diff -up sudo-1.8.6p7/configure.in.ipahostname sudo-1.8.6p7/configure.in

--- sudo-1.8.6p7/configure.in.ipahostname	2014-09-29 11:14:38.393846226 +0200

+++ sudo-1.8.6p7/configure.in	2014-09-29 11:14:38.428845807 +0200

@@ -309,7 +309,7 @@ dnl Handle SSSD support.

 dnl

 AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],

 [case $with_sssd in

-    yes)	SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"

+    yes)	SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo ipa_hostname.lo"

 		AC_DEFINE(HAVE_SSSD)

 		;;

     no)		;;

diff -up sudo-1.8.6p7/plugins/sudoers/ipa_hostname.c.ipahostname sudo-1.8.6p7/plugins/sudoers/ipa_hostname.c

--- sudo-1.8.6p7/plugins/sudoers/ipa_hostname.c.ipahostname	2014-09-29 11:14:38.429845795 +0200

+++ sudo-1.8.6p7/plugins/sudoers/ipa_hostname.c	2014-09-29 11:14:38.429845795 +0200

@@ -0,0 +1,88 @@

+/*

+ * Copyright 2013 Red Hat Inc., Durham, North Carolina.

+ * All Rights Reserved.

+ *

+ * This library is free software; you can redistribute it and/or

+ * modify it under the terms of the GNU Lesser General Public

+ * License as published by the Free Software Foundation; either

+ * version 2.1 of the License, or (at your option) any later version.

+ *

+ * This library is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+ * Lesser General Public License for more details.

+ *

+ * You should have received a copy of the GNU Lesser General Public

+ * License along with this library; if not, write to the Free Software

+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

+ *

+ * Authors:

+ *      Daniel Kopecek <dkopecek@redhat.com>

+ */

+#define _GNU_SOURCE

+#include <stdio.h>

+#include <stdlib.h>

+#include <resolv.h>

+#include <string.h>

+#include <ctype.h>

+

+static const char *sssd_conf_path = "/etc/sssd/sssd.conf";

+

+char *ipa_hostname(void)

+{

+	static char hname[MAXHOSTNAMELEN+1];

+	size_t hname_len = 0;

+	char *line = NULL;

+	ssize_t line_len = 0;

+	size_t line_buflen = 0;

+	FILE *fp;

+

+	if ((fp = fopen(sssd_conf_path, "r")) == NULL)

+		return NULL;

+	while ((line_len = getline(&line, &line_buflen, fp)) > 0) {

+		char *keyword_loc;

+		if ((keyword_loc = strstr(line, "ipa_hostname")) != NULL) {

+			size_t i;

+			char *value_loc;

+			size_t value_len;

+

+			value_loc = keyword_loc + strlen("ipa_hostname") + 1;

+			value_len = line_len - (size_t)(value_loc - line);

+

+			/* Skip spaces and the assignment operator */

+			for (i = 0; i < value_len; ++i) {

+				if (isspace(value_loc[i]) || value_loc[i] == '=') {

+					continue;

+				} else {

+					break;

+				}

+			}

+

+			value_loc += i;

+			value_len -= i;

+

+			if (value_len <= MAXHOSTNAMELEN) {

+				memcpy(hname, value_loc, value_len * sizeof(char));

+				free(line);

+				fclose(fp);

+				hname_len = value_len;

+				hname[hname_len] = '\0';

+				/* Remove spaces from the end of the string */

+				for (i = hname_len - 1; i > 0; --i) {

+					if (isspace(hname[i])) {

+						hname[i] = '\0';

+						--hname_len;

+					} else {

+						break;

+					}

+				}

+				return hname;

+			}

+		}

+		free(line);

+		line = NULL;

+	}

+

+	fclose(fp);

+	return NULL;

+}

diff -up sudo-1.8.6p7/plugins/sudoers/ipa_hostname.h.ipahostname sudo-1.8.6p7/plugins/sudoers/ipa_hostname.h

--- sudo-1.8.6p7/plugins/sudoers/ipa_hostname.h.ipahostname	2014-09-29 11:14:38.429845795 +0200

+++ sudo-1.8.6p7/plugins/sudoers/ipa_hostname.h	2014-09-29 11:14:38.429845795 +0200

@@ -0,0 +1,27 @@

+/*

+ * Copyright 2013 Red Hat Inc., Durham, North Carolina.

