1 files changed, 52 insertions, 3 deletions

diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index 80549bfa5..806c8b3a7 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -104,6 +104,7 @@ struct bet_ops sdap_sudo_ops = {
     .finalize = sdap_sudo_shutdown
 };
 
+static void sdap_sudo_get_hostinfo_done(struct tevent_req *req);
 int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx);
 
 int sdap_sudo_init(struct be_ctx *be_ctx,
@@ -112,6 +113,7 @@ int sdap_sudo_init(struct be_ctx *be_ctx,
                    void **pvt_data)
 {
     struct sdap_sudo_ctx *sudo_ctx = NULL;
+    struct tevent_req *req = NULL;
     int ret;
 
     DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo LDAP back end\n"));
@@ -127,20 +129,67 @@ int sdap_sudo_init(struct be_ctx *be_ctx,
     *pvt_data = sudo_ctx;
 
     ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb,
-                                be_ctx->conf_path, id_ctx->opts);
+                                be_ctx->conf_path, id_ctx->opts,
+                                &sudo_ctx->use_host_filter,
+                                &sudo_ctx->include_regexp,
+                                &sudo_ctx->include_netgroups);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("Cannot get SUDO options [%d]: %s\n",
                                   ret, strerror(ret)));
         return ret;
     }
 
+    req = sdap_sudo_get_hostinfo_send(sudo_ctx, id_ctx->opts, be_ctx);
+    if (req == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve host information - "
+              "(host filter will be disabled)\n"));
+
+        sudo_ctx->use_host_filter = false;
+
+        ret = sdap_sudo_setup_periodical_refresh(sudo_ctx);
+        if (ret != EOK) {
+             DEBUG(SSSDBG_OP_FAILURE,
+                   ("Unable to setup periodical refresh"
+                    "of sudo rules [%d]: %s\n", ret, strerror(ret)));
+             /* periodical updates will not work, but specific-rule update
+              * is no affected by this, therefore we don't have to fail here */
+        }
+    } else {
+        tevent_req_set_callback(req, sdap_sudo_get_hostinfo_done, sudo_ctx);
+    }
+
+    return EOK;
+}
+
+static void sdap_sudo_get_hostinfo_done(struct tevent_req *req)
+{
+    struct sdap_sudo_ctx *sudo_ctx = NULL;
+    char **hostnames = NULL;
+    char **ip_addr = NULL;
+    int ret;
+
+    sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx);
+
+    ret = sdap_sudo_get_hostinfo_recv(sudo_ctx, req, &hostnames, &ip_addr);
+    talloc_zfree(req);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve host information - "
+              "(host filter will be disabled) [%d]: %s\n", ret, strerror(ret)));
+        sudo_ctx->use_host_filter = false;
+        return;
+    }
+
+    talloc_zfree(sudo_ctx->hostnames);
+    talloc_zfree(sudo_ctx->ip_addr);
+
+    sudo_ctx->hostnames = talloc_move(sudo_ctx, &hostnames);
+    sudo_ctx->ip_addr = talloc_move(sudo_ctx, &ip_addr);
+
     ret = sdap_sudo_setup_periodical_refresh(sudo_ctx);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("Unable to setup periodical refresh"
                                   "of sudo rules [%d]: %s\n", ret, strerror(ret)));
     }
-
-    return EOK;
 }
 
 int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx)