There is an invalid condition in sysdb_sudo_check_time() which results
in all rules having been filtered out if sudo_timed is on. This patch
fixes it.
From a1ecc635efa6ed6aed1c6c414f17a503959f5bac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <[email protected]>
Date: Mon, 6 Feb 2012 10:43:56 +0100
Subject: [PATCH] SUDO Integration - sysdb_sudo_check_time() fix
---
src/db/sysdb_sudo.c | 14 ++++++++------
1 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index 5f87a80..fbe7cc8 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -71,13 +71,14 @@ static errno_t sysdb_sudo_check_time(struct sysdb_attrs *rule,
/* check for sudoNotBefore */
ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTBEFORE,
tmp_ctx, &values);
- if (ret != EOK) {
- goto done;
- } else if (ret == ENOENT) {
+ if (ret == ENOENT) {
DEBUG(SSSDBG_TRACE_LIBS,
("notBefore attribute is missing, the rule is valid\n"));
*result = true;
ret = EOK;
+ goto done;
+ } else if (ret != EOK) {
+ goto done;
}
for (i=0; values[i] ; i++) {
@@ -100,13 +101,14 @@ static errno_t sysdb_sudo_check_time(struct sysdb_attrs *rule,
/* check for sudoNotAfter */
ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTAFTER,
tmp_ctx, &values);
- if (ret != EOK) {
- goto done;
- } else if (ret == ENOENT) {
+ if (ret == ENOENT) {
DEBUG(SSSDBG_TRACE_LIBS,
("notAfter attribute is missing, the rule is valid\n"));
*result = true;
ret = EOK;
+ goto done;
+ } else if (ret != EOK) {
+ goto done;
}
for (i=0; values[i] ; i++) {
--
1.7.6.5
_______________________________________________
sssd-devel mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/sssd-devel