+ * All Rights Reserved.

+ *

+ * This library is free software; you can redistribute it and/or

+ * modify it under the terms of the GNU Lesser General Public

+ * License as published by the Free Software Foundation; either

+ * version 2.1 of the License, or (at your option) any later version.

+ *

+ * This library is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+ * Lesser General Public License for more details.

+ *

+ * You should have received a copy of the GNU Lesser General Public

+ * License along with this library; if not, write to the Free Software

+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

+ *

+ * Authors:

+ *      Daniel Kopecek <dkopecek@redhat.com>

+ */

+#ifndef _IPA_HOSTNAME_H_

+#define _IPA_HOSTNAME_H_

+

+char *ipa_hostname(void);

+

+#endif /* _IPA_HOSTNAME_H_ */

diff -up sudo-1.8.6p7/plugins/sudoers/Makefile.in.ipahostname sudo-1.8.6p7/plugins/sudoers/Makefile.in

--- sudo-1.8.6p7/plugins/sudoers/Makefile.in.ipahostname	2014-09-29 11:14:38.429845795 +0200

+++ sudo-1.8.6p7/plugins/sudoers/Makefile.in	2014-09-29 11:16:54.923210160 +0200

@@ -728,6 +728,9 @@ sia.lo: $(authdir)/sia.c $(top_builddir)

         $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \

         $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h

 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/sia.c

+ipa_hostname.lo: $(srcdir)/ipa_hostname.c $(srcdir)/ipa_hostname.h

+	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/ipa_hostname.c

+

 sssd.lo: $(srcdir)/sssd.c $(top_builddir)/config.h \

          $(top_srcdir)/compat/dlfcn.h $(srcdir)/sudoers.h \

          $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \

diff -up sudo-1.8.6p7/plugins/sudoers/sssd.c.ipahostname sudo-1.8.6p7/plugins/sudoers/sssd.c

--- sudo-1.8.6p7/plugins/sudoers/sssd.c.ipahostname	2014-09-29 11:14:38.424845855 +0200

+++ sudo-1.8.6p7/plugins/sudoers/sssd.c	2014-09-29 11:14:38.429845795 +0200

@@ -60,6 +60,7 @@

 #include "parse.h"

 #include "lbuf.h"

 #include "sudo_debug.h"

+#include "ipa_hostname.h"

 /* SSSD <--> SUDO interface - do not change */

 struct sss_sudo_attr {

@@ -549,6 +550,24 @@ sudo_sss_check_runas(struct sudo_sss_han

     debug_return_bool(ret);

 }

+static bool sudo_sss_ipa_hostname_matches(const char *hostname_val)

+{

+	bool ret = false;

+	char *ipa_hostname_val;

+	debug_decl(sudo_sss_ipa_hostname_matches, SUDO_DEBUG_SSSD)

+

+	if ((ipa_hostname_val = ipa_hostname()) != NULL) {

+		ret = hostname_matches(ipa_hostname_val, ipa_hostname_val, hostname_val) || \

+		      netgr_matches(hostname_val, ipa_hostname_val, ipa_hostname_val, NULL);

+	}

+

+	sudo_debug_printf(SUDO_DEBUG_TRACE, "IPA hostname (%s) matches %s => %s",

+	                  ipa_hostname_val ? ipa_hostname_val : "<none>", hostname_val,

+	                  ret ? "true" : "false");

+

+	debug_return_bool(ret);

+}

+

 static bool

 sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)

 {

@@ -580,6 +599,7 @@ sudo_sss_check_host(struct sudo_sss_hand

 	/* match any or address or netgroup or hostname */

 	if (!strcmp(val, "ALL") || addr_matches(val) ||

+	    sudo_sss_ipa_hostname_matches(val) ||

 	    netgr_matches(val, user_host, user_shost, NULL) ||

 	    hostname_matches(user_shost, user_host, val))

 	    ret = true;