History log of /sssd/src/providers/ldap/sdap_sudo.c
Revision Date Author Comments Expand
dea636af4d1902a081ee891f1b19ee2f8729d759 20-Jun-2016 Pavel Březina <pbrezina@redhat.com>

DP: Switch to new interface Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

/sssd/Makefile.am /sssd/src/providers/ad/ad_access.c /sssd/src/providers/ad/ad_access.h /sssd/src/providers/ad/ad_autofs.c /sssd/src/providers/ad/ad_common.h /sssd/src/providers/ad/ad_id.c /sssd/src/providers/ad/ad_id.h /sssd/src/providers/ad/ad_init.c /sssd/src/providers/ad/ad_subdomains.c /sssd/src/providers/ad/ad_subdomains.h /sssd/src/providers/ad/ad_sudo.c /sssd/src/providers/backend.h /sssd/src/providers/data_provider/dp_custom_data.h /sssd/src/providers/data_provider/dp_iface.c /sssd/src/providers/data_provider/dp_iface.h /sssd/src/providers/data_provider/dp_target_auth.c /sssd/src/providers/data_provider/dp_target_autofs.c /sssd/src/providers/data_provider/dp_target_hostid.c /sssd/src/providers/data_provider/dp_target_id.c /sssd/src/providers/data_provider/dp_target_subdomains.c /sssd/src/providers/data_provider/dp_target_sudo.c /sssd/src/providers/data_provider_be.c /sssd/src/providers/data_provider_req.c /sssd/src/providers/data_provider_req.h /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_access.h /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_auth.h /sssd/src/providers/ipa/ipa_autofs.c /sssd/src/providers/ipa/ipa_common.h /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_hostid.c /sssd/src/providers/ipa/ipa_hostid.h /sssd/src/providers/ipa/ipa_id.c /sssd/src/providers/ipa/ipa_id.h /sssd/src/providers/ipa/ipa_init.c /sssd/src/providers/ipa/ipa_selinux.c /sssd/src/providers/ipa/ipa_selinux.h /sssd/src/providers/ipa/ipa_subdomains.c /sssd/src/providers/ipa/ipa_subdomains.h /sssd/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd/src/providers/ipa/ipa_subdomains_id.c /sssd/src/providers/ipa/ipa_subdomains_server.c /sssd/src/providers/ipa/ipa_sudo.c /sssd/src/providers/krb5/krb5_auth.c /sssd/src/providers/krb5/krb5_auth.h /sssd/src/providers/krb5/krb5_common.h /sssd/src/providers/krb5/krb5_init.c ldap_access.c ldap_auth.c ldap_common.c ldap_common.h ldap_id.c ldap_init.c sdap_access.h sdap_autofs.c sdap_autofs.h sdap_idmap.c sdap_online_check.c sdap_sudo.c sdap_sudo.h /sssd/src/providers/proxy/proxy.h /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_client.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/proxy/proxy_init.c /sssd/src/providers/simple/simple_access.c /sssd/src/providers/simple/simple_access_check.c /sssd/src/responder/autofs/autofssrv_dp.c /sssd/src/responder/common/responder_dp.c /sssd/src/responder/ssh/sshsrv_dp.c /sssd/src/responder/sudo/sudosrv_dp.c /sssd/src/tests/cmocka/test_nested_groups.c /sssd/src/tests/simple_access-tests.c
cc2d77d5218c188119fa954c856e858cbde76947 20-Jun-2016 Pavel Březina <pbrezina@redhat.com>

Rename dp_backend.h to backend.h Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

