diff options
author | Pavel Březina <pbrezina@redhat.com> | 2015-11-10 11:34:14 +0100 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2015-12-15 16:27:08 +0100 |
commit | c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00 (patch) | |
tree | 20fb404e01530509307f82f1690dc11b423eaecc /src/providers/ldap/sdap_sudo_refresh.c | |
parent | 1ab2b07c71da6c19c3855e390d10156d598c06a2 (diff) | |
download | sssd-c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00.tar.gz sssd-c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00.tar.xz sssd-c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00.zip |
SUDO: do not imitate full refresh if usn is unknown in smart refresh
USN value should be always known now if at least one full refresh
was successful.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/providers/ldap/sdap_sudo_refresh.c')
-rw-r--r-- | src/providers/ldap/sdap_sudo_refresh.c | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/src/providers/ldap/sdap_sudo_refresh.c b/src/providers/ldap/sdap_sudo_refresh.c index 8c1323831..e3df8f1c5 100644 --- a/src/providers/ldap/sdap_sudo_refresh.c +++ b/src/providers/ldap/sdap_sudo_refresh.c @@ -182,7 +182,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, } if (!sudo_ctx->full_refresh_done - && (srv_opts == NULL || srv_opts->max_sudo_value == 0)) { + || srv_opts == NULL || srv_opts->max_sudo_value == NULL) { /* Perform full refresh first */ DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, " "waiting for full refresh!\n"); @@ -195,17 +195,11 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, /* Download all rules from LDAP that are newer than usn */ usn = srv_opts->max_sudo_value; - if (usn != NULL) { - search_filter = talloc_asprintf(state, - "(&(objectclass=%s)(%s>=%s)(!(%s=%s)))", - map[SDAP_OC_SUDORULE].name, - map[SDAP_AT_SUDO_USN].name, usn, - map[SDAP_AT_SUDO_USN].name, usn); - } else { - /* no valid USN value known */ - search_filter = talloc_asprintf(state, SDAP_SUDO_FILTER_CLASS, - map[SDAP_OC_SUDORULE].name); - } + search_filter = talloc_asprintf(state, + "(&(objectclass=%s)(%s>=%s)(!(%s=%s)))", + map[SDAP_OC_SUDORULE].name, + map[SDAP_AT_SUDO_USN].name, usn, + map[SDAP_AT_SUDO_USN].name, usn); if (search_filter == NULL) { ret = ENOMEM; goto immediately; @@ -215,7 +209,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, * sysdb_filter = NULL; */ DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules " - "(USN > %s)\n", (usn == NULL ? "0" : usn)); + "(USN > %s)\n", usn); subreq = sdap_sudo_refresh_send(state, sudo_ctx, search_filter, NULL); if (subreq == NULL) { |