summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2013-05-07 14:24:09 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-05-10 16:43:55 +0200
commit6a7b0edb1cbe99d4adf053849d238ba7ce1996ba (patch)
treeee7ff71f42fd2937bef0cb75d5be52176300de53
parente506a551187dc92683f0903515dd1d2b57ce05e5 (diff)
downloadsssd-6a7b0edb1cbe99d4adf053849d238ba7ce1996ba.tar.gz
sssd-6a7b0edb1cbe99d4adf053849d238ba7ce1996ba.tar.bz2
sssd-6a7b0edb1cbe99d4adf053849d238ba7ce1996ba.zip
sudo responder: search rules for subdomains in parent domain subtree
https://fedorahosted.org/sssd/ticket/1912 SUDO rules are stored under cn=ipa.domain,cn=sysdb tree but sobdomains users are in cn=sub.domain,cn=sysdb. When we search for rules for subdomain users we have to switch domain context to parent.
-rw-r--r--src/responder/sudo/sudosrv_get_sudorules.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index 6b6e6b23..ab363da6 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -638,6 +638,11 @@ static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx,
DEBUG(SSSDBG_FUNC_DATA, ("Searching sysdb with [%s]\n", filter));
+ if (IS_SUBDOMAIN(domain)) {
+ /* rules are stored inside parent domain tree */
+ domain = domain->parent;
+ }
+
ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
SUDORULE_SUBDIR, attrs,
&count, &msgs);