On (04/08/15 18:54), Jakub Hrozek wrote:
On Thu, Jul 30, 2015 at 01:05:56PM +0200, Pavel Březina wrote:
>
https://fedorahosted.org/sssd/ticket/2682
>
> I think this option should stay undocumented since we want the users to use
> the correct sorting logic.
I agree.
> From db18a64109d9e49fa8bcdad14f412c6e7159137d Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina(a)redhat.com>
> Date: Wed, 29 Jul 2015 14:51:30 +0200
> Subject: [PATCH] sudo: use "higher value wins" when ordering rules
>
> This commit changes the default ordering logic (lower value wins) to
> a correct one that is used by native ldap support. It also adds a new
> option sudo_inverse_order to switch to the original SSSD (incorrect)
> behaviour if needed.
Did you already build a test RPM for the RHEL customer who reported the
bug? If not, please do so and let them confirm the fix.
One comment in the code:
> @@ -680,7 +684,7 @@ static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX
*mem_ctx,
> goto done;
> }
>
> - ret = sort_sudo_rules(rules, count);
> + ret = sort_sudo_rules(rules, count, inverse_order == false);
This is unreadable to me, because == false passes true to the function.
I would prefer:
inverse_order ? false : true
Neither proposed solution nor original version improve readability.
The prototype of sort_sudo_rules is:
static errno_t
sort_sudo_rules(struct sysdb_attrs **rules, size_t count, bool higher_wins);
The most readable version is:
const higher_wins = !inverse_order
ret = sort_sudo_rules(rules, count, higher_wins);
or to change loginc in function sort_sudo_rules.
LS