/sssd/Makefile.am /sssd/src/p11_child/p11_child_nss.c /sssd/src/providers/ad/ad_access.c /sssd/src/providers/ad/ad_gpo.c /sssd/src/providers/ad/ad_gpo_child.c /sssd/src/providers/ad/ad_srv.c /sssd/src/providers/ad/ad_subdomains.h /sssd/src/providers/backend.h /sssd/src/providers/be_dyndns.c /sssd/src/providers/be_ptask.c /sssd/src/providers/be_refresh.c /sssd/src/providers/data_provider_be.c /sssd/src/providers/data_provider_callbacks.c /sssd/src/providers/data_provider_fo.c /sssd/src/providers/ipa/ipa_auth.h /sssd/src/providers/ipa/ipa_dyndns.h /sssd/src/providers/ipa/ipa_subdomains.h /sssd/src/providers/ipa/selinux_child.c /sssd/src/providers/krb5/krb5_auth.h /sssd/src/providers/krb5/krb5_child.c /sssd/src/providers/krb5/krb5_common.c /sssd/src/providers/krb5/krb5_common.h ldap_access.c ldap_child.c ldap_common.h sdap.h sdap_access.c sdap_access.h sdap_async.h sdap_async_sudo.c sdap_autofs.c sdap_dyndns.c sdap_dyndns.h sdap_sudo.c sdap_sudo.h sdap_sudo_shared.h /sssd/src/providers/proxy/proxy.h /sssd/src/providers/proxy/proxy_child.c /sssd/src/providers/simple/simple_access.c /sssd/src/providers/simple/simple_access_check.c /sssd/src/tests/cmocka/test_be_ptask.c /sssd/src/tests/cmocka/test_data_provider_be.c
8bd44a13de231d025882810c720dd07ca4ee564d 19-Jan-2016 Pavel Březina <pbrezina@redhat.com>

SUDO: assume zero if usn is unknown When we switched to be_ptaks full_refresh_done has become obsolete since timing is handled in a better way. In case of unknown USN we assume zero which allows us to disable full refresh completely in configuration. Reviewed-by: Sumit Bose <sbose@redhat.com>
68abbe716bed7c8d6790d9bec168ef44469306a1 19-Jan-2016 Pavel Březina <pbrezina@redhat.com>

SUDO: make sudo sysdb interface more reusable Reviewed-by: Sumit Bose <sbose@redhat.com>
895b8d884d0f5277e181fe1212ec0c0daaf3977d 15-Dec-2015 Pavel Březina <pbrezina@redhat.com>

SUDO: make sdap_sudo_handler static Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
38262a2622af9fe71ca336799da6e88d91be0d81 15-Dec-2015 Pavel Březina <pbrezina@redhat.com>

SUDO: remove finalizer It is not used anywhere anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
cb235ec146f1ba81c211f8506736edea436be28a 15-Dec-2015 Pavel Březina <pbrezina@redhat.com>

SUDO: obtain host information when going online Resolves: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
556801ec367543a8d534e55ecd11a977642bcee6 15-Dec-2015 Pavel Březina <pbrezina@redhat.com>

SUDO: fix potential memory leak in sdap_sudo_init Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
24eac34a8c1f0a284cb697e8d5c09ff049181691 15-Dec-2015 Pavel Březina <pbrezina@redhat.com>

SUDO: fix tevent style Rearrage and rename functions in sdap_async_sudo.c to obey tevent style and improve readability. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
fc19031212369d69a9693ac8777ce1e61a16fe93 15-Dec-2015 Pavel Březina <pbrezina@redhat.com>

SUDO: simplify error handling This patch removes state->error and uses only ret instead since state->error was only duplication anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
81f135f9e83031c4a021a3d19009b2bc179c8468 15-Dec-2015 Pavel Březina <pbrezina@redhat.com>

SUDO: move offline check to handler We let sdap_id_op decide if we are offline or not here but we should not get to this code since ptask is disabled and we will not get through sudo handler if offline. This simplyfies the code and make it more similar to other providers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
00fea5c2aaa0277bea522d2f61de75699ee2ed49 15-Dec-2015 Pavel Březina <pbrezina@redhat.com>

SUDO: move refreshes from sdap_sudo.c to sdap_sudo_refresh.c sdap_sudo.c will contain only initialization and handlers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
a13cf3d295a4a6654dfa7e4193c0a2bc8bb78e92 15-Dec-2015 Pavel Březina <pbrezina@redhat.com>

SUDO: convert periodical refreshes to be_ptask This removes old sudo timer and simplyfies code a lot. It also allows to manage offline/online state. - Full and smart refresh are disabled when offline. - Full refresh is run immediately when sssd is back online. - Smart refresh is scheduled normally when sssd is back online. Resolves: https://fedorahosted.org/sssd/ticket/1943 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
8835ecb2ff5126629993a6b6d3fb0bb7baa3b765 12-Oct-2015 Pavel Reichl <preichl@redhat.com>

sudo: remove unused param. in ldap_get_sudo_options Remove unused talloc memory context. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
8c4abd227035169e75cb081424765e65c52b5266 29-Jul-2014 Pavel Březina <pbrezina@redhat.com>

sudo: replace asterisk with escape sequence in host filter Resolves: https://fedorahosted.org/sssd/ticket/2377 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
a3c8390d19593b1e5277d95bfb4ab206d4785150 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd/src/confdb/confdb.c /sssd/src/confdb/confdb_setup.c /sssd/src/db/sysdb.c /sssd/src/db/sysdb_autofs.c /sssd/src/db/sysdb_idmap.c /sssd/src/db/sysdb_ops.c /sssd/src/db/sysdb_ranges.c /sssd/src/db/sysdb_search.c /sssd/src/db/sysdb_selinux.c /sssd/src/db/sysdb_services.c /sssd/src/db/sysdb_ssh.c /sssd/src/db/sysdb_subdomains.c /sssd/src/db/sysdb_sudo.c /sssd/src/db/sysdb_upgrade.c /sssd/src/monitor/monitor.c /sssd/src/monitor/monitor_netlink.c /sssd/src/monitor/monitor_sbus.c /sssd/src/providers/ad/ad_access.c /sssd/src/providers/ad/ad_common.c /sssd/src/providers/ad/ad_domain_info.c /sssd/src/providers/ad/ad_dyndns.c /sssd/src/providers/ad/ad_id.c /sssd/src/providers/ad/ad_init.c /sssd/src/providers/ad/ad_srv.c /sssd/src/providers/ad/ad_subdomains.c /sssd/src/providers/data_provider_be.c /sssd/src/providers/data_provider_callbacks.c /sssd/src/providers/data_provider_fo.c /sssd/src/providers/data_provider_opts.c /sssd/src/providers/dp_auth_util.c /sssd/src/providers/dp_dyndns.c /sssd/src/providers/dp_pam_data_util.c /sssd/src/providers/dp_ptask.c /sssd/src/providers/dp_refresh.c /sssd/src/providers/fail_over.c /sssd/src/providers/fail_over_srv.c /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_autofs.c /sssd/src/providers/ipa/ipa_common.c /sssd/src/providers/ipa/ipa_config.c /sssd/src/providers/ipa/ipa_dyndns.c /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_hbac_hosts.c /sssd/src/providers/ipa/ipa_hbac_rules.c /sssd/src/providers/ipa/ipa_hbac_services.c /sssd/src/providers/ipa/ipa_hbac_users.c /sssd/src/providers/ipa/ipa_hostid.c /sssd/src/providers/ipa/ipa_hosts.c /sssd/src/providers/ipa/ipa_id.c /sssd/src/providers/ipa/ipa_idmap.c /sssd/src/providers/ipa/ipa_init.c /sssd/src/providers/ipa/ipa_netgroups.c /sssd/src/providers/ipa/ipa_s2n_exop.c /sssd/src/providers/ipa/ipa_selinux.c /sssd/src/providers/ipa/ipa_selinux_maps.c /sssd/src/providers/ipa/ipa_srv.c /sssd/src/providers/ipa/ipa_subdomains.c /sssd/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd/src/providers/ipa/ipa_subdomains_id.c /sssd/src/providers/ipa/ipa_sudo.c /sssd/src/providers/krb5/krb5_access.c /sssd/src/providers/krb5/krb5_auth.c /sssd/src/providers/krb5/krb5_become_user.c /sssd/src/providers/krb5/krb5_child.c /sssd/src/providers/krb5/krb5_child_handler.c /sssd/src/providers/krb5/krb5_common.c /sssd/src/providers/krb5/krb5_delayed_online_authentication.c /sssd/src/providers/krb5/krb5_init.c /sssd/src/providers/krb5/krb5_init_shared.c /sssd/src/providers/krb5/krb5_renew_tgt.c /sssd/src/providers/krb5/krb5_utils.c /sssd/src/providers/krb5/krb5_wait_queue.c ldap_access.c ldap_auth.c ldap_child.c ldap_common.c ldap_id.c ldap_id_cleanup.c ldap_id_enum.c ldap_id_netgroup.c ldap_id_services.c ldap_init.c sdap.c sdap_access.c sdap_async.c sdap_async_autofs.c sdap_async_connection.c sdap_async_enum.c sdap_async_groups.c sdap_async_groups_ad.c sdap_async_initgroups.c sdap_async_initgroups_ad.c sdap_async_nested_groups.c sdap_async_netgroups.c sdap_async_services.c sdap_async_sudo.c sdap_async_sudo_hostinfo.c sdap_async_sudo_timer.c sdap_async_users.c sdap_autofs.c sdap_child_helpers.c sdap_dyndns.c sdap_fd_events.c sdap_id_op.c sdap_idmap.c sdap_range.c sdap_refresh.c sdap_reinit.c sdap_sudo.c sdap_sudo_cache.c /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_child.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/proxy/proxy_init.c /sssd/src/providers/proxy/proxy_netgroup.c /sssd/src/providers/proxy/proxy_services.c /sssd/src/providers/simple/simple_access.c /sssd/src/providers/simple/simple_access_check.c /sssd/src/resolv/async_resolv.c /sssd/src/resolv/async_resolv_utils.c /sssd/src/responder/autofs/autofssrv.c /sssd/src/responder/autofs/autofssrv_cmd.c /sssd/src/responder/autofs/autofssrv_dp.c /sssd/src/responder/common/negcache.c /sssd/src/responder/common/responder_cmd.c /sssd/src/responder/common/responder_common.c /sssd/src/responder/common/responder_dp.c /sssd/src/responder/common/responder_get_domains.c /sssd/src/responder/nss/nsssrv.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_mmap_cache.c /sssd/src/responder/nss/nsssrv_netgroup.c /sssd/src/responder/nss/nsssrv_private.h /sssd/src/responder/nss/nsssrv_services.c /sssd/src/responder/pac/pacsrv.c /sssd/src/responder/pac/pacsrv_cmd.c /sssd/src/responder/pac/pacsrv_utils.c /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pam_helpers.