diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2012-01-27 10:53:51 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-04 08:27:16 -0500 |
| commit | c9aab1c04c399ca2d1abef74f6df22ced34983dc (patch) | |
| tree | ce72d312ed54242f0b3717112d0774e705408a02 /src/responder | |
| parent | 41ef946f3f74a46b9e26118116e4811e259b30ef (diff) | |
| download | sssd-c9aab1c04c399ca2d1abef74f6df22ced34983dc.tar.gz sssd-c9aab1c04c399ca2d1abef74f6df22ced34983dc.tar.xz sssd-c9aab1c04c399ca2d1abef74f6df22ced34983dc.zip | |
SUDO Integration - responder 'sudo_timed' option
https://fedorahosted.org/sssd/ticket/1116
Diffstat (limited to 'src/responder')
| -rw-r--r-- | src/responder/sudo/sudosrv.c | 11 | ||||
| -rw-r--r-- | src/responder/sudo/sudosrv_cmd.c | 21 | ||||
| -rw-r--r-- | src/responder/sudo/sudosrv_private.h | 1 |
3 files changed, 32 insertions, 1 deletions
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c index 6b7eae07b..c8e36adc9 100644 --- a/src/responder/sudo/sudosrv.c +++ b/src/responder/sudo/sudosrv.c @@ -142,6 +142,17 @@ int sudo_process_init(TALLOC_CTX *mem_ctx, return ret; } + /* Get sudo_timed option */ + ret = confdb_get_bool(sudo_ctx->rctx->cdb, sudo_ctx, + CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_TIMED, + CONFDB_DEFAULT_SUDO_TIMED, + &sudo_ctx->timed); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) [%s]\n", + ret, strerror(ret))); + return ret; + } + /* Initialize in-memory cache */ ret = sudosrv_cache_init(sudo_ctx, 10, &sudo_ctx->cache); if (ret != EOK) { diff --git a/src/responder/sudo/sudosrv_cmd.c b/src/responder/sudo/sudosrv_cmd.c index cef245fec..f179b9233 100644 --- a/src/responder/sudo/sudosrv_cmd.c +++ b/src/responder/sudo/sudosrv_cmd.c @@ -26,6 +26,7 @@ #include "responder/common/responder.h" #include "responder/common/responder_packet.h" #include "responder/sudo/sudosrv_private.h" +#include "db/sysdb_sudo.h" static errno_t sudosrv_cmd_send_reply(struct sudo_cmd_ctx *cmd_ctx, uint8_t *response_body, @@ -90,12 +91,30 @@ errno_t sudosrv_cmd_done(struct sudo_dom_ctx *dctx, int ret) { uint8_t *response_body = NULL; size_t response_len = 0; + size_t num_rules = dctx->res_count; + struct sysdb_attrs **rules = dctx->res; switch (ret) { case EOK: + /* + * Parent of dctx->res is in-memory cache, we must not talloc_free it! + */ + if (!dctx->cmd_ctx->sudo_ctx->timed) { + num_rules = dctx->res_count; + rules = dctx->res; + } else { + /* filter rules by time */ + ret = sysdb_sudo_filter_rules_by_time(dctx, dctx->res_count, + dctx->res, 0, + &num_rules, &rules); + if (ret != EOK) { + return EFAULT; + } + } + /* send result */ ret = sudosrv_get_sudorules_build_response(dctx->cmd_ctx, SSS_SUDO_ERROR_OK, - dctx->res_count, dctx->res, + num_rules, rules, &response_body, &response_len); if (ret != EOK) { return EFAULT; diff --git a/src/responder/sudo/sudosrv_private.h b/src/responder/sudo/sudosrv_private.h index c3feb19bf..7a7acc0c5 100644 --- a/src/responder/sudo/sudosrv_private.h +++ b/src/responder/sudo/sudosrv_private.h @@ -43,6 +43,7 @@ struct sudo_ctx { * options */ int cache_timeout; + bool timed; /* * Key: domain for SSS_DP_SUDO_DEFAULTS |