History log of /sssd/src/db/sysdb_sudo.c
Revision Date Author Comments Expand
7e23edbaa7a6bbd0b461d5792535896b6a77928b 23-Nov-2016 Petr Čech <pcech@redhat.com>

SYSDB: Fixing of sudorule without a sudoUser This patch solved a regression caused by the recent patches to lowercase sudoUser -- in case sudoUser is missing completely, we abort the processing of this rule and all others. With this patch, we return ERR_MALFORMED_ENTRY and gracefully skip the malformed rule instead. Resolves: https://fedorahosted.org/sssd/ticket/3241 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
f4a1046bb88d7a0ab3617e49ae94bfa849d10645 08-Nov-2016 Petr Čech <pcech@redhat.com>

SYSDB: Adding lowercase sudoUser form If domain is not case sensitive we add lowercase form of usernames to sudoUser attributes. So we actually able to apply sudoRule on user Administrator@... with login admnistrator@... Resolves: https://fedorahosted.org/sssd/ticket/3203 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
61913b8f0d1ba54d82640500d7486fac5f72b030 07-Jul-2016 Pavel Březina <pbrezina@redhat.com>

sudo: solve problems with fully qualified names sudo expects the same name in sudo rule as login name. Therefore if fully qualified name is used or even enforced by setting use_fully_qualified_names to true or by forcing default domain with default_domain_suffix sssd is able to correctly return the rules but sudo can't match the user with contect of sudoUser attribute since it is not qualified. This patch changes the rules on the fly to avoid using names at all. We do this in two steps: 1. We fetch all rules that match current user name, id or groups and replace sudoUser attribute with sudoUser: #uid. 2. We fetch complementry rules that contain netgroups since it is expected we don't have infromation about existing netgroups in cache, sudo still needs to evaluate it for us if needed. This patch also remove test for sysdb_get_sudo_filter since it wasn't sufficient anyway and I did not rewrite it since I don't thing it is a good thing to have filter tests that depends on exact filter order. Resolves: https://fedorahosted.org/sssd/ticket/2919 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
e2d26e97d62f06f65e8228b28746471cc5f73fe5 20-Apr-2016 Petr Cech <pcech@redhat.com>

SYSDB: Add new funtions into sysdb_sudo This patch adds two new functions into public API of sysdb_sudo: * sysdb_search_sudo_rules * sysdb_set_sudo_rule_attr Resolves: https://fedorahosted.org/sssd/ticket/2081 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
aeb3cef10158a1c621d58c6d982e53569e40c6c0 18-Apr-2016 Lukas Slebodnik <lslebodn@redhat.com>

SYSDB_SUDO: Remove useless test The function sysdb_search_custom cannot return EOK and together set output argument count to zero. This case is already handled in function sysdb_search_entry which is used inside sysdb_search_custom. Such useless test can just cause read of unitialized variable in case of other errors returned from sysdb_search_custom. Error: UNINIT (CWE-457): [#def1] sssd-1.13.4/src/db/sysdb_sudo.c:678: var_decl: Declaring variable "count" without initializer. sssd-1.13.4/src/db/sysdb_sudo.c:698: uninit_use: Using uninitialized value "count". # 696| SUDORULE_SUBDIR, attrs, # 697| &count, &msgs); # 698|-> if (ret == ENOENT || count == 0) { # 699| DEBUG(SSSDBG_TRACE_FUNC, "No rules matched\n"); # 700| ret = EOK; Reviewed-by: Pavel Březina <pbrezina@redhat.com>
68abbe716bed7c8d6790d9bec168ef44469306a1 19-Jan-2016 Pavel Březina <pbrezina@redhat.com>

