[SSSD] [sssd PR#103][opened] sudo: do not store usn if no rules are found

Mon, 05 Dec 2016 05:41:16 -0800 

   URL: https://github.com/SSSD/sssd/pull/103
Author: pbrezina
 Title: #103: sudo: do not store usn if no rules are found
Action: opened

PR body:
"""
When ldap doesn't contain any sudorule during the initial full refresh,
usn is set to 1 instead of remaining unset and we are trying to
search modifyTimestamp>=1 during smart refresh which doesn't return any result
on openldap servers.

How to test:
Run sssd with no rules in ldap. Without the patch,
full refresh stores usn=1 and smart refresh run
search usn>=1. With this patch no usn is stored
and smart refresh run generic request without
usn part.

Resolves:
https://fedorahosted.org/sssd/ticket/3257
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/103/head:pr103
git checkout pr103

From aa84d8e3ce2c83b08abcbff1726b16d289ed4c41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <[email protected]>
Date: Mon, 5 Dec 2016 14:37:41 +0100
Subject: [PATCH] sudo: do not store usn if no rules are found

When ldap doesn't contain any sudorule during the initial full refresh,
usn is set to 1 instead of remaining unset and we are trying to
search modifyTimestamp>=1 during smart refresh which doesn't return any result
on openldap servers.

Resolves:
https://fedorahosted.org/sssd/ticket/3257
---
 src/providers/ldap/sdap_sudo_shared.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c
index 8072260..66b7887 100644
--- a/src/providers/ldap/sdap_sudo_shared.c
+++ b/src/providers/ldap/sdap_sudo_shared.c
@@ -129,7 +129,7 @@ sdap_sudo_new_usn(TALLOC_CTX *mem_ctx,
     char *newusn;
 
     /* We increment USN number so that we can later use simplify filter
-     * (just usn >= last+1 instaed of usn >= last && usn != last).
+     * (just usn >= last+1 instead of usn >= last && usn != last).
      */
     usn++;
 
@@ -174,6 +174,13 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts,
         return;
     }
 
+    if (usn_number == 0) {
+        /* Zero means that there were no rules on the server, so we have
+         * nothing to store. */
+        DEBUG(SSSDBG_TRACE_FUNC, "SUDO USN value is empty.\n");
+        return;
+    }
+
     newusn = sdap_sudo_new_usn(srv_opts, usn_number, endptr);
     if (newusn == NULL) {
         return;

_______________________________________________
sssd-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to