diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-11-13 13:53:13 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-15 20:09:43 +0100 |
commit | 4080c54ed0438a74cbe5e4faaa444a9d21d1b546 (patch) | |
tree | 2035833fa698d9b3278dd1e2c598c819f6dde6c2 | |
parent | 59f136cd254d1acf2991c97221eb08803784777d (diff) | |
download | sssd-4080c54ed0438a74cbe5e4faaa444a9d21d1b546.tar.gz sssd-4080c54ed0438a74cbe5e4faaa444a9d21d1b546.tar.bz2 sssd-4080c54ed0438a74cbe5e4faaa444a9d21d1b546.zip |
sudo: store rules with no sudoHost attribute
https://fedorahosted.org/sssd/ticket/1640
Normal rules requires that sudoHost attribute is present. But this
attribute is not mandatory for a special rule named cn=defaults.
This patch modifies filter so that we store even rules that doesn't
have sudoHost attribute specified. SUDO will then decide whether it
is allowed or not.
-rw-r--r-- | src/providers/ldap/sdap_sudo.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index ebbc95d1..636eae41 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -327,6 +327,13 @@ static char *sdap_sudo_build_host_filter(TALLOC_CTX *mem_ctx, goto done; } + /* sudoHost is not specified */ + filter = talloc_asprintf_append_buffer(filter, "(!(%s=*))", + map[SDAP_AT_SUDO_HOST].name); + if (filter == NULL) { + goto done; + } + /* ALL */ filter = talloc_asprintf_append_buffer(filter, "(%s=ALL)", map[SDAP_AT_SUDO_HOST].name); |