From 46703740e83a66909974a5ee8d47df6a6e5076e7 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Dec 08 2016 15:55:16 +0000 Subject: sudo: do not store usn if no rules are found When ldap doesn't contain any sudorule during the initial full refresh, usn is set to 1 instead of remaining unset and we are trying to search modifyTimestamp>=1 during smart refresh which doesn't return any result on openldap servers. Resolves: https://fedorahosted.org/sssd/ticket/3257 Reviewed-by: Jakub Hrozek --- diff --git a/src/providers/ldap/sdap_sudo_shared.c b/src/providers/ldap/sdap_sudo_shared.c index 8072260..66b7887 100644 --- a/src/providers/ldap/sdap_sudo_shared.c +++ b/src/providers/ldap/sdap_sudo_shared.c @@ -129,7 +129,7 @@ sdap_sudo_new_usn(TALLOC_CTX *mem_ctx, char *newusn; /* We increment USN number so that we can later use simplify filter - * (just usn >= last+1 instaed of usn >= last && usn != last). + * (just usn >= last+1 instead of usn >= last && usn != last). */ usn++; @@ -174,6 +174,13 @@ sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, return; } + if (usn_number == 0) { + /* Zero means that there were no rules on the server, so we have + * nothing to store. */ + DEBUG(SSSDBG_TRACE_FUNC, "SUDO USN value is empty.\n"); + return; + } + newusn = sdap_sudo_new_usn(srv_opts, usn_number, endptr); if (newusn == NULL) { return;