URL: https://github.com/SSSD/sssd/pull/886 Author: pbrezina Title: #886: sudo: get timezone information from previous value when constructing new usn Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/886/head:pr886 git checkout pr886
From 807ed3924a2ea2993d22193180d3a3011ca51347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Thu, 19 Sep 2019 11:15:29 +0200 Subject: [PATCH] sudo: get timezone information from previous value when constructing new usn Steps to reproduce: 1. Run sssd with openldap server 2. Set smart refresh interval to 1 second for faster testing 3. When no new rules are found, the timezone information is missing when creating new usn value > Issuing a smart refresh of sudo rules (USN >= 20190919090710) instead of > Issuing a smart refresh of sudo rules (USN >= 20190919090710Z) 4. As a consequnce, filter is incorrect when used with openldap server Resolves: https://pagure.io/SSSD/sssd/issue/4085 --- src/providers/ldap/sdap_sudo_shared.c | 40 +++++++++++++++++++++------ 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c index 6619b01363..4f09957ea4 100644 --- a/src/providers/ldap/sdap_sudo_shared.c +++ b/src/providers/ldap/sdap_sudo_shared.c @@ -171,7 +171,7 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, { unsigned long usn_number; char *newusn; - char *endptr = NULL; + char *timezone = NULL; errno_t ret; if (srv_opts == NULL) { @@ -184,20 +184,42 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, return; } - errno = 0; - usn_number = strtoul(usn, &endptr, 10); - if (errno != 0) { - ret = errno; - DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n", - usn, ret, sss_strerror(ret)); - return; + /* If usn == 0 it means that no new rules were found. We will use last known + * USN number as the new highest value. However, we need to get the timezone + * information in case this is a modify timestamp attribute instead of usn. + */ + if (!srv_opts->supports_usn && strcmp("0", usn) == 0) { + usn_number = 0; + + /* The value may not be defined yet. */ + if (srv_opts->max_sudo_value == NULL) { + timezone = NULL; + } else { + errno = 0; + strtoul(srv_opts->max_sudo_value, &timezone, 10); + if (errno != 0) { + ret = errno; + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n", + srv_opts->max_sudo_value, ret, sss_strerror(ret)); + return; + } + } + } else { + errno = 0; + usn_number = strtoul(usn, &timezone, 10); + if (errno != 0) { + ret = errno; + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n", + usn, ret, sss_strerror(ret)); + return; + } } if (usn_number > srv_opts->last_usn) { srv_opts->last_usn = usn_number; } - newusn = sdap_sudo_new_usn(srv_opts, srv_opts->last_usn, endptr, + newusn = sdap_sudo_new_usn(srv_opts, srv_opts->last_usn, timezone, srv_opts->supports_usn); if (newusn == NULL) { return;
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org