From 318bdcab400cbe714115e945d016c81037eef18c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 18 Dec 2015 12:34:21 +0100 Subject: [PATCH 29/49] IPA SUDO: Remember USN Reviewed-by: Sumit Bose (cherry picked from commit d06cc0974e59cd6cf1da45cc8c60d6e822b731c2) --- src/providers/ipa/ipa_sudo_async.c | 50 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/src/providers/ipa/ipa_sudo_async.c b/src/providers/ipa/ipa_sudo_async.c index cea85cdbfc21598164557b70a7055fd4b786ba8a..d52b97da17337b224c4be4b4fb65b0a99000e4b6 100644 --- a/src/providers/ipa/ipa_sudo_async.c +++ b/src/providers/ipa/ipa_sudo_async.c @@ -23,6 +23,7 @@ #include #include "providers/ldap/sdap_ops.h" +#include "providers/ldap/sdap_sudo_shared.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_hosts.h" #include "providers/ipa/ipa_sudo.h" @@ -133,6 +134,32 @@ fail: return NULL; } +static errno_t +ipa_sudo_highest_usn(TALLOC_CTX *mem_ctx, + struct sysdb_attrs **attrs, + size_t num_attrs, + char **current_usn) +{ + errno_t ret; + char *usn; + + ret = sysdb_get_highest_usn(mem_ctx, attrs, num_attrs, &usn); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to get highest USN [%d]: %s\n", + ret, sss_strerror(ret)); + return ret; + } + + if (sysdb_compare_usn(usn, *current_usn) > 0) { + talloc_free(*current_usn); + *current_usn = usn; + return EOK; + } + + talloc_free(usn); + return EOK; +} + struct ipa_sudo_fetch_state { struct tevent_context *ev; struct sysdb_ctx *sysdb; @@ -150,6 +177,7 @@ struct ipa_sudo_fetch_state { struct ipa_sudo_conv *conv; struct sysdb_attrs **rules; size_t num_rules; + char *usn; }; static errno_t ipa_sudo_fetch_rules(struct tevent_req *req); @@ -292,6 +320,11 @@ ipa_sudo_fetch_rules_done(struct tevent_req *subreq) goto done; } + ret = ipa_sudo_highest_usn(state, attrs, num_attrs, &state->usn); + if (ret != EOK) { + goto done; + } + ret = ipa_sudo_fetch_cmdgroups(req); done: @@ -366,6 +399,11 @@ ipa_sudo_fetch_cmdgroups_done(struct tevent_req *subreq) goto done; } + ret = ipa_sudo_highest_usn(state, attrs, num_attrs, &state->usn); + if (ret != EOK) { + goto done; + } + ret = ipa_sudo_fetch_cmds(req); done: @@ -482,7 +520,8 @@ static errno_t ipa_sudo_fetch_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct sysdb_attrs ***_rules, - size_t *_num_rules) + size_t *_num_rules, + char **_usn) { struct ipa_sudo_fetch_state *state = NULL; state = tevent_req_data(req, struct ipa_sudo_fetch_state); @@ -491,6 +530,7 @@ ipa_sudo_fetch_recv(TALLOC_CTX *mem_ctx, *_rules = talloc_steal(mem_ctx, state->rules); *_num_rules = state->num_rules; + *_usn = talloc_steal(mem_ctx, state->usn); return EOK; } @@ -697,6 +737,7 @@ ipa_sudo_refresh_done(struct tevent_req *subreq) { struct ipa_sudo_refresh_state *state; struct tevent_req *req; + char *usn = NULL; bool in_transaction = false; errno_t sret; int ret; @@ -704,7 +745,8 @@ ipa_sudo_refresh_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ipa_sudo_refresh_state); - ret = ipa_sudo_fetch_recv(state, subreq, &state->rules, &state->num_rules); + ret = ipa_sudo_fetch_recv(state, subreq, &state->rules, + &state->num_rules, &usn); talloc_zfree(subreq); ret = sdap_id_op_done(state->sdap_op, ret, &state->dp_error); @@ -745,6 +787,10 @@ ipa_sudo_refresh_done(struct tevent_req *subreq) } in_transaction = false; + if (usn != NULL) { + sdap_sudo_set_usn(state->sudo_ctx->id_ctx->srv_opts, usn); + } + DEBUG(SSSDBG_TRACE_FUNC, "Sudo rules are successfully stored in cache\n"); done: -- 2.5.0