sudo responder: search rules for subdomains in parent domain subtree

https://fedorahosted.org/sssd/ticket/1912 SUDO rules are stored under cn=ipa.domain,cn=sysdb tree but sobdomains users are in cn=sub.domain,cn=sysdb. When we search for rules for subdomain users we have to switch domain context to parent.
author: Pavel Březina <pbrezina@redhat.com> 2013-05-07 14:24:09 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-05-10 16:43:55 +0200
commit: 6a7b0edb1cbe99d4adf053849d238ba7ce1996ba (patch)
tree: ee7ff71f42fd2937bef0cb75d5be52176300de53
parent: e506a551187dc92683f0903515dd1d2b57ce05e5 (diff)
download: sssd-6a7b0edb1cbe99d4adf053849d238ba7ce1996ba.tar.gz
sssd-6a7b0edb1cbe99d4adf053849d238ba7ce1996ba.tar.bz2
sssd-6a7b0edb1cbe99d4adf053849d238ba7ce1996ba.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index 6b6e6b23..ab363da6 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -638,6 +638,11 @@ static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx,
 
     DEBUG(SSSDBG_FUNC_DATA, ("Searching sysdb with [%s]\n", filter));
 
+    if (IS_SUBDOMAIN(domain)) {
+        /* rules are stored inside parent domain tree */
+        domain = domain->parent;
+    }
+
     ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
                               SUDORULE_SUBDIR, attrs,
                               &count, &msgs);
author	Pavel Březina <pbrezina@redhat.com>	2013-05-07 14:24:09 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-05-10 16:43:55 +0200
commit	6a7b0edb1cbe99d4adf053849d238ba7ce1996ba (patch)
tree	ee7ff71f42fd2937bef0cb75d5be52176300de53
parent	e506a551187dc92683f0903515dd1d2b57ce05e5 (diff)
download	sssd-6a7b0edb1cbe99d4adf053849d238ba7ce1996ba.tar.gz sssd-6a7b0edb1cbe99d4adf053849d238ba7ce1996ba.tar.bz2 sssd-6a7b0edb1cbe99d4adf053849d238ba7ce1996ba.zip