From 05bfd452f037a60c87a25e04da51ed7bd02d6d97 Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Tue, 13 Nov 2012 13:53:13 +0100
Subject: sudo: store rules with no sudoHost attribute

https://fedorahosted.org/sssd/ticket/1640

Normal rules requires that sudoHost attribute is present. But this
attribute is not mandatory for a special rule named cn=defaults.

This patch modifies filter so that we store even rules that doesn't
have sudoHost attribute specified. SUDO will then decide whether it
is allowed or not.
---
 src/providers/ldap/sdap_sudo.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index ebbc95d14..636eae41b 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -327,6 +327,13 @@ static char *sdap_sudo_build_host_filter(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
+    /* sudoHost is not specified */
+    filter = talloc_asprintf_append_buffer(filter, "(!(%s=*))",
+                                           map[SDAP_AT_SUDO_HOST].name);
+    if (filter == NULL) {
+        goto done;
+    }
+
     /* ALL */
     filter = talloc_asprintf_append_buffer(filter, "(%s=ALL)",
                                            map[SDAP_AT_SUDO_HOST].name);
-- 
cgit