gentoo/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch

From 15d7d34b20219e2fd45c43881088f5d542e9603e Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 4 Jul 2023 18:56:35 +0200
Subject: [PATCH 2/3] sssct: allow cert-show and cert-eval-rule as non-root
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The cert-show and cert-eval-rule sub-commands do not need root access and
do not require SSSD to be configured on the host.

Resolves: https://github.com/SSSD/sssd/issues/6802

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit 8466f0e4d0c6cd2b98d2789970847b9adc01d7d4)
---
 src/tools/sssctl/sssctl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
index 855260aed..04c41aa9a 100644
--- a/src/tools/sssctl/sssctl.c
+++ b/src/tools/sssctl/sssctl.c
@@ -340,9 +340,9 @@ int main(int argc, const char **argv)
         SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT),
 #endif
         SSS_TOOL_DELIMITER("Certificate related tools:"),
-        SSS_TOOL_COMMAND("cert-show", "Print information about the certificate", 0, sssctl_cert_show),
+        SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
         SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map),
-        SSS_TOOL_COMMAND("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule),
+        SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
 #ifdef BUILD_PASSKEY
         SSS_TOOL_DELIMITER("Passkey related tools:"),
         SSS_TOOL_COMMAND_FLAGS("passkey-register", "Perform passkey registration", 0, sssctl_passkey_register, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
-- 
2.38.1
[sys-auth/sssd] merge some changes from recent pr for further testing 2023-08-27 22:52:46 +02:00			`From 15d7d34b20219e2fd45c43881088f5d542e9603e Mon Sep 17 00:00:00 2001`
			`From: Sumit Bose <sbose@redhat.com>`
			`Date: Tue, 4 Jul 2023 18:56:35 +0200`
			`Subject: [PATCH 2/3] sssct: allow cert-show and cert-eval-rule as non-root`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`The cert-show and cert-eval-rule sub-commands do not need root access and`
			`do not require SSSD to be configured on the host.`

			`Resolves: https://github.com/SSSD/sssd/issues/6802`

			`Reviewed-by: Alejandro López <allopez@redhat.com>`
			`Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>`
			`(cherry picked from commit 8466f0e4d0c6cd2b98d2789970847b9adc01d7d4)`
			`---`
			`src/tools/sssctl/sssctl.c \| 4 ++--`
			`1 file changed, 2 insertions(+), 2 deletions(-)`

			`diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c`
			`index 855260aed..04c41aa9a 100644`
			`--- a/src/tools/sssctl/sssctl.c`
			`+++ b/src/tools/sssctl/sssctl.c`
			`@@ -340,9 +340,9 @@ int main(int argc, const char **argv)`
			`SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT),`
			`#endif`
			`SSS_TOOL_DELIMITER("Certificate related tools:"),`
			`- SSS_TOOL_COMMAND("cert-show", "Print information about the certificate", 0, sssctl_cert_show),`
			`+ SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT\|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),`
			`SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map),`
			`- SSS_TOOL_COMMAND("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule),`
			`+ SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT\|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),`
			`#ifdef BUILD_PASSKEY`
			`SSS_TOOL_DELIMITER("Passkey related tools:"),`
			`SSS_TOOL_COMMAND_FLAGS("passkey-register", "Perform passkey registration", 0, sssctl_passkey_register, SSS_TOOL_FLAG_SKIP_CMD_INIT\|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),`
			`--`
			`2.38.1`