40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From d7795e33668b3e2ef212c5fa0bfaf4485e87db65 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
Date: Tue, 31 Oct 2017 15:14:52 +0100
|
|
Subject: [PATCH] sudo ldap: do not store rules without sudoHost attribute
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Unless it is cn=defaults.
|
|
|
|
Resolves:
|
|
https://pagure.io/SSSD/sssd/issue/3558
|
|
|
|
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
(cherry picked from commit 47ad0778be72994a2294b2e73cc5c670be6811a7)
|
|
---
|
|
src/providers/ldap/sdap_async_sudo.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c
|
|
index 5dc580128..3da76256e 100644
|
|
--- a/src/providers/ldap/sdap_async_sudo.c
|
|
+++ b/src/providers/ldap/sdap_async_sudo.c
|
|
@@ -158,8 +158,9 @@ static char *sdap_sudo_build_host_filter(TALLOC_CTX *mem_ctx,
|
|
goto done;
|
|
}
|
|
|
|
- /* sudoHost is not specified */
|
|
- filter = talloc_asprintf_append_buffer(filter, "(!(%s=*))",
|
|
+ /* sudoHost is not specified and it is a cn=defaults rule */
|
|
+ filter = talloc_asprintf_append_buffer(filter, "(&(!(%s=*))(%s=defaults))",
|
|
+ map[SDAP_AT_SUDO_HOST].name,
|
|
map[SDAP_AT_SUDO_HOST].name);
|
|
if (filter == NULL) {
|
|
goto done;
|
|
--
|
|
2.14.3
|
|
|