summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2012-11-13 13:53:13 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-11-15 20:09:43 +0100
commit4080c54ed0438a74cbe5e4faaa444a9d21d1b546 (patch)
tree2035833fa698d9b3278dd1e2c598c819f6dde6c2
parent59f136cd254d1acf2991c97221eb08803784777d (diff)
downloadsssd-4080c54ed0438a74cbe5e4faaa444a9d21d1b546.tar.gz
sssd-4080c54ed0438a74cbe5e4faaa444a9d21d1b546.tar.bz2
sssd-4080c54ed0438a74cbe5e4faaa444a9d21d1b546.zip
sudo: store rules with no sudoHost attribute
https://fedorahosted.org/sssd/ticket/1640 Normal rules requires that sudoHost attribute is present. But this attribute is not mandatory for a special rule named cn=defaults. This patch modifies filter so that we store even rules that doesn't have sudoHost attribute specified. SUDO will then decide whether it is allowed or not.
-rw-r--r--src/providers/ldap/sdap_sudo.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index ebbc95d1..636eae41 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -327,6 +327,13 @@ static char *sdap_sudo_build_host_filter(TALLOC_CTX *mem_ctx,
goto done;
}
+ /* sudoHost is not specified */
+ filter = talloc_asprintf_append_buffer(filter, "(!(%s=*))",
+ map[SDAP_AT_SUDO_HOST].name);
+ if (filter == NULL) {
+ goto done;
+ }
+
/* ALL */
filter = talloc_asprintf_append_buffer(filter, "(%s=ALL)",
map[SDAP_AT_SUDO_HOST].name);