SUDO: make sudo sysdb interface more reusable Reviewed-by: Sumit Bose <sbose@redhat.com>
c526cd124515cc2d44a413dcbfd4a74ddb490150 13-Apr-2015 Pavel Březina <pbrezina@redhat.com>

sudo: sanitize filter values Resolves: https://fedorahosted.org/sssd/ticket/2613 Reviewed-by: Pavel Reichl <preichl@redhat.com>
87f8bee53ee1b4ca87b602ff8536bc5fd5b5b595 17-Mar-2015 Lukas Slebodnik <lslebodn@redhat.com>

Add missing new lines to debug messages Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

/sssd/src/confdb/confdb_setup.c sysdb_autofs.c sysdb_sudo.c sysdb_views.c /sssd/src/monitor/monitor.c /sssd/src/monitor/monitor_netlink.c /sssd/src/providers/ad/ad_common.c /sssd/src/providers/ad/ad_init.c /sssd/src/providers/ad/ad_subdomains.c /sssd/src/providers/data_provider_be.c /sssd/src/providers/dp_dyndns.c /sssd/src/providers/dp_ptask.c /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_hbac_rules.c /sssd/src/providers/ipa/ipa_hostid.c /sssd/src/providers/ipa/ipa_selinux.c /sssd/src/providers/ipa/ipa_subdomains.c /sssd/src/providers/krb5/krb5_child.c /sssd/src/providers/krb5/krb5_wait_queue.c /sssd/src/providers/ldap/ldap_id.c /sssd/src/providers/ldap/sdap.c /sssd/src/providers/ldap/sdap_async.c /sssd/src/providers/ldap/sdap_async_connection.c /sssd/src/providers/ldap/sdap_async_initgroups.c /sssd/src/providers/ldap/sdap_utils.c /sssd/src/responder/autofs/autofssrv_cmd.c /sssd/src/responder/common/responder_dp.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_netgroup.c /sssd/src/responder/pac/pacsrv_cmd.c /sssd/src/responder/pac/pacsrv_utils.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/sudo/sudosrv_get_sudorules.c /sssd/src/responder/sudo/sudosrv_query.c /sssd/src/sbus/sssd_dbus_server.c /sssd/src/tests/krb5_child-test.c /sssd/src/tools/files.c /sssd/src/tools/sss_sync_ops.c /sssd/src/util/debug.c /sssd/src/util/domain_info_utils.c /sssd/src/util/find_uid.c /sssd/src/util/server.c /sssd/src/util/sss_ini.c /sssd/src/util/sss_krb5.c /sssd/src/util/sss_semanage.c /sssd/src/util/usertools.c
04d138472cc086fb7961f0d378852b09961b1a33 11-Mar-2015 Lukas Slebodnik <lslebodn@redhat.com>

Log reason in debug message why ldb_modify failed Reviewed-by: Sumit Bose <sbose@redhat.com>
5389b3714be747f1a11ac51beb0c5988cfb6c240 27-May-2014 Lukas Slebodnik <lslebodn@redhat.com>

Don't use macro _XOPEN_SOURCE for function strptime We detect all necessary feature macros in configure script using AC_USE_SYSTEM_EXTENSIONS or AC_GNU_SOURCE. This patch replaces all definitions of macro _XOPEN_SOURCE with header file config.h Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
a3c8390d19593b1e5277d95bfb4ab206d4785150 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd/src/confdb/confdb.c /sssd/src/confdb/confdb_setup.c sysdb.c sysdb_autofs.c sysdb_idmap.c sysdb_ops.c sysdb_ranges.c sysdb_search.c sysdb_selinux.c sysdb_services.c sysdb_ssh.c sysdb_subdomains.c sysdb_sudo.c sysdb_upgrade.c /sssd/src/monitor/monitor.c /sssd/src/monitor/monitor_netlink.c /sssd/src/monitor/monitor_sbus.c /sssd/src/providers/ad/ad_access.c /sssd/src/providers/ad/ad_common.c /sssd/src/providers/ad/ad_domain_info.c /sssd/src/providers/ad/ad_dyndns.c /sssd/src/providers/ad/ad_id.c /sssd/src/providers/ad/ad_init.c /sssd/src/providers/ad/ad_srv.c /sssd/src/providers/ad/ad_subdomains.c /sssd/src/providers/data_provider_be.c /sssd/src/providers/data_provider_callbacks.c /sssd/src/providers/data_provider_fo.c /sssd/src/providers/data_provider_opts.c /sssd/src/providers/dp_auth_util.c /sssd/src/providers/dp_dyndns.c /sssd/src/providers/dp_pam_data_util.c /sssd/src/providers/dp_ptask.c /sssd/src/providers/dp_refresh.c /sssd/src/providers/fail_over.c /sssd/src/providers/fail_over_srv.c /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_autofs.c /sssd/src/providers/ipa/ipa_common.c /sssd/src/providers/ipa/ipa_config.c /sssd/src/providers/ipa/ipa_dyndns.c /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_hbac_hosts.c /sssd/src/providers/ipa/ipa_hbac_rules.c /sssd/src/providers/ipa/ipa_hbac_services.c /sssd/src/providers/ipa/ipa_hbac_users.c /sssd/src/providers/ipa/ipa_hostid.c /sssd/src/providers/ipa/ipa_hosts.c /sssd/src/providers/ipa/ipa_id.c /sssd/src/providers/ipa/ipa_idmap.c /sssd/src/providers/ipa/ipa_init.c /sssd/src/providers/ipa/ipa_netgroups.c /sssd/src/providers/ipa/ipa_s2n_exop.c /sssd/src/providers/ipa/ipa_selinux.c /sssd/src/providers/ipa/ipa_selinux_maps.c /sssd/src/providers/ipa/ipa_srv.c /sssd/src/providers/ipa/ipa_subdomains.c /sssd/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd/src/providers/ipa/ipa_subdomains_id.c /sssd/src/providers/ipa/ipa_sudo.c /sssd/src/providers/krb5/krb5_access.c /sssd/src/providers/krb5/krb5_auth.c /sssd/src/providers/krb5/krb5_become_user.c /sssd/src/providers/krb5/krb5_child.c /sssd/src/providers/krb5/krb5_child_handler.c /sssd/src/providers/krb5/krb5_common.c /sssd/src/providers/krb5/krb5_delayed_online_authentication.c /sssd/src/providers/krb5/krb5_init.c /sssd/src/providers/krb5/krb5_init_shared.c /sssd/src/providers/krb5/krb5_renew_tgt.c /sssd/src/providers/krb5/krb5_utils.c /sssd/src/providers/krb5/krb5_wait_queue.c /sssd/src/providers/ldap/ldap_access.c /sssd/src/providers/ldap/ldap_auth.c /sssd/src/providers/ldap/ldap_child.c /sssd/src/providers/ldap/ldap_common.c /sssd/src/providers/ldap/ldap_id.c /sssd/src/providers/ldap/ldap_id_cleanup.c /sssd/src/providers/ldap/ldap_id_enum.c /sssd/src/providers/ldap/ldap_id_netgroup.c /sssd/src/providers/ldap/ldap_id_services.c /sssd/src/providers/ldap/ldap_init.c /sssd/src/providers/ldap/sdap.c /sssd/src/providers/ldap/sdap_access.c /sssd/src/providers/ldap/sdap_async.c /sssd/src/providers/ldap/sdap_async_autofs.c /sssd/src/providers/ldap/sdap_async_connection.c /sssd/src/providers/ldap/sdap_async_enum.c /sssd/src/providers/ldap/sdap_async_groups.c /sssd/src/providers/ldap/sdap_async_groups_ad.c /sssd/src/providers/ldap/sdap_async_initgroups.c /sssd/src/providers/ldap/sdap_async_initgroups_ad.c /sssd/src/providers/ldap/sdap_async_nested_groups.c /sssd/src/providers/ldap/sdap_async_netgroups.c /sssd/src/providers/ldap/sdap_async_services.c /sssd/src/providers/ldap/sdap_async_sudo.c /sssd/src/providers/ldap/sdap_async_sudo_hostinfo.c /sssd/src/providers/ldap/sdap_async_sudo_timer.c /sssd/src/providers/ldap/sdap_async_users.c /sssd/src/providers/ldap/sdap_autofs.c /sssd/src/providers/ldap/sdap_child_helpers.c /sssd/src/providers/ldap/sdap_dyndns.c /sssd/src/providers/ldap/sdap_fd_events.c /sssd/src/providers/ldap/sdap_id_op.c /sssd/src/providers/ldap/sdap_idmap.c /sssd/src/providers/ldap/sdap_range.c /sssd/src/providers/ldap/sdap_refresh.c /sssd/src/providers/ldap/sdap_reinit.c /sssd/src/providers/ldap/sdap_sudo.c /sssd/src/providers/ldap/sdap_sudo_cache.c /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_child.