sssd/0036-SUDO-remember-usn-as-number-instead-of-string.patch
2016-01-19 18:23:34 +01:00

179 lines
7.1 KiB
Diff

From 0d13927fc7b2daec06cdff379715318e1dc2e05b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 14 Jan 2016 12:23:37 +0100
Subject: [PATCH 36/49] SUDO: remember usn as number instead of string
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit f58ffb26aeaae0642a149643672fa59ec01a3a36)
---
src/providers/ipa/ipa_sudo_refresh.c | 14 +++++++-------
src/providers/ldap/sdap.h | 2 +-
src/providers/ldap/sdap_sudo_refresh.c | 12 ++++++------
src/providers/ldap/sdap_sudo_shared.c | 35 ++++++++++++++++++----------------
4 files changed, 33 insertions(+), 30 deletions(-)
diff --git a/src/providers/ipa/ipa_sudo_refresh.c b/src/providers/ipa/ipa_sudo_refresh.c
index 5934a8f1181250890ca57ac8d83e47ffdc445ea4..42137679c4bd2209b98d1d5223fd3ac71dc16b16 100644
--- a/src/providers/ipa/ipa_sudo_refresh.c
+++ b/src/providers/ipa/ipa_sudo_refresh.c
@@ -153,7 +153,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req;
char *cmdgroups_filter;
char *search_filter;
- const char *usn;
+ unsigned long usn;
errno_t ret;
req = tevent_req_create(mem_ctx, &state,
@@ -164,15 +164,15 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
}
/* Download all rules from LDAP that are newer than usn */
- if (srv_opts == NULL || srv_opts->max_sudo_value == NULL) {
- DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, ssuming zero.\n");
- usn = "0";
+ if (srv_opts == NULL || srv_opts->max_sudo_value == 0) {
+ DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n");
+ usn = 0;
} else {
usn = srv_opts->max_sudo_value;
}
cmdgroups_filter = talloc_asprintf(state,
- "(&(%s>=%s)(!(%s=%s)))",
+ "(&(%s>=%lu)(!(%s=%lu)))",
sudo_ctx->sudocmdgroup_map[IPA_AT_SUDOCMDGROUP_ENTRYUSN].name, usn,
sudo_ctx->sudocmdgroup_map[IPA_AT_SUDOCMDGROUP_ENTRYUSN].name, usn);
if (cmdgroups_filter == NULL) {
@@ -181,7 +181,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
}
search_filter = talloc_asprintf(state,
- "(&(%s>=%s)(!(%s=%s)))",
+ "(&(%s>=%lu)(!(%s=%lu)))",
sudo_ctx->sudorule_map[IPA_AT_SUDORULE_ENTRYUSN].name, usn,
sudo_ctx->sudorule_map[IPA_AT_SUDORULE_ENTRYUSN].name, usn);
if (search_filter == NULL) {
@@ -192,7 +192,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
/* Do not remove any rules that are already in the sysdb. */
DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules "
- "(USN > %s)\n", usn);
+ "(USN > %lu)\n", usn);
subreq = ipa_sudo_refresh_send(state, ev, sudo_ctx, cmdgroups_filter,
search_filter, NULL);
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index edfbf229b4c4396592020de931eba5f83a8f06ed..d7a299220414f2cf9d80de9921b6a5ec49e5793b 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -460,7 +460,7 @@ struct sdap_server_opts {
char *max_user_value;
char *max_group_value;
char *max_service_value;
- char *max_sudo_value;
+ unsigned long max_sudo_value;
bool posix_checked;
};
diff --git a/src/providers/ldap/sdap_sudo_refresh.c b/src/providers/ldap/sdap_sudo_refresh.c
index 61f24efa11da05d75bc31ea4ea3b150b2f9857f8..ff00fd037430f9a7ce62624184faa53288e581e4 100644
--- a/src/providers/ldap/sdap_sudo_refresh.c
+++ b/src/providers/ldap/sdap_sudo_refresh.c
@@ -167,7 +167,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
struct sdap_server_opts *srv_opts = id_ctx->srv_opts;
struct sdap_sudo_smart_refresh_state *state = NULL;
char *search_filter = NULL;
- const char *usn;
+ unsigned long usn;
int ret;
req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_smart_refresh_state);
@@ -180,15 +180,15 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
state->sysdb = id_ctx->be->domain->sysdb;
/* Download all rules from LDAP that are newer than usn */
- if (srv_opts == NULL || srv_opts->max_sudo_value == NULL) {
- DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, ssuming zero.\n");
- usn = "0";
+ if (srv_opts == NULL || srv_opts->max_sudo_value == 0) {
+ DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n");
+ usn = 0;
} else {
usn = srv_opts->max_sudo_value;
}
search_filter = talloc_asprintf(state,
- "(&(objectclass=%s)(%s>=%s)(!(%s=%s)))",
+ "(&(objectclass=%s)(%s>=%lu)(!(%s=%lu)))",
map[SDAP_OC_SUDORULE].name,
map[SDAP_AT_SUDO_USN].name, usn,
map[SDAP_AT_SUDO_USN].name, usn);
@@ -201,7 +201,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
* sysdb_filter = NULL; */
DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules "
- "(USN > %s)\n", usn);
+ "(USN > %lu)\n", usn);
subreq = sdap_sudo_refresh_send(state, sudo_ctx, search_filter, NULL);
if (subreq == NULL) {
diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c
index 9e9574b7c641f52bd54989172ad7b6ccfd04b13f..72f55e14baa8f8cf896205fb20f14d5f446cfb0a 100644
--- a/src/providers/ldap/sdap_sudo_shared.c
+++ b/src/providers/ldap/sdap_sudo_shared.c
@@ -126,7 +126,7 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts,
{
unsigned int usn_number;
char *endptr = NULL;
- char *newusn;
+ errno_t ret;
if (srv_opts == NULL) {
DEBUG(SSSDBG_TRACE_FUNC, "Bug: srv_opts is NULL\n");
@@ -138,23 +138,26 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts,
return;
}
- if (sysdb_compare_usn(usn, srv_opts->max_sudo_value) > 0) {
- newusn = talloc_strdup(srv_opts, usn);
- if (newusn == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup() failed\n");
- return;
- }
-
- talloc_zfree(srv_opts->max_sudo_value);
- srv_opts->max_sudo_value = newusn;
- }
-
+ errno = 0;
usn_number = strtoul(usn, &endptr, 10);
- if ((endptr == NULL || (*endptr == '\0' && endptr != usn))
- && (usn_number > srv_opts->last_usn)) {
- srv_opts->last_usn = usn_number;
+ if (endptr != NULL && *endptr != '\0') {
+ DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s\n", usn);
+ return;
+ } else if (errno != 0) {
+ ret = errno;
+ DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n",
+ usn, ret, sss_strerror(ret));
+ return;
}
- DEBUG(SSSDBG_FUNC_DATA, "SUDO higher USN value: [%s]\n",
+ if (usn_number > srv_opts->max_sudo_value) {
+ srv_opts->max_sudo_value = usn_number;
+ }
+
+ if (usn_number > srv_opts->last_usn) {
+ srv_opts->last_usn = usn_number;
+ }
+
+ DEBUG(SSSDBG_FUNC_DATA, "SUDO higher USN value: [%lu]\n",
srv_opts->max_sudo_value);
}
--
2.5.0