diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-11-13 13:53:13 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-19 13:51:40 +0100 |
commit | 05bfd452f037a60c87a25e04da51ed7bd02d6d97 (patch) | |
tree | 17ef63f876e64dd20d4ca839a6f3191134eea467 /src | |
parent | 19091b6b2187f74393dcee874148e228fa1d84bf (diff) | |
download | sssd-05bfd452f037a60c87a25e04da51ed7bd02d6d97.tar.gz sssd-05bfd452f037a60c87a25e04da51ed7bd02d6d97.tar.xz sssd-05bfd452f037a60c87a25e04da51ed7bd02d6d97.zip |
sudo: store rules with no sudoHost attribute
https://fedorahosted.org/sssd/ticket/1640
Normal rules requires that sudoHost attribute is present. But this
attribute is not mandatory for a special rule named cn=defaults.
This patch modifies filter so that we store even rules that doesn't
have sudoHost attribute specified. SUDO will then decide whether it
is allowed or not.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap_sudo.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index ebbc95d14..636eae41b 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -327,6 +327,13 @@ static char *sdap_sudo_build_host_filter(TALLOC_CTX *mem_ctx, goto done; } + /* sudoHost is not specified */ + filter = talloc_asprintf_append_buffer(filter, "(!(%s=*))", + map[SDAP_AT_SUDO_HOST].name); + if (filter == NULL) { + goto done; + } + /* ALL */ filter = talloc_asprintf_append_buffer(filter, "(%s=ALL)", map[SDAP_AT_SUDO_HOST].name); |