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/proxy/proxy_init.c /sssd/src/providers/proxy/proxy_netgroup.c /sssd/src/providers/proxy/proxy_services.c /sssd/src/providers/simple/simple_access.c /sssd/src/providers/simple/simple_access_check.c /sssd/src/resolv/async_resolv.c /sssd/src/resolv/async_resolv_utils.c /sssd/src/responder/autofs/autofssrv.c /sssd/src/responder/autofs/autofssrv_cmd.c /sssd/src/responder/autofs/autofssrv_dp.c /sssd/src/responder/common/negcache.c /sssd/src/responder/common/responder_cmd.c /sssd/src/responder/common/responder_common.c /sssd/src/responder/common/responder_dp.c /sssd/src/responder/common/responder_get_domains.c /sssd/src/responder/nss/nsssrv.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_mmap_cache.c /sssd/src/responder/nss/nsssrv_netgroup.c /sssd/src/responder/nss/nsssrv_private.h /sssd/src/responder/nss/nsssrv_services.c /sssd/src/responder/pac/pacsrv.c /sssd/src/responder/pac/pacsrv_cmd.c /sssd/src/responder/pac/pacsrv_utils.c /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pam_helpers.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/responder/pam/pamsrv_dp.c /sssd/src/responder/ssh/sshsrv.c /sssd/src/responder/ssh/sshsrv_cmd.c /sssd/src/responder/ssh/sshsrv_dp.c /sssd/src/responder/sudo/sudosrv.c /sssd/src/responder/sudo/sudosrv_cmd.c /sssd/src/responder/sudo/sudosrv_dp.c /sssd/src/responder/sudo/sudosrv_get_sudorules.c /sssd/src/responder/sudo/sudosrv_query.c /sssd/src/sbus/sbus_client.c /sssd/src/sbus/sssd_dbus_common.c /sssd/src/sbus/sssd_dbus_connection.c /sssd/src/sbus/sssd_dbus_server.c /sssd/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd/src/tests/auth-tests.c /sssd/src/tests/cmocka/test_dyndns.c /sssd/src/tests/cmocka/test_fqnames.c /sssd/src/tests/cmocka/test_nss_srv.c /sssd/src/tests/cmocka/test_utils.c /sssd/src/tests/common_dom.c /sssd/src/tests/common_tev.c /sssd/src/tests/debug-tests.c /sssd/src/tests/files-tests.c /sssd/src/tests/krb5_child-test.c /sssd/src/tests/resolv-tests.c /sssd/src/tests/simple_access-tests.c /sssd/src/tests/sysdb-tests.c /sssd/src/tests/sysdb_ssh-tests.c /sssd/src/tools/files.c /sssd/src/tools/selinux.c /sssd/src/tools/sss_cache.c /sssd/src/tools/sss_debuglevel.c /sssd/src/tools/sss_groupadd.c /sssd/src/tools/sss_groupdel.c /sssd/src/tools/sss_groupmod.c /sssd/src/tools/sss_groupshow.c /sssd/src/tools/sss_seed.c /sssd/src/tools/sss_sync_ops.c /sssd/src/tools/sss_useradd.c /sssd/src/tools/sss_userdel.c /sssd/src/tools/sss_usermod.c /sssd/src/tools/tools_mc_util.c /sssd/src/tools/tools_util.c /sssd/src/tools/tools_util.h /sssd/src/util/authtok.c /sssd/src/util/backup_file.c /sssd/src/util/check_and_open.c /sssd/src/util/child_common.c /sssd/src/util/crypto/libcrypto/crypto_base64.c /sssd/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd/src/util/crypto/nss/nss_obfuscate.c /sssd/src/util/crypto/nss/nss_util.c /sssd/src/util/debug.c /sssd/src/util/domain_info_utils.c /sssd/src/util/find_uid.c /sssd/src/util/nscd.c /sssd/src/util/server.c /sssd/src/util/signal.c /sssd/src/util/sss_ini.c /sssd/src/util/sss_krb5.c /sssd/src/util/sss_krb5.h /sssd/src/util/sss_ldap.c /sssd/src/util/sss_nss.c /sssd/src/util/sss_selinux.c /sssd/src/util/sss_ssh.c /sssd/src/util/sss_tc_utf8.c /sssd/src/util/user_info_msg.c /sssd/src/util/usertools.c /sssd/src/util/util.c /sssd/src/util/util.h /sssd/src/util/util_lock.c /sssd/src/util/well_known_sids.c
e6f4dbf8474e928ca7da33d6be18e94cbc66a5de 29-Jan-2014 Pavel Březina <pbrezina@redhat.com>

sudo: memset tm when converting time attributes strptime() which is used to parse LDAP time value does not initialize all fields of tm structure (especially tm_isdst). This results in random behavior - when the tm is converted into timestamp via mktime(), the result depends on current value of tm_isdst. Resolves: https://fedorahosted.org/sssd/ticket/2213
e2ac9be4f293b96f3c8992f1171e44bc1da5cfca 15-Nov-2013 Michal Zidek <mzidek@redhat.com>

SYSDB: Drop redundant sysdb_ctx parameter from sysdb.c
d115f40c7a3999e3cbe705a2ff9cf0fd493f80fb 15-Nov-2013 Michal Zidek <mzidek@redhat.com>

SYSDB: Drop the sysdb_ctx parameter - module sysdb_ops (part 2)

sysdb.h sysdb_autofs.c sysdb_ops.c sysdb_services.c sysdb_ssh.c sysdb_sudo.c /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_hbac_hosts.c /sssd/src/providers/ipa/ipa_hbac_services.c /sssd/src/providers/ipa/ipa_hbac_users.c /sssd/src/providers/ipa/ipa_id.c /sssd/src/providers/ipa/ipa_netgroups.c /sssd/src/providers/ipa/ipa_s2n_exop.c /sssd/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd/src/providers/krb5/krb5_auth.c /sssd/src/providers/ldap/ldap_auth.c /sssd/src/providers/ldap/ldap_id.c /sssd/src/providers/ldap/ldap_id_cleanup.c /sssd/src/providers/ldap/ldap_id_netgroup.c /sssd/src/providers/ldap/sdap_async_groups.c /sssd/src/providers/ldap/sdap_async_initgroups.c /sssd/src/providers/ldap/sdap_async_initgroups_ad.c /sssd/src/providers/ldap/sdap_async_nested_groups.c /sssd/src/providers/ldap/sdap_async_netgroups.c /sssd/src/providers/ldap/sdap_async_users.c /sssd/src/providers/ldap/sdap_reinit.c /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/proxy/proxy_netgroup.c /sssd/src/providers/simple/simple_access_check.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/pac/pacsrv_cmd.c /sssd/src/responder/pac/pacsrv_utils.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/responder/sudo/sudosrv_get_sudorules.c /sssd/src/tests/cmocka/test_nss_srv.c /sssd/src/tests/simple_access-tests.c /sssd/src/tests/sysdb-tests.c /sssd/src/tools/sss_cache.c /sssd/src/tools/sss_groupshow.c /sssd/src/tools/sss_seed.c /sssd/src/tools/sss_sync_ops.c
6a31a971a376a992afb838fe60b311360c970267 15-Nov-2013 Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Drop the sysdb_ctx parameter from the sysdb_sudo.c module
4c08db0fb0dda3d27b1184248ca5c800d7ce23f0 15-Nov-2013 Michal Zidek <mzidek@redhat.com>

SYSDB: Drop the sysdb_ctx parameter - module sysdb_ops (part 1)
5ac292b5faea231d93c0cd0f58d0f2f1776a7120 04-Oct-2013 Stephen Gallagher <sgallagh@redhat.com>

SYSDB: Fix incorrect DEBUG message A bad comparison resulted in the sysdb_sudo_check_time() function always printing a debug message saying that the time matched. Resolves: Coverity Issue #12031
55fdd0d28e7c88f333ad78183b0ba37a1da34160 01-Oct-2013 Pavel Březina <pbrezina@redhat.com>

sudo: improve time restrictions debug messages
d1f3610aefcb634f212d4c099fac102b3e4dee59 01-Oct-2013 Pavel Březina <pbrezina@redhat.com>

sudo: allow specifying only one time restriction https://fedorahosted.org/sssd/ticket/2100
5ff1c3c5a12930692cb6284d14f7fda3a974af8e 22-Jan-2013 Pavel Březina <pbrezina@redhat.com>

sudo responder: change num_rules type from size_t to uint32_t https://fedorahosted.org/sssd/ticket/1779 2^32 should be enough to store sudo rules. size_t type was causing troubles on big endian architectures, because it wasn't used correctly in combination with D-Bus.
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2b 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain arguments to sysdb sudo functions
a703ed242523c145133f522085ee3180452b3743 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain to sysdb_delete_custom
770896b194b7b66b09c2a30545b4d091fd86b1f4 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain argument to sysdb_search_custom() Also changes sysdb_search_custom_by_name()
dd7192379e5fc5bb852863e60ad4b6a20c5da183 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain argument to sysdb_store_custom()
5d72a91a37273c8c874640906fd2f7a70e606812 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain to sysdb_search_group_by_gid() Also remove unused sysdb_search_domgroup_by_gid()
2ce00e0d3896bb42db169d1e79553a81ca837a22 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain to sysdb_search_user_by_name() Also remove unused sysdb_search_domuser_by_name()
9675bccabff4e79d224f64611ad9ff3e073b488e 15-Jan-2013 Simo Sorce <simo@redhat.com>

Make sysdb_custom_subtree_dn() require a domain.
80941dd89fd8bc7c4a1272c304f737ce0fd5fc54 19-Dec-2012 Sumit Bose <sbose@redhat.com>

Fix a 'shadows a global declaration' warning
5a2cce34cf8843613b0b9dfde054b3d471dd5f3a 13-Dec-2012 Pavel Březina <pbrezina@redhat.com>

sudo: support generalized time format https://fedorahosted.org/sssd/ticket/1712 The timestamp doesn't have to be in the form yyyymmddHHMMSSZ any more. It can be in any form of generalized time format.
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537 13-Dec-2012 Pavel Březina <pbrezina@redhat.com>

sudo: include primary group in user group list https://fedorahosted.org/sssd/ticket/1677
9bdb93119ceaf9e2bbcec0c0a4747f1a04b48a12 13-Dec-2012 Pavel Březina <pbrezina@redhat.com>

sysdb_get_sudo_user_info() initialize attrs on declaration
95f5e7963a36b7b68859ce91ae4b232088bbaa09 24-Sep-2012 Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Remove unnecessary domain parameter from several sysdb calls The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
3a59cbd0b7b9c5dd3c62ac1679876070c264d80f 04-Sep-2012 Michal Zidek <mzidek@redhat.com>

Unify usage of sysdb transactions (part 2).
c01f015106b6e238d918ba4574f60bee811517ec 07-Aug-2012 Pavel Březina <pbrezina@redhat.com>

Remove SYSDB_SUDO_CACHE_OC from attribute lists It is not an attribute.
fb4e4c4eb6a6dc732370584f70d23dd4a2c5c7b6 07-Aug-2012 Pavel Březina <pbrezina@redhat.com>

Rename SYSDB_SUDO_CACHE_AT_OC to SYSDB_SUDO_CACHE_OC It does not contain name of the object class attribute but the value itself. I renamed it to avoid confusion.
8bbf89c5ab798c112773fe23515c3a9df56dde71 18-Jul-2012 Nick Guay <nguay@redhat.com>

Fix uninitialized values https://fedorahosted.org/sssd/ticket/1379
dfafb437f49d31e015184e212571e9917aa94eef 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo: clean up
f7af8c5b369938725e47585c641ae5b017d442a1 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo sysdb: add expiration time to the filter
0f808798eefaedc3eb241f26aa49680d87f22336 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sysdb: remove sudo_set/get_refreshed
44749ce0c1fee9babee80060fa0db99eebb2ab51 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sysdb: add getter/setter for last sudo full refresh time
cda8ff6cfdef22356dc3c06ec5204344912f0f0b 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo sysdb: make sysdb_get_sudo_user_info more configurable
2d34690ae92215d355b0272001d9e68214dc80f6 10-May-2012 Jakub Hrozek <jhrozek@redhat.com>

sysdb: return proper error code from sysdb_sudo_purge_all
69e7d6649b58c66675ef38084868fc5356c5a240 02-May-2012 Jakub Hrozek <jhrozek@redhat.com>

SUDO: Return ret, not EOK This patch fixes bad refactoring - the function used to return value directly on error and EOK as the last statement. If was then converted into using goto label, but the last statement was still returning EOK instead of the value it should.
f5d4b05027acce06e3509ecb68869d1c7ef37180 17-Feb-2012 Pavel Březina <pbrezina@redhat.com>

Redesign purging of the sudo cache https://fedorahosted.org/sssd/ticket/1173
db419c61035cb262010cc8d5a4047191c2b60f05 10-Feb-2012 Pavel Březina <pbrezina@redhat.com>

Improve debug messages in sysdb_sudo_check_time()
ed44814e0e7ff9f0ef7ffc98fab7d9542a7822df 06-Feb-2012 Pavel Březina <pbrezina@redhat.com>

SUDO Integration - sysdb_sudo_check_time() fix
4be402505ba20b43361753f0e6e1589c9b029e81 04-Feb-2012 Jakub Hrozek <jhrozek@redhat.com>

Fixes for sudo_timed https://fedorahosted.org/sssd/ticket/1116
c9aab1c04c399ca2d1abef74f6df22ced34983dc 04-Feb-2012 Pavel Březina <pbrezina@redhat.com>

SUDO Integration - responder 'sudo_timed' option https://fedorahosted.org/sssd/ticket/1116
f6171b2bc954a367f316853ab71090eb213bdee3 27-Jan-2012 Pavel Březina <pbrezina@redhat.com>

SUDO Integration - make sysdb_get_sudo_filter() more configurable https://fedorahosted.org/sssd/ticket/1143
1a542b3698d8c42cf075b722f8838f106eb09fcc 17-Jan-2012 Pavel Březina <pbrezina@redhat.com>

SUDO Integration - functions for manipulating with 'refreshed' attribute https://fedorahosted.org/sssd/ticket/1110
f643754db81eeade60485bbe3d80324d889cc4f3 17-Jan-2012 Pavel Březina <pbrezina@redhat.com>

SUDO Integration review issues
3f98cdc011bb4e8cd22c088f288b0bcdb6452492 16-Dec-2011 Jakub Hrozek <jhrozek@redhat.com>

SUDO Integration - sysdb interface