoUser
This patch solved a regression caused by the recent patches
to lowercase sudoUser -- in case sudoUser is missing completely,
we abort the processing of this rule and all others.
With this patch, we return ERR_MALFORMED_ENTRY and gracefully
skip the malformed rule instead.
Resolves:
https://fedorahosted.org/sssd/ticket/3241
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/db')
| -rw-r--r-- | src/db/sysdb_sudo.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 4bd93ffc6..f5160f190 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -874,6 +874,7 @@ static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain, if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Unable to get %s attribute [%d]: %s\n", SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret)); + ret = ERR_MALFORMED_ENTRY; goto done; } @@ -977,6 +978,10 @@ sysdb_sudo_store(struct sss_domain_info *domain, /* Multiple CNs are error on server side, we can just ignore this * rule and save the others. Loud debug message is in logs. */ continue; + } else if (ret == ERR_MALFORMED_ENTRY) { + /* Attribute SYSDB_SUDO_CACHE_AT_USER is missing but we can + * continue with next sudoRule. */ + continue; } else if (ret != EOK) { goto done; } |