From 0d13927fc7b2daec06cdff379715318e1dc2e05b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Thu, 14 Jan 2016 12:23:37 +0100 Subject: [PATCH 36/49] SUDO: remember usn as number instead of string Reviewed-by: Sumit Bose (cherry picked from commit f58ffb26aeaae0642a149643672fa59ec01a3a36) --- src/providers/ipa/ipa_sudo_refresh.c | 14 +++++++------- src/providers/ldap/sdap.h | 2 +- src/providers/ldap/sdap_sudo_refresh.c | 12 ++++++------ src/providers/ldap/sdap_sudo_shared.c | 35 ++++++++++++++++++---------------- 4 files changed, 33 insertions(+), 30 deletions(-) diff --git a/src/providers/ipa/ipa_sudo_refresh.c b/src/providers/ipa/ipa_sudo_refresh.c index 5934a8f1181250890ca57ac8d83e47ffdc445ea4..42137679c4bd2209b98d1d5223fd3ac71dc16b16 100644 --- a/src/providers/ipa/ipa_sudo_refresh.c +++ b/src/providers/ipa/ipa_sudo_refresh.c @@ -153,7 +153,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, struct tevent_req *req; char *cmdgroups_filter; char *search_filter; - const char *usn; + unsigned long usn; errno_t ret; req = tevent_req_create(mem_ctx, &state, @@ -164,15 +164,15 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, } /* Download all rules from LDAP that are newer than usn */ - if (srv_opts == NULL || srv_opts->max_sudo_value == NULL) { - DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, ssuming zero.\n"); - usn = "0"; + if (srv_opts == NULL || srv_opts->max_sudo_value == 0) { + DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n"); + usn = 0; } else { usn = srv_opts->max_sudo_value; } cmdgroups_filter = talloc_asprintf(state, - "(&(%s>=%s)(!(%s=%s)))", + "(&(%s>=%lu)(!(%s=%lu)))", sudo_ctx->sudocmdgroup_map[IPA_AT_SUDOCMDGROUP_ENTRYUSN].name, usn, sudo_ctx->sudocmdgroup_map[IPA_AT_SUDOCMDGROUP_ENTRYUSN].name, usn); if (cmdgroups_filter == NULL) { @@ -181,7 +181,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, } search_filter = talloc_asprintf(state, - "(&(%s>=%s)(!(%s=%s)))", + "(&(%s>=%lu)(!(%s=%lu)))", sudo_ctx->sudorule_map[IPA_AT_SUDORULE_ENTRYUSN].name, usn, sudo_ctx->sudorule_map[IPA_AT_SUDORULE_ENTRYUSN].name, usn); if (search_filter == NULL) { @@ -192,7 +192,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, /* Do not remove any rules that are already in the sysdb. */ DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules " - "(USN > %s)\n", usn); + "(USN > %lu)\n", usn); subreq = ipa_sudo_refresh_send(state, ev, sudo_ctx, cmdgroups_filter, search_filter, NULL); diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index edfbf229b4c4396592020de931eba5f83a8f06ed..d7a299220414f2cf9d80de9921b6a5ec49e5793b 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -460,7 +460,7 @@ struct sdap_server_opts { char *max_user_value; char *max_group_value; char *max_service_value; - char *max_sudo_value; + unsigned long max_sudo_value; bool posix_checked; }; diff --git a/src/providers/ldap/sdap_sudo_refresh.c b/src/providers/ldap/sdap_sudo_refresh.c index 61f24efa11da05d75bc31ea4ea3b150b2f9857f8..ff00fd037430f9a7ce62624184faa53288e581e4 100644 --- a/src/providers/ldap/sdap_sudo_refresh.c +++ b/src/providers/ldap/sdap_sudo_refresh.c @@ -167,7 +167,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, struct sdap_server_opts *srv_opts = id_ctx->srv_opts; struct sdap_sudo_smart_refresh_state *state = NULL; char *search_filter = NULL; - const char *usn; + unsigned long usn; int ret; req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_smart_refresh_state); @@ -180,15 +180,15 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, state->sysdb = id_ctx->be->domain->sysdb; /* Download all rules from LDAP that are newer than usn */ - if (srv_opts == NULL || srv_opts->max_sudo_value == NULL) { - DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, ssuming zero.\n"); - usn = "0"; + if (srv_opts == NULL || srv_opts->max_sudo_value == 0) { + DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n"); + usn = 0; } else { usn = srv_opts->max_sudo_value; } search_filter = talloc_asprintf(state, - "(&(objectclass=%s)(%s>=%s)(!(%s=%s)))", + "(&(objectclass=%s)(%s>=%lu)(!(%s=%lu)))", map[SDAP_OC_SUDORULE].name, map[SDAP_AT_SUDO_USN].name, usn, map[SDAP_AT_SUDO_USN].name, usn); @@ -201,7 +201,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, * sysdb_filter = NULL; */ DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules " - "(USN > %s)\n", usn); + "(USN > %lu)\n", usn); subreq = sdap_sudo_refresh_send(state, sudo_ctx, search_filter, NULL); if (subreq == NULL) { diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c index 9e9574b7c641f52bd54989172ad7b6ccfd04b13f..72f55e14baa8f8cf896205fb20f14d5f446cfb0a 100644 --- a/src/providers/ldap/sdap_sudo_shared.c +++ b/src/providers/ldap/sdap_sudo_shared.c @@ -126,7 +126,7 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, { unsigned int usn_number; char *endptr = NULL; - char *newusn; + errno_t ret; if (srv_opts == NULL) { DEBUG(SSSDBG_TRACE_FUNC, "Bug: srv_opts is NULL\n"); @@ -138,23 +138,26 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, return; } - if (sysdb_compare_usn(usn, srv_opts->max_sudo_value) > 0) { - newusn = talloc_strdup(srv_opts, usn); - if (newusn == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup() failed\n"); - return; - } - - talloc_zfree(srv_opts->max_sudo_value); - srv_opts->max_sudo_value = newusn; - } - + errno = 0; usn_number = strtoul(usn, &endptr, 10); - if ((endptr == NULL || (*endptr == '\0' && endptr != usn)) - && (usn_number > srv_opts->last_usn)) { - srv_opts->last_usn = usn_number; + if (endptr != NULL && *endptr != '\0') { + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s\n", usn); + return; + } else if (errno != 0) { + ret = errno; + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n", + usn, ret, sss_strerror(ret)); + return; } - DEBUG(SSSDBG_FUNC_DATA, "SUDO higher USN value: [%s]\n", + if (usn_number > srv_opts->max_sudo_value) { + srv_opts->max_sudo_value = usn_number; + } + + if (usn_number > srv_opts->last_usn) { + srv_opts->last_usn = usn_number; + } + + DEBUG(SSSDBG_FUNC_DATA, "SUDO higher USN value: [%lu]\n", srv_opts->max_sudo_value); } -- 2.5.0