diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2017-02-05 20:25:23 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-02-10 16:55:04 +0100 |
| commit | a5ecc93abb01cece628fdef04ebad43bba267419 (patch) | |
| tree | 1edeb70559484f6f6ede6e26c397b457c65651f8 | |
| parent | 00c0b7bc6969d31deab9e8e7541b4a6483b78b3e (diff) | |
| download | sssd-a5ecc93abb01cece628fdef04ebad43bba267419.tar.gz sssd-a5ecc93abb01cece628fdef04ebad43bba267419.tar.xz sssd-a5ecc93abb01cece628fdef04ebad43bba267419.zip | |
SUDO: Only store lowercased attribute value once
The current code doesn't handle the situation where lowercasing the
sudoUser attribute would yield the same value again.
For example:
sudoUser: TUSER
sudoUser tuser
would break.
This patch switches to using the utility function
sysdb_attrs_add_lower_case_string() which already checks for duplicates.
Resolves:
https://fedorahosted.org/sssd/ticket/3301
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
| -rw-r--r-- | src/db/sysdb_sudo.c | 17 | ||||
| -rw-r--r-- | src/tests/cmocka/test_sysdb_sudo.c | 5 |
2 files changed, 8 insertions, 14 deletions
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index f5160f190..97a1bee99 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -857,7 +857,6 @@ static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain, { TALLOC_CTX *tmp_ctx; const char **users = NULL; - const char *lowered = NULL; errno_t ret; if (domain->case_sensitive == true || rule == NULL) { @@ -884,19 +883,9 @@ static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain, } for (int i = 0; users[i] != NULL; i++) { - lowered = sss_tc_utf8_str_tolower(tmp_ctx, users[i]); - if (lowered == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n"); - ret = ENOMEM; - goto done; - } - - if (strcmp(users[i], lowered) == 0) { - /* It protects us from adding duplicate. */ - continue; - } - - ret = sysdb_attrs_add_string(rule, SYSDB_SUDO_CACHE_AT_USER, lowered); + ret = sysdb_attrs_add_lower_case_string(rule, true, + SYSDB_SUDO_CACHE_AT_USER, + users[i]); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Unable to add %s attribute [%d]: %s\n", diff --git a/src/tests/cmocka/test_sysdb_sudo.c b/src/tests/cmocka/test_sysdb_sudo.c index f21ff3655..34afe120d 100644 --- a/src/tests/cmocka/test_sysdb_sudo.c +++ b/src/tests/cmocka/test_sysdb_sudo.c @@ -335,6 +335,11 @@ void test_store_sudo_case_insensitive(void **state) test_ctx->tctx->dom->case_sensitive = false; + ret = sysdb_attrs_add_lower_case_string(rule, false, + SYSDB_SUDO_CACHE_AT_USER, + users[0].name); + assert_int_equal(ret, EOK); + ret = sysdb_sudo_store(test_ctx->tctx->dom, &rule, 1); assert_int_equal(ret, EOK); |