From 6a7b0edb1cbe99d4adf053849d238ba7ce1996ba Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Tue, 7 May 2013 14:24:09 +0200
Subject: sudo responder: search rules for subdomains in parent domain subtree

https://fedorahosted.org/sssd/ticket/1912

SUDO rules are stored under cn=ipa.domain,cn=sysdb tree but sobdomains
users are in cn=sub.domain,cn=sysdb. When we search for rules for
subdomain users we have to switch domain context to parent.
---
 src/responder/sudo/sudosrv_get_sudorules.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index 6b6e6b23c..ab363da6a 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -638,6 +638,11 @@ static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx,
 
     DEBUG(SSSDBG_FUNC_DATA, ("Searching sysdb with [%s]\n", filter));
 
+    if (IS_SUBDOMAIN(domain)) {
+        /* rules are stored inside parent domain tree */
+        domain = domain->parent;
+    }
+
     ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
                               SUDORULE_SUBDIR, attrs,
                               &count, &msgs);
-- 
cgit