SUDO: remember usn as number instead of string

Reviewed-by: Sumit Bose <sbose@redhat.com>
author: Pavel Březina <pbrezina@redhat.com> 2016-01-14 12:23:37 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2016-01-19 14:33:56 +0100
commit: f58ffb26aeaae0642a149643672fa59ec01a3a36 (patch)
tree: 01ed61f7beaf119385f3d3cb3f7b7bd9fcb1d6f2
parent: 8da71a9d5eebe7690b66fde8bfad195d5e3cc629 (diff)
download: sssd-f58ffb26aeaae0642a149643672fa59ec01a3a36.tar.gz
sssd-f58ffb26aeaae0642a149643672fa59ec01a3a36.tar.xz
sssd-f58ffb26aeaae0642a149643672fa59ec01a3a36.zip
4 files changed, 31 insertions, 28 deletions
diff --git a/src/providers/ipa/ipa_sudo_refresh.c b/src/providers/ipa/ipa_sudo_refresh.c
index 5934a8f11..42137679c 100644
--- a/src/providers/ipa/ipa_sudo_refresh.c
+++ b/src/providers/ipa/ipa_sudo_refresh.c
@@ -153,7 +153,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
     struct tevent_req *req;
     char *cmdgroups_filter;
     char *search_filter;
-    const char *usn;
+    unsigned long usn;
     errno_t ret;
 
     req = tevent_req_create(mem_ctx, &state,
@@ -164,15 +164,15 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
     }
 
     /* Download all rules from LDAP that are newer than usn */
-    if (srv_opts == NULL || srv_opts->max_sudo_value == NULL) {
-        DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, ssuming zero.\n");
-        usn = "0";
+    if (srv_opts == NULL || srv_opts->max_sudo_value == 0) {
+        DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n");
+        usn = 0;
     } else {
         usn = srv_opts->max_sudo_value;
     }
 
     cmdgroups_filter = talloc_asprintf(state,
-            "(&(%s>=%s)(!(%s=%s)))",
+            "(&(%s>=%lu)(!(%s=%lu)))",
             sudo_ctx->sudocmdgroup_map[IPA_AT_SUDOCMDGROUP_ENTRYUSN].name, usn,
             sudo_ctx->sudocmdgroup_map[IPA_AT_SUDOCMDGROUP_ENTRYUSN].name, usn);
     if (cmdgroups_filter == NULL) {
@@ -181,7 +181,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
     }
 
     search_filter = talloc_asprintf(state,
-        "(&(%s>=%s)(!(%s=%s)))",
+        "(&(%s>=%lu)(!(%s=%lu)))",
         sudo_ctx->sudorule_map[IPA_AT_SUDORULE_ENTRYUSN].name, usn,
         sudo_ctx->sudorule_map[IPA_AT_SUDORULE_ENTRYUSN].name, usn);
     if (search_filter == NULL) {
@@ -192,7 +192,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
     /* Do not remove any rules that are already in the sysdb. */
 
     DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules "
-                             "(USN > %s)\n", usn);
+                             "(USN > %lu)\n", usn);
 
     subreq = ipa_sudo_refresh_send(state, ev, sudo_ctx, cmdgroups_filter,
                                    search_filter, NULL);
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index edfbf229b..d7a299220 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -460,7 +460,7 @@ struct sdap_server_opts {
     char *max_user_value;
     char *max_group_value;
     char *max_service_value;
-    char *max_sudo_value;
+    unsigned long max_sudo_value;
     bool posix_checked;
 };
 
diff --git a/src/providers/ldap/sdap_sudo_refresh.c b/src/providers/ldap/sdap_sudo_refresh.c
index 61f24efa1..ff00fd037 100644
--- a/src/providers/ldap/sdap_sudo_refresh.c
+++ b/src/providers/ldap/sdap_sudo_refresh.c
@@ -167,7 +167,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
     struct sdap_server_opts *srv_opts = id_ctx->srv_opts;
     struct sdap_sudo_smart_refresh_state *state = NULL;
     char *search_filter = NULL;
-    const char *usn;
+    unsigned long usn;
     int ret;
 
     req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_smart_refresh_state);
@@ -180,15 +180,15 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
     state->sysdb = id_ctx->be->domain->sysdb;
 
