SUDO: do not imitate full refresh if usn is unknown in smart refresh

USN value should be always known now if at least one full refresh was successful. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
author: Pavel Březina <pbrezina@redhat.com> 2015-11-10 11:34:14 +0100
committer: Lukas Slebodnik <lslebodn@redhat.com> 2015-12-15 16:27:08 +0100
commit: c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00 (patch)
tree: 20fb404e01530509307f82f1690dc11b423eaecc /src/providers/ldap/sdap_sudo_refresh.c
parent: 1ab2b07c71da6c19c3855e390d10156d598c06a2 (diff)
download: sssd-c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00.tar.gz
sssd-c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00.tar.xz
sssd-c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00.zip
1 files changed, 7 insertions, 13 deletions
diff --git a/src/providers/ldap/sdap_sudo_refresh.c b/src/providers/ldap/sdap_sudo_refresh.c
index 8c1323831..e3df8f1c5 100644
--- a/src/providers/ldap/sdap_sudo_refresh.c
+++ b/src/providers/ldap/sdap_sudo_refresh.c
@@ -182,7 +182,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
     }
 
     if (!sudo_ctx->full_refresh_done
-            && (srv_opts == NULL || srv_opts->max_sudo_value == 0)) {
+            || srv_opts == NULL || srv_opts->max_sudo_value == NULL) {
         /* Perform full refresh first */
         DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, "
                                  "waiting for full refresh!\n");
@@ -195,17 +195,11 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
 
     /* Download all rules from LDAP that are newer than usn */
     usn = srv_opts->max_sudo_value;
-    if (usn != NULL) {
-        search_filter = talloc_asprintf(state,
-                                        "(&(objectclass=%s)(%s>=%s)(!(%s=%s)))",
-                                        map[SDAP_OC_SUDORULE].name,
-                                        map[SDAP_AT_SUDO_USN].name, usn,
-                                        map[SDAP_AT_SUDO_USN].name, usn);
-    } else {
-        /* no valid USN value known */
-        search_filter = talloc_asprintf(state, SDAP_SUDO_FILTER_CLASS,
-                                        map[SDAP_OC_SUDORULE].name);
-    }
+    search_filter = talloc_asprintf(state,
+                                    "(&(objectclass=%s)(%s>=%s)(!(%s=%s)))",
+                                    map[SDAP_OC_SUDORULE].name,
+                                    map[SDAP_AT_SUDO_USN].name, usn,
+                                    map[SDAP_AT_SUDO_USN].name, usn);
     if (search_filter == NULL) {
         ret = ENOMEM;
         goto immediately;
@@ -215,7 +209,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
      * sysdb_filter = NULL; */
 
     DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules "
-                             "(USN > %s)\n", (usn == NULL ? "0" : usn));
+                             "(USN > %s)\n", usn);
 
     subreq = sdap_sudo_refresh_send(state, sudo_ctx, search_filter, NULL);
     if (subreq == NULL) {
author	Pavel Březina <pbrezina@redhat.com>	2015-11-10 11:34:14 +0100
committer	Lukas Slebodnik <lslebodn@redhat.com>	2015-12-15 16:27:08 +0100
commit	c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00 (patch)
tree	20fb404e01530509307f82f1690dc11b423eaecc /src/providers/ldap/sdap_sudo_refresh.c
parent	1ab2b07c71da6c19c3855e390d10156d598c06a2 (diff)
download	sssd-c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00.tar.gz sssd-c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00.tar.xz sssd-c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00.zip