From 8abafe202c458617ce99e969a0fbdd6b43d23a17 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 10 Sep 2012 13:41:08 +0200
Subject: [PATCH 2/2] backend: initialize sudo only when it is enabled in
 services

https://fedorahosted.org/sssd/ticket/1458

When the responder is disabled and sudo_provider is set explicitly,
a warning is print and the module will be initialized.
---
 src/providers/data_provider_be.c |   69 ++++++++++++++++++++++++++++++++++++--
 1 files changed, 66 insertions(+), 3 deletions(-)

diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index b979ccc640c7cedb68e8d19493d04a07d68032af..6aa7b0b1ae0b562e4eaa56ab4030edd21cacd350 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -2076,6 +2076,71 @@ static void signal_be_offline(struct tevent_context *ev,
     be_mark_offline(ctx);
 }
 
+int be_process_init_sudo(struct be_ctx *be_ctx)
+{
+    TALLOC_CTX *tmp_ctx = NULL;
+    char **services = NULL;
+    char *provider = NULL;
+    bool responder_enabled = false;
+    bool provider_enabled = false;
+    int i;
+    int ret;
+
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n"));
+        return ENOMEM;
+    }
+
+    ret = confdb_get_string_as_list(be_ctx->cdb, tmp_ctx,
+                                    CONFDB_MONITOR_CONF_ENTRY,
+                                    CONFDB_MONITOR_ACTIVE_SERVICES, &services);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to read from confdb [%d]: %s\n",
+                                     ret, strerror(ret)));
+        goto done;
+    }
+
+    for (i = 0; services[i] != NULL; i++) {
+        if (strcmp(services[i], "sudo") == 0) {
+            responder_enabled = true;
+            break;
+        }
+    }
+
+    ret = confdb_get_string(be_ctx->cdb, tmp_ctx, be_ctx->conf_path,
+                            CONFDB_DOMAIN_SUDO_PROVIDER, NULL, &provider);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to read from confdb [%d]: %s\n",
+                                     ret, strerror(ret)));
+        goto done;
+    }
+
+    if (!responder_enabled && provider == NULL) {
+        /* provider is not set explicitly */
+        DEBUG(SSSDBG_TRACE_FUNC,
+              ("SUDO is not listed in services, disabling SUDO module.\n"));
+        ret = ENOENT;
+        goto done;
+    }
+
+    if (!responder_enabled && provider != NULL
+            && strcmp(provider, NO_PROVIDER) != 0) {
+        /* provider is set but responder is disabled */
+        DEBUG(SSSDBG_MINOR_FAILURE, ("SUDO provider is set, but it is not "
+              "listed in active services. SUDO support will not work!\n"));
+        ret = EOK;
+        goto done;
+    }
+
+    ret = load_backend_module(be_ctx, BET_SUDO, &be_ctx->bet_info[BET_SUDO],
+                              be_ctx->bet_info[BET_ID].mod_name);
+
+done:
+    talloc_free(tmp_ctx);
+    return ret;
+}
+
 int be_process_init(TALLOC_CTX *mem_ctx,
                     const char *be_domain,
                     struct tevent_context *ev,
@@ -2187,9 +2252,7 @@ int be_process_init(TALLOC_CTX *mem_ctx,
                "from provider [%s].\n", ctx->bet_info[BET_CHPASS].mod_name));
     }
 
-    ret = load_backend_module(ctx, BET_SUDO,
-                              &ctx->bet_info[BET_SUDO],
-                              ctx->bet_info[BET_ID].mod_name);
+    ret = be_process_init_sudo(ctx);
     if (ret != EOK) {
         if (ret != ENOENT) {
             DEBUG(SSSDBG_FATAL_FAILURE,
-- 
1.7.6.5