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/responder/pam/pamsrv_dp.c /sssd/src/responder/ssh/sshsrv.c /sssd/src/responder/ssh/sshsrv_cmd.c /sssd/src/responder/ssh/sshsrv_dp.c /sssd/src/responder/sudo/sudosrv.c /sssd/src/responder/sudo/sudosrv_cmd.c /sssd/src/responder/sudo/sudosrv_dp.c /sssd/src/responder/sudo/sudosrv_get_sudorules.c /sssd/src/responder/sudo/sudosrv_query.c /sssd/src/sbus/sbus_client.c /sssd/src/sbus/sssd_dbus_common.c /sssd/src/sbus/sssd_dbus_connection.c /sssd/src/sbus/sssd_dbus_server.c /sssd/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd/src/tests/auth-tests.c /sssd/src/tests/cmocka/test_dyndns.c /sssd/src/tests/cmocka/test_fqnames.c /sssd/src/tests/cmocka/test_nss_srv.c /sssd/src/tests/cmocka/test_utils.c /sssd/src/tests/common_dom.c /sssd/src/tests/common_tev.c /sssd/src/tests/debug-tests.c /sssd/src/tests/files-tests.c /sssd/src/tests/krb5_child-test.c /sssd/src/tests/resolv-tests.c /sssd/src/tests/simple_access-tests.c /sssd/src/tests/sysdb-tests.c /sssd/src/tests/sysdb_ssh-tests.c /sssd/src/tools/files.c /sssd/src/tools/selinux.c /sssd/src/tools/sss_cache.c /sssd/src/tools/sss_debuglevel.c /sssd/src/tools/sss_groupadd.c /sssd/src/tools/sss_groupdel.c /sssd/src/tools/sss_groupmod.c /sssd/src/tools/sss_groupshow.c /sssd/src/tools/sss_seed.c /sssd/src/tools/sss_sync_ops.c /sssd/src/tools/sss_useradd.c /sssd/src/tools/sss_userdel.c /sssd/src/tools/sss_usermod.c /sssd/src/tools/tools_mc_util.c /sssd/src/tools/tools_util.c /sssd/src/tools/tools_util.h /sssd/src/util/authtok.c /sssd/src/util/backup_file.c /sssd/src/util/check_and_open.c /sssd/src/util/child_common.c /sssd/src/util/crypto/libcrypto/crypto_base64.c /sssd/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd/src/util/crypto/nss/nss_obfuscate.c /sssd/src/util/crypto/nss/nss_util.c /sssd/src/util/debug.c /sssd/src/util/domain_info_utils.c /sssd/src/util/find_uid.c /sssd/src/util/nscd.c /sssd/src/util/server.c /sssd/src/util/signal.c /sssd/src/util/sss_ini.c /sssd/src/util/sss_krb5.c /sssd/src/util/sss_krb5.h /sssd/src/util/sss_ldap.c /sssd/src/util/sss_nss.c /sssd/src/util/sss_selinux.c /sssd/src/util/sss_ssh.c /sssd/src/util/sss_tc_utf8.c /sssd/src/util/user_info_msg.c /sssd/src/util/usertools.c /sssd/src/util/util.c /sssd/src/util/util.h /sssd/src/util/util_lock.c /sssd/src/util/well_known_sids.c
6a31a971a376a992afb838fe60b311360c970267 15-Nov-2013 Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Drop the sysdb_ctx parameter from the sysdb_sudo.c module
937928d1161a4f7bd894cb365ada97569ab0f78f 11-Sep-2013 Lukas Slebodnik <lslebodn@redhat.com>

Fix formating of variables with type: time_t
7d40fefdb9b51e8c0c53b475a2d8d86befd03e17 19-Aug-2013 Pavel Březina <pbrezina@redhat.com>

sudo: continue if we are unable to resolve fqdn https://fedorahosted.org/sssd/ticket/2043
dcb44c39dda9699cdd6488fd116a51ced0687de3 07-Jun-2013 Jakub Hrozek <jhrozek@redhat.com>

LDAP: sdap_id_ctx might contain several connections With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
cbaba2f47da96c4191971bce86f03afb3f88864a 21-Jan-2013 Simo Sorce <simo@redhat.com>

Add be_req_get_data() helper funciton. In preparation for making struct be_req opaque.
03abdaa21ecf562b714f204ca42379ff08626f75 21-Jan-2013 Simo Sorce <simo@redhat.com>

Add be_req_get_be_ctx() helper. In preparation for making be_req opaque
df0596ec12bc5091608371e2977f3111241e8caf 21-Jan-2013 Simo Sorce <simo@redhat.com>

Remove sysdb as a be context structure member The sysdb context is already available through the 'domain' structure.
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2b 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain arguments to sysdb sudo functions
7ed683eba94b5bcdc4fe3f9037d80d0fedcddfd0 07-Jan-2013 Pavel Březina <pbrezina@redhat.com>

sudo smart refresh: fix debug message
023ebc3d7e76978cfe7952480e0d7d88a2e1f690 07-Jan-2013 Pavel Březina <pbrezina@redhat.com>

sudo smart refresh: do not include usn in filter if no valid usn is known https://fedorahosted.org/sssd/ticket/1736 When there are no rules during first refresh, we don't have valid USN value. We use 0 in this case, but it turned out that OpenLDAP takes it as invalid time format (if modifyTimestamp is used instead of USN) and thus returns no records. Now we don't include USN/modifyTimestamp attribute in the filter if such situasion occurs.
d091342880477358cf7317111abce05fb5802aab 04-Jan-2013 Ondrej Kos <okos@redhat.com>

LDAP: initialize refresh function handler
767a679fd5ac2f409476180c0dbcd8ecbe991503 19-Dec-2012 Sumit Bose <sbose@redhat.com>

Add default section to switch statement switch statements should always have a default section. In this particular case gcc gave a "'send_fn' may be used uninitialized in this function" warning.
dcb712782ed81cd19fc5d9a5dab37e50294d6f2e 18-Dec-2012 Pavel Březina <pbrezina@redhat.com>

sudo: do full refresh when data provider is back online https://fedorahosted.org/sssd/ticket/1689 Add a online callback if the first full refresh fails due to the provider beeing offline so we can perform the refresh as soon as possible.
5860e321d82d007a5b7f4a1ff9a3893156e22b19 18-Dec-2012 Pavel Březina <pbrezina@redhat.com>

sudo: schedule another full refresh in short interval if the first fails https://fedorahosted.org/sssd/ticket/1689 If the first full refresh of sudo rules fails because the data provider is offline, we will schedule another one in 2, 4, ... minutes.
e5c9834c45849cbf82ea420fa3e0efdc102cc26e 18-Dec-2012 Pavel Březina <pbrezina@redhat.com>

check dp error in sdap_sudo_full_refresh_done() https://fedorahosted.org/sssd/ticket/1689
260366c37cafab011cf48760eaf04282098ef800 18-Dec-2012 Pavel Březina <pbrezina@redhat.com>

add sdap_sudo_schedule_refresh() Reduces amount of code duplication.
3f23f27cd77eb4dbf362a0a4fdfbe0b18a2fb714 11-Dec-2012 Pavel Březina <pbrezina@redhat.com>

sudo: don't get stuck in rules and smart refresh when offline https://fedorahosted.org/sssd/ticket/1682 The problem was in following code: if (ret != EOK || state->dp_error != DP_ERR_OK || state->error != EOK) { tevent_req_error(req, ret); return; } In situation when data provider error occurs (e.g. when offline), ret == EOK but dp_error != DP_ERR_OK and we take the true branch. This results in calling tevent_req_error(req, EOK). Unfortunately, with EOK tevent_req_error only returns false, but does not trigger callback and this tevent request hangs forever, because no tevent_req_done(req) is called.
cf10b80d63916e5686545156264a6ed2306cc5bb 07-Dec-2012 Jakub Hrozek <jhrozek@redhat.com>

SUDO: strdup the input variable https://fedorahosted.org/sssd/ticket/1701
2faa9ecad5a45a949be5ea95aa9e140eeba0fe68 16-Nov-2012 Pavel Březina <pbrezina@redhat.com>

fix -O3 variable may be uninitialized warnings
4080c54ed0438a74cbe5e4faaa444a9d21d1b546 15-Nov-2012 Pavel Březina <pbrezina@redhat.com>

sudo: store rules with no sudoHost attribute https://fedorahosted.org/sssd/ticket/1640 Normal rules requires that sudoHost attribute is present. But this attribute is not mandatory for a special rule named cn=defaults. This patch modifies filter so that we store even rules that doesn't have sudoHost attribute specified. SUDO will then decide whether it is allowed or not.
208bf72198fb3580bc67993b6de373bea0f06836 24-Oct-2012 Pavel Březina <pbrezina@redhat.com>

sudo refresh: handle errors properly We should test both ret and (dp_error, errno) pair.
fb67530ec34740a18f56ff56614898d2bdaee36f 24-Oct-2012 Pavel Březina <pbrezina@redhat.com>

sudo: do not fail if usn value is zero but full refresh is completed https://fedorahosted.org/sssd/ticket/1596 In case that LDAP server contains zero sudo rules, the full refresh completes succussfully and stores current USN value (= 0). But then smart refresh will fail because it takes USN=0 as invalid value.
872bd6624d083074f81db0dd914427562fed8fb0 03-Oct-2012 Michal Zidek <mzidek@redhat.com>

Variable in sdap_sudo_rules_refresh_send could be used, uninitialized.
fb4e4c4eb6a6dc732370584f70d23dd4a2c5c7b6 07-Aug-2012 Pavel Březina <pbrezina@redhat.com>

Rename SYSDB_SUDO_CACHE_AT_OC to SYSDB_SUDO_CACHE_OC It does not contain name of the object class attribute but the value itself. I renamed it to avoid confusion.
6e7bbc6900018bc0a33f60c084b4d014017463da 23-Jul-2012 Pavel Březina <pbrezina@redhat.com>

sdap_sudo.c: add missing end of line in few debug messages
8bbf89c5ab798c112773fe23515c3a9df56dde71 18-Jul-2012 Nick Guay <nguay@redhat.com>

Fix uninitialized values https://fedorahosted.org/sssd/ticket/1379
bda8094867476bf5adcfe3409e34b09add50c9b4 09-Jul-2012 Stephen Gallagher <sgallagh@redhat.com>

Fix uninitialized variable Coverity #12802
1bb62d67c6d54a8ebd111ca08344f2d17b1f6f52 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: do per-host updates Add host information to LDAP filters.
96549c5e03047c4f21cb7ea8c01f8ff8bcc91cd8 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: mark sdap_sudo_setup_periodical_refresh() as static
5f73b623fc72e3b9b3590420825f30e618b4d4dd 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: load host filter configuration on init We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
7b74632f498dd1edf69294b597a4d92ec6d73b9f 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: pass sudo_ctx instead of id_ctx I had to create a new context structure to store additional information such as ip addresses and hostnames.
cfd539e2ebbe035cbc69aa3000c6b61a9fd36645 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sdap_sudo.c: move _recv after _done
16484408ce03aaddfe2a146621b14a43bdeb6808 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: modify highest USN in sdap_sudo_rules_refresh_done()
fc99ea70d735fa4094c450dd52c3503cb23e5f59 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: notify responder when an expired rule has been deleted When an expired rule is not present on the server server during specific rule refresh, the provider will notify the sudo responder that it has been deleted. Because there is a high probability that some other rules were deleted from the server as well, we want to remove them from sysdb as soon as possible. Once the responder is notified, it will schedule an out of band full refresh. This is issued by responder, because we already have a mechanism that prohibits creation of similar request (i.e. once the OOB full refresh is scheduled, there won't be another). The notification is done by returning: DP error = DP_ERR_OK, error = ENOENT
4684d427e7e10642ceff62128c3d22db87872c4c 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: return number of downloaded rules in sdap_sudo_refresh_recv()
b041138015878405fe09ee6695d9ff5e5be07405 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: support periodical smart refresh When SSSD is started, then full refresh is scheduled. The smart refresh is scheduled after this full refresh, if USN (or modifyTimestamp) values are available. If full refresh interval <= smart refresh interval then full refresh will be disabled. If both refresh types are 0 then smart refresh interval is set to default value.
3ea714e82b83e0553212b5dbe8f9148908bc9ddb 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: add periodical smart refresh API
aa6b805fd1f9cd8166ad5de3b5578390df1613d5 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: add smart refresh API
19d7eb95a8098ea1a52f1658e3ff8118dacf3141 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: remember highest usn after full refresh
04491e79dafde97824baa2cdb19e19dbf14d980a 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: add sdap_sudo_set_usn()
f143937efc6cbb1eb84042979c83dd5b3f23a40c 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: find highest USN
015882243625e51595423da929a2f72cd23c75ba 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: support periodical full refresh
44bff89750c5451112d4ef7a10b6d9d0c8442f85 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo provider: remove old timer
d16b3f456d1100f4058d9a73ee59397f964b8760 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: add support for on demand refresh of specific rules
b8f6f1e105f323b0debfcf1bb09aead6b3914472 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: provide API for refresh of specific rules
f8cbe2ddc3bd6e1f003f1d16a609b0697cafc721 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: add support for on demand full refresh
72985dbeba2d2eb8bc94d9ce62424aa6045c03cb 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: provide API for full refresh
751a7930d5af7c1a3c36936e3c5b9205189c6b92 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: give sdap_sudo_refresh_send() search and purge filters
0ca19d792b717456f334abdf35279acddf6d71c2 29-Jun-2012 Pavel Březina <pbrezina@redhat.com>

sudo ldap provider: move async routines to sdap_async_sudo.c
64ddff90c7fcc02ccb06824ac93af7d5f361a88f 31-May-2012 Jan Zeleny <jzeleny@redhat.com>

Add support for filtering atributes This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
ca4b7b92738f3dd463914e3de5757cd98d37a983 10-May-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Add attr_count return value to build_attrs_from_map() This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
2f3ee3f49019f5b60adbe073070f31e6e2d7c7ab 24-Feb-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Only use paging control on requests for multiple entries The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one
f5d4b05027acce06e3509ecb68869d1c7ef37180 17-Feb-2012 Pavel Březina <pbrezina@redhat.com>

Redesign purging of the sudo cache https://fedorahosted.org/sssd/ticket/1173
8a36504008872f03d1b1ca980adeceba28c331f5 06-Feb-2012 Jakub Hrozek <jhrozek@redhat.com>

Do not call sudo functions if built without-sudo
5d00ee0e07dea78806df780db69e94900e5bb8c0 04-Feb-2012 Jakub Hrozek <jhrozek@redhat.com>

Move BUILD_SUDO outside the generic LDAP source files Avoid #ifdefs in the general part of the code
169fa5bd3edd34aa0db35681832bd7406e423c1b 04-Feb-2012 Stephen Gallagher <sgallagh@redhat.com>

LDAP: Do not fail if RootDSE check cannot determine search bases https://fedorahosted.org/sssd/ticket/1152
7a571a9d9be35360cc0f283fcd8124bda11ebf51 27-Jan-2012 Pavel Březina <pbrezina@redhat.com>

SUDO Integration - prepare data provider for new responder commands https://fedorahosted.org/sssd/ticket/1143
efe918d7cb27a6ac5901748fc1f5879e3296c012 17-Jan-2012 Pavel Březina <pbrezina@redhat.com>

SUDO Integration - wrap data provider with tevent_req https://fedorahosted.org/sssd/ticket/1110
f643754db81eeade60485bbe3d80324d889cc4f3 17-Jan-2012 Pavel Březina <pbrezina@redhat.com>

SUDO Integration review issues
0a6755045096487bffbe4cf00eb071bdae6f3d27 20-Dec-2011 Pavel Březina <pbrezina@redhat.com>

SUDO Integration - fixed memory leak in sdap_sudo_handler()
8ce0509f582935655ee2b5ad81c5905be9ef5a02 20-Dec-2011 Pavel Březina <pbrezina@redhat.com>

SUDO Integration - be_sudo_req removed from sudo_ctx
e9eeb4302e0e426c6cc1a4e65b95a6f7066e80b9 16-Dec-2011 Pavel Březina <pbrezina@redhat.com>

SUDO integration - LDAP provider