Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch')
-rw-r--r--sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch39
1 files changed, 39 insertions, 0 deletions
diff --git a/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch b/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch
new file mode 100644
index 000000000000..3a724363382b
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch
@@ -0,0 +1,39 @@
+From 15d7d34b20219e2fd45c43881088f5d542e9603e Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 4 Jul 2023 18:56:35 +0200
+Subject: [PATCH 2/3] sssct: allow cert-show and cert-eval-rule as non-root
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The cert-show and cert-eval-rule sub-commands do not need root access and
+do not require SSSD to be configured on the host.
+
+Resolves: https://github.com/SSSD/sssd/issues/6802
+
+Reviewed-by: Alejandro López <allopez@redhat.com>
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+(cherry picked from commit 8466f0e4d0c6cd2b98d2789970847b9adc01d7d4)
+---
+ src/tools/sssctl/sssctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
+index 855260aed..04c41aa9a 100644
+--- a/src/tools/sssctl/sssctl.c
++++ b/src/tools/sssctl/sssctl.c
+@@ -340,9 +340,9 @@ int main(int argc, const char **argv)
+ SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT),
+ #endif
+ SSS_TOOL_DELIMITER("Certificate related tools:"),
+- SSS_TOOL_COMMAND("cert-show", "Print information about the certificate", 0, sssctl_cert_show),
++ SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
+ SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map),
+- SSS_TOOL_COMMAND("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule),
++ SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
+ #ifdef BUILD_PASSKEY
+ SSS_TOOL_DELIMITER("Passkey related tools:"),
+ SSS_TOOL_COMMAND_FLAGS("passkey-register", "Perform passkey registration", 0, sssctl_passkey_register, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
+--
+2.38.1
+