rpms / sssd

Clone
Source Code
GIT

Blame 0037-SUDO-simplify-usn-filter.patch

el5 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   881786d0177c206446baf52e37e497814b231a14
  2.   0037-SUDO-simplify-usn-filter.patch
Blob History Raw
d3b35fd 
From 7971fa6c5b1b2c12b3e42aad158429665189a300 Mon Sep 17 00:00:00 2001
d3b35fd 
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
d3b35fd 
Date: Thu, 14 Jan 2016 13:12:14 +0100
d3b35fd 
Subject: [PATCH 37/49] SUDO: simplify usn filter
d3b35fd
d3b35fd 
usn >= current && usn != currect is equivalent to usn >= current + 1
d3b35fd
d3b35fd 
Reviewed-by: Sumit Bose <sbose@redhat.com>
d3b35fd 
(cherry picked from commit 1476d5348fcf387e7481d833becbd993d91f8019)
d3b35fd 
---
d3b35fd 
 src/providers/ipa/ipa_sudo_refresh.c   | 10 +++-------
d3b35fd 
 src/providers/ldap/sdap_sudo_refresh.c |  6 ++----
d3b35fd 
 2 files changed, 5 insertions(+), 11 deletions(-)
d3b35fd
d3b35fd 
diff --git a/src/providers/ipa/ipa_sudo_refresh.c b/src/providers/ipa/ipa_sudo_refresh.c
d3b35fd 
index 42137679c4bd2209b98d1d5223fd3ac71dc16b16..7871802ef7462ce98f6ff43bc33da57ff123ff6f 100644
d3b35fd 
--- a/src/providers/ipa/ipa_sudo_refresh.c
d3b35fd 
+++ b/src/providers/ipa/ipa_sudo_refresh.c
d3b35fd 
@@ -168,21 +168,17 @@ ipa_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
d3b35fd 
         DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n");
d3b35fd 
         usn = 0;
d3b35fd 
     } else {
d3b35fd 
-        usn = srv_opts->max_sudo_value;
d3b35fd 
+        usn = srv_opts->max_sudo_value + 1;
d3b35fd 
     }
d3b35fd
d3b35fd 
-    cmdgroups_filter = talloc_asprintf(state,
d3b35fd 
-            "(&(%s>=%lu)(!(%s=%lu)))",
d3b35fd 
-            sudo_ctx->sudocmdgroup_map[IPA_AT_SUDOCMDGROUP_ENTRYUSN].name, usn,
d3b35fd 
+    cmdgroups_filter = talloc_asprintf(state, "(%s>=%lu)",
d3b35fd 
             sudo_ctx->sudocmdgroup_map[IPA_AT_SUDOCMDGROUP_ENTRYUSN].name, usn);
d3b35fd 
     if (cmdgroups_filter == NULL) {
d3b35fd 
         ret = ENOMEM;
d3b35fd 
         goto immediately;
d3b35fd 
     }
d3b35fd
d3b35fd 
-    search_filter = talloc_asprintf(state,
d3b35fd 
-        "(&(%s>=%lu)(!(%s=%lu)))",
d3b35fd 
-        sudo_ctx->sudorule_map[IPA_AT_SUDORULE_ENTRYUSN].name, usn,
d3b35fd 
+    search_filter = talloc_asprintf(state, "(%s>=%lu)",
d3b35fd 
         sudo_ctx->sudorule_map[IPA_AT_SUDORULE_ENTRYUSN].name, usn);
d3b35fd 
     if (search_filter == NULL) {
d3b35fd 
         ret = ENOMEM;
d3b35fd 
diff --git a/src/providers/ldap/sdap_sudo_refresh.c b/src/providers/ldap/sdap_sudo_refresh.c
d3b35fd 
index ff00fd037430f9a7ce62624184faa53288e581e4..5ba858019e0bda91a9e0919ed2b0345d9faf085e 100644
d3b35fd 
--- a/src/providers/ldap/sdap_sudo_refresh.c
d3b35fd 
+++ b/src/providers/ldap/sdap_sudo_refresh.c
d3b35fd 
@@ -184,13 +184,11 @@ struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
d3b35fd 
         DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n");
d3b35fd 
         usn = 0;
d3b35fd 
     } else {
d3b35fd 
-        usn = srv_opts->max_sudo_value;
d3b35fd 
+        usn = srv_opts->max_sudo_value + 1;
d3b35fd 
     }
d3b35fd
d3b35fd 
-    search_filter = talloc_asprintf(state,
d3b35fd 
-                                    "(&(objectclass=%s)(%s>=%lu)(!(%s=%lu)))",
d3b35fd 
+    search_filter = talloc_asprintf(state, "(&(objectclass=%s)(%s>=%lu))",
d3b35fd 
                                     map[SDAP_OC_SUDORULE].name,
d3b35fd 
-                                    map[SDAP_AT_SUDO_USN].name, usn,
d3b35fd 
                                     map[SDAP_AT_SUDO_USN].name, usn);
d3b35fd 
     if (search_filter == NULL) {
d3b35fd 
         ret = ENOMEM;
d3b35fd 
--
d3b35fd 
2.5.0
d3b35fd
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.