diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2012-11-13 13:53:13 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-15 20:11:04 +0100 |
| commit | ea903f72a4c825e67e74fe707525a418abfc70a2 (patch) | |
| tree | 3fbb80358840212356a00b613cdedbabb9946883 /src/providers/ldap | |
| parent | 0411c03775c258a40232565387d15ed89e3a7b7f (diff) | |
| download | sssd-ea903f72a4c825e67e74fe707525a418abfc70a2.tar.gz sssd-ea903f72a4c825e67e74fe707525a418abfc70a2.tar.xz sssd-ea903f72a4c825e67e74fe707525a418abfc70a2.zip | |
sudo: store rules with no sudoHost attribute
https://fedorahosted.org/sssd/ticket/1640
Normal rules requires that sudoHost attribute is present. But this
attribute is not mandatory for a special rule named cn=defaults.
This patch modifies filter so that we store even rules that doesn't
have sudoHost attribute specified. SUDO will then decide whether it
is allowed or not.
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/sdap_sudo.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index ebbc95d14..636eae41b 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -327,6 +327,13 @@ static char *sdap_sudo_build_host_filter(TALLOC_CTX *mem_ctx, goto done; } + /* sudoHost is not specified */ + filter = talloc_asprintf_append_buffer(filter, "(!(%s=*))", + map[SDAP_AT_SUDO_HOST].name); + if (filter == NULL) { + goto done; + } + /* ALL */ filter = talloc_asprintf_append_buffer(filter, "(%s=ALL)", map[SDAP_AT_SUDO_HOST].name); |