From 52e3ee5c5ff2c5a4341041826a803ad42d2b2de7 Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Wed, 29 Jul 2015 14:51:30 +0200
Subject: sudo: use "higher value wins" when ordering rules

This commit changes the default ordering logic (lower value wins) to
a correct one that is used by native ldap support. It also adds a new
option sudo_inverse_order to switch to the original SSSD (incorrect)
behaviour if needed.

Resolves:
https://fedorahosted.org/sssd/ticket/2682

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/confdb/confdb.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/confdb')

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index df454337a..9aa264899 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -124,6 +124,8 @@
 #define CONFDB_DEFAULT_SUDO_CACHE_TIMEOUT 180
 #define CONFDB_SUDO_TIMED "sudo_timed"
 #define CONFDB_DEFAULT_SUDO_TIMED false
+#define CONFDB_SUDO_INVERSE_ORDER "sudo_inverse_order"
+#define CONFDB_DEFAULT_SUDO_INVERSE_ORDER false
 
 /* autofs */
 #define CONFDB_AUTOFS_CONF_ENTRY "config/autofs"
-- 
cgit