From c9aab1c04c399ca2d1abef74f6df22ced34983dc Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Fri, 27 Jan 2012 10:53:51 +0100
Subject: SUDO Integration - responder 'sudo_timed' option

https://fedorahosted.org/sssd/ticket/1116
---
 src/responder/sudo/sudosrv.c         | 11 +++++++++++
 src/responder/sudo/sudosrv_cmd.c     | 21 ++++++++++++++++++++-
 src/responder/sudo/sudosrv_private.h |  1 +
 3 files changed, 32 insertions(+), 1 deletion(-)

(limited to 'src/responder/sudo')

diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index 6b7eae07b..c8e36adc9 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -142,6 +142,17 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
         return ret;
     }
 
+    /* Get sudo_timed option */
+    ret = confdb_get_bool(sudo_ctx->rctx->cdb, sudo_ctx,
+                          CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_TIMED,
+                          CONFDB_DEFAULT_SUDO_TIMED,
+                          &sudo_ctx->timed);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) [%s]\n",
+              ret, strerror(ret)));
+        return ret;
+    }
+
     /* Initialize in-memory cache */
     ret = sudosrv_cache_init(sudo_ctx, 10, &sudo_ctx->cache);
     if (ret != EOK) {
diff --git a/src/responder/sudo/sudosrv_cmd.c b/src/responder/sudo/sudosrv_cmd.c
index cef245fec..f179b9233 100644
--- a/src/responder/sudo/sudosrv_cmd.c
+++ b/src/responder/sudo/sudosrv_cmd.c
@@ -26,6 +26,7 @@
 #include "responder/common/responder.h"
 #include "responder/common/responder_packet.h"
 #include "responder/sudo/sudosrv_private.h"
+#include "db/sysdb_sudo.h"
 
 static errno_t sudosrv_cmd_send_reply(struct sudo_cmd_ctx *cmd_ctx,
                                       uint8_t *response_body,
@@ -90,12 +91,30 @@ errno_t sudosrv_cmd_done(struct sudo_dom_ctx *dctx, int ret)
 {
     uint8_t *response_body = NULL;
     size_t response_len = 0;
+    size_t num_rules = dctx->res_count;
+    struct sysdb_attrs **rules = dctx->res;
 
     switch (ret) {
     case EOK:
+        /*
+         * Parent of dctx->res is in-memory cache, we must not talloc_free it!
+         */
+        if (!dctx->cmd_ctx->sudo_ctx->timed) {
+            num_rules = dctx->res_count;
+            rules = dctx->res;
+        } else {
+            /* filter rules by time */
+            ret = sysdb_sudo_filter_rules_by_time(dctx, dctx->res_count,
+                                                  dctx->res, 0,
+                                                  &num_rules, &rules);
+            if (ret != EOK) {
+                return EFAULT;
+            }
+        }
+
         /* send result */
         ret = sudosrv_get_sudorules_build_response(dctx->cmd_ctx, SSS_SUDO_ERROR_OK,
-                                                   dctx->res_count, dctx->res,
+                                                   num_rules, rules,
                                                    &response_body, &response_len);
         if (ret != EOK) {
             return EFAULT;
diff --git a/src/responder/sudo/sudosrv_private.h b/src/responder/sudo/sudosrv_private.h
index c3feb19bf..7a7acc0c5 100644
--- a/src/responder/sudo/sudosrv_private.h
+++ b/src/responder/sudo/sudosrv_private.h
@@ -43,6 +43,7 @@ struct sudo_ctx {
      * options
      */
     int cache_timeout;
+    bool timed;
 
     /*
      * Key: domain          for SSS_DP_SUDO_DEFAULTS
-- 
cgit