diff options
author | Pavel Březina <pbrezina@redhat.com> | 2016-01-14 12:23:37 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-01-19 14:33:56 +0100 |
commit | f58ffb26aeaae0642a149643672fa59ec01a3a36 (patch) | |
tree | 01ed61f7beaf119385f3d3cb3f7b7bd9fcb1d6f2 | |
parent | 8da71a9d5eebe7690b66fde8bfad195d5e3cc629 (diff) | |
download | sssd-f58ffb26aeaae0642a149643672fa59ec01a3a36.tar.gz sssd-f58ffb26aeaae0642a149643672fa59ec01a3a36.tar.xz sssd-f58ffb26aeaae0642a149643672fa59ec01a3a36.zip |
SUDO: remember usn as number instead of string
Reviewed-by: Sumit Bose <sbose@redhat.com>
-rw-r--r-- | src/providers/ipa/ipa_sudo_refresh.c | 14 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_sudo_refresh.c | 12 | ||||
-rw-r--r-- | src/providers/ldap/sdap_sudo_shared.c | 31 |
4 files changed, 31 insertions, 28 deletions
diff --git a/src/providers/ipa/ipa_sudo_refresh.c b/src/providers/ipa/ipa_sudo_refresh.c index 5934a8f11..42137679c 100644 --- a/src/providers/ipa/ipa_sudo_refresh.c +++ b/src/providers/ipa/ipa_sudo_refresh.c @@ -153,7 +153,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, struct tevent_req *req; char *cmdgroups_filter; char *search_filter; - const char *usn; + unsigned long usn; errno_t ret; req = tevent_req_create(mem_ctx, &state, @@ -164,15 +164,15 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, } /* Download all rules from LDAP that are newer than usn */ - if (srv_opts == NULL || srv_opts->max_sudo_value == NULL) { - DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, ssuming zero.\n"); - usn = "0"; + if (srv_opts == NULL || srv_opts->max_sudo_value == 0) { + DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n"); + usn = 0; } else { usn = srv_opts->max_sudo_value; } cmdgroups_filter = talloc_asprintf(state, - "(&(%s>=%s)(!(%s=%s)))", + "(&(%s>=%lu)(!(%s=%lu)))", sudo_ctx->sudocmdgroup_map[IPA_AT_SUDOCMDGROUP_ENTRYUSN].name, usn, sudo_ctx->sudocmdgroup_map[IPA_AT_SUDOCMDGROUP_ENTRYUSN].name, usn); if (cmdgroups_filter == NULL) { @@ -181,7 +181,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, } search_filter = talloc_asprintf(state, - "(&(%s>=%s)(!(%s=%s)))", + "(&(%s>=%lu)(!(%s=%lu)))", sudo_ctx->sudorule_map[IPA_AT_SUDORULE_ENTRYUSN].name, usn, sudo_ctx->sudorule_map[IPA_AT_SUDORULE_ENTRYUSN].name, usn); if (search_filter == NULL) { @@ -192,7 +192,7 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, /* Do not remove any rules that are already in the sysdb. */ DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules " - "(USN > %s)\n", usn); + "(USN > %lu)\n", usn); subreq = ipa_sudo_refresh_send(state, ev, sudo_ctx, cmdgroups_filter, search_filter, NULL); diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index edfbf229b..d7a299220 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -460,7 +460,7 @@ struct sdap_server_opts { char *max_user_value; char *max_group_value; char *max_service_value; - char *max_sudo_value; + unsigned long max_sudo_value; bool posix_checked; }; diff --git a/src/providers/ldap/sdap_sudo_refresh.c b/src/providers/ldap/sdap_sudo_refresh.c index 61f24efa1..ff00fd037 100644 --- a/src/providers/ldap/sdap_sudo_refresh.c +++ b/src/providers/ldap/sdap_sudo_refresh.c @@ -167,7 +167,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, struct sdap_server_opts *srv_opts = id_ctx->srv_opts; struct sdap_sudo_smart_refresh_state *state = NULL; char *search_filter = NULL; - const char *usn; + unsigned long usn; int ret; req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_smart_refresh_state); @@ -180,15 +180,15 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, state->sysdb = id_ctx->be->domain->sysdb; /* Download all rules from LDAP that are newer than usn */ - if (srv_opts == NULL || srv_opts->max_sudo_value == NULL) { - DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, ssuming zero.\n"); - usn = "0"; + if (srv_opts == NULL || srv_opts->max_sudo_value == 0) { + DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n"); + usn = 0; } else { usn = srv_opts->max_sudo_value; } search_filter = talloc_asprintf(state, - "(&(objectclass=%s)(%s>=%s)(!(%s=%s)))", + "(&(objectclass=%s)(%s>=%lu)(!(%s=%lu)))", map[SDAP_OC_SUDORULE].name, map[SDAP_AT_SUDO_USN].name, usn, map[SDAP_AT_SUDO_USN].name, usn); @@ -201,7 +201,7 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, * sysdb_filter = NULL; */ DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules " - "(USN > %s)\n", usn); + "(USN > %lu)\n", usn); subreq = sdap_sudo_refresh_send(state, sudo_ctx, search_filter, NULL); if (subreq == NULL) { diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c index 9e9574b7c..72f55e14b 100644 --- a/src/providers/ldap/sdap_sudo_shared.c +++ b/src/providers/ldap/sdap_sudo_shared.c @@ -126,7 +126,7 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, { unsigned int usn_number; char *endptr = NULL; - char *newusn; + errno_t ret; if (srv_opts == NULL) { DEBUG(SSSDBG_TRACE_FUNC, "Bug: srv_opts is NULL\n"); @@ -138,23 +138,26 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, return; } - if (sysdb_compare_usn(usn, srv_opts->max_sudo_value) > 0) { - newusn = talloc_strdup(srv_opts, usn); - if (newusn == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup() failed\n"); - return; - } + errno = 0; + usn_number = strtoul(usn, &endptr, 10); + if (endptr != NULL && *endptr != '\0') { + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s\n", usn); + return; + } else if (errno != 0) { + ret = errno; + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n", + usn, ret, sss_strerror(ret)); + return; + } - talloc_zfree(srv_opts->max_sudo_value); - srv_opts->max_sudo_value = newusn; + if (usn_number > srv_opts->max_sudo_value) { + srv_opts->max_sudo_value = usn_number; } - usn_number = strtoul(usn, &endptr, 10); - if ((endptr == NULL || (*endptr == '\0' && endptr != usn)) - && (usn_number > srv_opts->last_usn)) { - srv_opts->last_usn = usn_number; + if (usn_number > srv_opts->last_usn) { + srv_opts->last_usn = usn_number; } - DEBUG(SSSDBG_FUNC_DATA, "SUDO higher USN value: [%s]\n", + DEBUG(SSSDBG_FUNC_DATA, "SUDO higher USN value: [%lu]\n", srv_opts->max_sudo_value); } |