     /* Download all rules from LDAP that are newer than usn */
-    if (srv_opts == NULL || srv_opts->max_sudo_value == NULL) {
-        DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, ssuming zero.\n");
-        usn = "0";
+    if (srv_opts == NULL || srv_opts->max_sudo_value == 0) {
+        DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n");
+        usn = 0;
     } else {
         usn = srv_opts->max_sudo_value;
     }
 
     search_filter = talloc_asprintf(state,
-                                    "(&(objectclass=%s)(%s>=%s)(!(%s=%s)))",
+                                    "(&(objectclass=%s)(%s>=%lu)(!(%s=%lu)))",
                                     map[SDAP_OC_SUDORULE].name,
                                     map[SDAP_AT_SUDO_USN].name, usn,
                                     map[SDAP_AT_SUDO_USN].name, usn);
@@ -201,7 +201,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
      * sysdb_filter = NULL; */
 
     DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules "
-                             "(USN > %s)\n", usn);
+                             "(USN > %lu)\n", usn);
 
     subreq = sdap_sudo_refresh_send(state, sudo_ctx, search_filter, NULL);
     if (subreq == NULL) {
diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c
index 9e9574b7c..72f55e14b 100644
--- a/src/providers/ldap/sdap_sudo_shared.c
+++ b/src/providers/ldap/sdap_sudo_shared.c
@@ -126,7 +126,7 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts,
 {
     unsigned int usn_number;
     char *endptr = NULL;
-    char *newusn;
+    errno_t ret;
 
     if (srv_opts == NULL) {
         DEBUG(SSSDBG_TRACE_FUNC, "Bug: srv_opts is NULL\n");
@@ -138,23 +138,26 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts,
         return;
     }
 
-    if (sysdb_compare_usn(usn, srv_opts->max_sudo_value) > 0) {
-        newusn = talloc_strdup(srv_opts, usn);
-        if (newusn == NULL) {
-            DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup() failed\n");
-            return;
-        }
+    errno = 0;
+    usn_number = strtoul(usn, &endptr, 10);
+    if (endptr != NULL && *endptr != '\0') {
+        DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s\n", usn);
+        return;
+    } else if (errno != 0) {
+        ret = errno;
+        DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n",
+              usn, ret, sss_strerror(ret));
+        return;
+    }
 
-        talloc_zfree(srv_opts->max_sudo_value);
-        srv_opts->max_sudo_value = newusn;
+    if (usn_number > srv_opts->max_sudo_value) {
+        srv_opts->max_sudo_value = usn_number;
     }
 
-    usn_number = strtoul(usn, &endptr, 10);
-    if ((endptr == NULL || (*endptr == '\0' && endptr != usn))
-         && (usn_number > srv_opts->last_usn)) {
-         srv_opts->last_usn = usn_number;
+    if (usn_number > srv_opts->last_usn) {
+        srv_opts->last_usn = usn_number;
     }
 
-    DEBUG(SSSDBG_FUNC_DATA, "SUDO higher USN value: [%s]\n",
+    DEBUG(SSSDBG_FUNC_DATA, "SUDO higher USN value: [%lu]\n",
                              srv_opts->max_sudo_value);
 }
author	Pavel Březina <pbrezina@redhat.com>	2016-01-14 12:23:37 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2016-01-19 14:33:56 +0100
commit	f58ffb26aeaae0642a149643672fa59ec01a3a36 (patch)
tree	01ed61f7beaf119385f3d3cb3f7b7bd9fcb1d6f2
parent	8da71a9d5eebe7690b66fde8bfad195d5e3cc629 (diff)
download	sssd-f58ffb26aeaae0642a149643672fa59ec01a3a36.tar.gz sssd-f58ffb26aeaae0642a149643672fa59ec01a3a36.tar.xz sssd-f58ffb26aeaae0642a149643672fa59ec01a3a36.zip