On Thu, Jul 30, 2015 at 01:05:56PM +0200, Pavel Březina wrote: > https://fedorahosted.org/sssd/ticket/2682 > > I think this option should stay undocumented since we want the users to use > the correct sorting logic.
I agree. > From db18a64109d9e49fa8bcdad14f412c6e7159137d Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> > Date: Wed, 29 Jul 2015 14:51:30 +0200 > Subject: [PATCH] sudo: use "higher value wins" when ordering rules > > This commit changes the default ordering logic (lower value wins) to > a correct one that is used by native ldap support. It also adds a new > option sudo_inverse_order to switch to the original SSSD (incorrect) > behaviour if needed. Did you already build a test RPM for the RHEL customer who reported the bug? If not, please do so and let them confirm the fix. One comment in the code: > @@ -680,7 +684,7 @@ static errno_t > sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx, > goto done; > } > > - ret = sort_sudo_rules(rules, count); > + ret = sort_sudo_rules(rules, count, inverse_order == false); This is unreadable to me, because == false passes true to the function. I would prefer: inverse_order ? false : true > if (ret != EOK) { > DEBUG(SSSDBG_OP_FAILURE, > "Could not sort rules by sudoOrder\n"); _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel