[SSSD] [sssd PR#806][comment] sudo: always use server highest usn for smart refresh

[pbrezina]

  URL: https://github.com/SSSD/sssd/pull/806
Title: #806: sudo: always use server highest usn for smart refresh

pbrezina commented:
"""
#### Old code
`srv_opts->max_sudo_value` contains the largest usn value from found sudo rule 
(i.e. possibly from ou=sudoers subtree).

```c {.line-numbers}
    errno = 0;
    usn_number = strtoul(usn, &endptr, 10);
    if (errno != 0) {
        ret = errno;
        DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n",
              usn, ret, sss_strerror(ret));
        return;
    }

    if (usn_number == 0) {
        /* Zero means that there were no rules on the server, so we have
         * nothing to store. */
        DEBUG(SSSDBG_TRACE_FUNC, "SUDO USN value is empty.\n");
        return;
    }

    newusn = sdap_sudo_new_usn(srv_opts, usn_number, endptr);
    if (newusn == NULL) {
        return;
    }

    /* NOTE: We compare largest value found in the search result with the 
latest value from previous result */
    if (sysdb_compare_usn(newusn, srv_opts->max_sudo_value) > 0) {
        talloc_zfree(srv_opts->max_sudo_value);
        srv_opts->max_sudo_value = newusn;
    } else {
        talloc_zfree(newusn);
    }

    /* Then we update last_usn if needed. */
    if (usn_number > srv_opts->last_usn) {
        srv_opts->last_usn = usn_number;
    }
```

#### New code
We always use `last_usn` regardless of what was returned in the search result.

```c {.line-numbers}
    errno = 0;
    usn_number = strtoul(usn, &endptr, 10);
    if (errno != 0) {
        ret = errno;
        DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n",
              usn, ret, sss_strerror(ret));
        return;
    }

    if (usn_number > srv_opts->last_usn) {
        srv_opts->last_usn = usn_number;
    }

    newusn = sdap_sudo_new_usn(srv_opts, srv_opts->last_usn, endptr);
    if (newusn == NULL) {
        return;
    }

    talloc_zfree(srv_opts->max_sudo_value);
    srv_opts->max_sudo_value = newusn;
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/806#issuecomment-488623227

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org