diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2016-05-13 09:03:29 -0400 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-06-03 17:50:35 +0200 |
| commit | 5597f6eb3674c084ae5a089194d84c8604696a1f (patch) | |
| tree | adfdb9e5933e91a3a8d008f39863b94e2f892fd3 /src/providers | |
| parent | eedfc2cced329731c90317a5be3cd82a3749eb8a (diff) | |
| download | sssd-5597f6eb3674c084ae5a089194d84c8604696a1f.tar.gz sssd-5597f6eb3674c084ae5a089194d84c8604696a1f.tar.xz sssd-5597f6eb3674c084ae5a089194d84c8604696a1f.zip | |
GPO: Add "polkit-1" to ad_gpo_map_allow
Polkit is an authorization mechanism of its own (similar to sudo).
SSSD doesn't need to apply additional authorization decisions atop
it, so we'll just accept it as "allow".
Resolves:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1578415
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/ad/ad_gpo.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index c22d32c5e..208770297 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -194,6 +194,7 @@ int ad_gpo_process_cse_recv(struct tevent_req *req); #define GPO_FTP "ftp" #define GPO_SAMBA "samba" #define GPO_CROND "crond" +#define GPO_POLKIT "polkit-1" #define GPO_SUDO "sudo" #define GPO_SUDO_I "sudo-i" #define GPO_SYSTEMD_USER "systemd-user" @@ -216,7 +217,8 @@ const char *gpo_map_remote_interactive_defaults[] = {GPO_SSHD, GPO_COCKPIT, const char *gpo_map_network_defaults[] = {GPO_FTP, GPO_SAMBA, NULL}; const char *gpo_map_batch_defaults[] = {GPO_CROND, NULL}; const char *gpo_map_service_defaults[] = {NULL}; -const char *gpo_map_permit_defaults[] = {GPO_SUDO, GPO_SUDO_I, +const char *gpo_map_permit_defaults[] = {GPO_POLKIT, + GPO_SUDO, GPO_SUDO_I, GPO_SYSTEMD_USER, NULL}; const char *gpo_map_deny_defaults[] = {NULL}; |