diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-05-11 10:25:54 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-06-29 11:37:18 -0400 |
commit | f7af8c5b369938725e47585c641ae5b017d442a1 (patch) | |
tree | f3cea8ab98f94ad4b10500ece93c25a94abda727 | |
parent | 76db25eab9010a33657f35e5afc8477c996df7a3 (diff) | |
download | sssd-f7af8c5b369938725e47585c641ae5b017d442a1.tar.gz sssd-f7af8c5b369938725e47585c641ae5b017d442a1.tar.xz sssd-f7af8c5b369938725e47585c641ae5b017d442a1.zip |
sudo sysdb: add expiration time to the filter
-rw-r--r-- | src/db/sysdb_sudo.c | 8 | ||||
-rw-r--r-- | src/db/sysdb_sudo.h | 1 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv_get_sudorules.c | 2 |
3 files changed, 10 insertions, 1 deletions
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 586e95883..0f9d99945 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -201,6 +201,7 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, TALLOC_CTX *tmp_ctx = NULL; char *filter = NULL; char *specific_filter = NULL; + time_t now; errno_t ret; int i; @@ -264,6 +265,13 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, NULL_CHECK(filter, ret, done); } + if (flags & SYSDB_SUDO_FILTER_ONLY_EXPIRED) { + now = time(NULL); + filter = talloc_asprintf_append(filter, "(&(%s<=%lld))", + SYSDB_CACHE_EXPIRE, (long long)now); + NULL_CHECK(filter, ret, done); + } + filter = talloc_strdup_append(filter, ")"); NULL_CHECK(filter, ret, done); diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h index 4a3926757..b8ed2bc41 100644 --- a/src/db/sysdb_sudo.h +++ b/src/db/sysdb_sudo.h @@ -53,6 +53,7 @@ #define SYSDB_SUDO_FILTER_UID 0x02 /* uid */ #define SYSDB_SUDO_FILTER_GROUPS 0x04 /* groups */ #define SYSDB_SUDO_FILTER_NGRS 0x08 /* netgroups */ +#define SYSDB_SUDO_FILTER_ONLY_EXPIRED 0x10 /* only expired */ #define SYSDB_SUDO_FILTER_INCLUDE_ALL 0x20 /* ALL */ #define SYSDB_SUDO_FILTER_INCLUDE_DFL 0x40 /* include cn=default */ #define SYSDB_SUDO_FILTER_USERINFO SYSDB_SUDO_FILTER_USERNAME \ diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c index a405848a5..cd359b686 100644 --- a/src/responder/sudo/sudosrv_get_sudorules.c +++ b/src/responder/sudo/sudosrv_get_sudorules.c @@ -522,7 +522,7 @@ static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx, } ret = sysdb_get_sudo_filter(tmp_ctx, username, uid, groupnames, - flags, &filter); + flags, 0, &filter); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not construct the search filter [%d]: %s\n", |