diff options
author | Adam Tkac <vonsch@gmail.com> | 2015-04-13 15:00:18 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-19 14:09:45 +0200 |
commit | ace2b0e418a31f63c8161d6c6c9b9f32392d290a (patch) | |
tree | 080b819148e9e29e0193d2b16ef3e3bf3a4deff6 /src/responder/sudo/sudosrv_cmd.c | |
parent | b3caa2385f7de9bed9436e6ebdd1cc74a1b9d558 (diff) | |
download | sssd-ace2b0e418a31f63c8161d6c6c9b9f32392d290a.tar.gz sssd-ace2b0e418a31f63c8161d6c6c9b9f32392d290a.tar.xz sssd-ace2b0e418a31f63c8161d6c6c9b9f32392d290a.zip |
Option filter_users had no effect for retrieving sudo rules
Previously sssd_sudo always obtained sudo rules for user from LDAP even
when user was enlisted in filter_users.
Resolves https://fedorahosted.org/sssd/ticket/2625
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/responder/sudo/sudosrv_cmd.c')
-rw-r--r-- | src/responder/sudo/sudosrv_cmd.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/responder/sudo/sudosrv_cmd.c b/src/responder/sudo/sudosrv_cmd.c index fd8c46d63..dd636e949 100644 --- a/src/responder/sudo/sudosrv_cmd.c +++ b/src/responder/sudo/sudosrv_cmd.c @@ -28,6 +28,7 @@ #include "responder/sudo/sudosrv_private.h" #include "db/sysdb_sudo.h" #include "sss_client/sss_cli.h" +#include "responder/common/negcache.h" static errno_t sudosrv_cmd_send_reply(struct sudo_cmd_ctx *cmd_ctx, uint8_t *response_body, @@ -239,6 +240,7 @@ static void sudosrv_cmd_parse_query_done(struct tevent_req *req) { struct sudo_cmd_ctx *cmd_ctx = NULL; struct sudo_dom_ctx *dom_ctx = NULL; + struct sudo_ctx *sudo_ctx = NULL; errno_t ret; cmd_ctx = tevent_req_callback_data(req, struct sudo_cmd_ctx); @@ -278,6 +280,16 @@ static void sudosrv_cmd_parse_query_done(struct tevent_req *req) dom_ctx->domain = cmd_ctx->domain != NULL ? cmd_ctx->domain : cmd_ctx->cli_ctx->rctx->domains; + sudo_ctx = talloc_get_type(cmd_ctx->cli_ctx->rctx->pvt_ctx, struct sudo_ctx); + ret = sss_ncache_check_user(sudo_ctx->ncache, sudo_ctx->neg_timeout, + dom_ctx->domain, cmd_ctx->username); + if (ret == EEXIST) { + DEBUG(SSSDBG_TRACE_FUNC, "User [%s@%s] filtered out (ncache)\n", + cmd_ctx->username, dom_ctx->domain->name); + ret = ENOENT; + goto done; + } + ret = sudosrv_get_sudorules(dom_ctx); done: |