e3bb7b3fda4697fa9c6f80107cd01dd04a20c85f |
|
11-May-2016 |
Petr Cech <pcech@redhat.com> |
RESPONDER: Removing ncache from sudo_ctx
This patch switches ncache from sudo_ctx to resp_ctx.
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
e50bd9752c7c94bc06d384487fef890ef8cc0e17 |
|
11-May-2016 |
Petr Cech <pcech@redhat.com> |
RESPONDER: Removing neg_timeout from sudo resp.
Timout of negative cache is handled by context of negative cache. So
this parameter is not needed now.
Resolves:
https://fedorahosted.org/sssd/ticket/2137
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
b3ca35780617b2e5a7637f9888b089e8e26a4e8c |
|
19-Apr-2016 |
Pavel Březina <pbrezina@redhat.com> |
sudo: convert get_sudorules to tevent
There was a lot of confusion with different error codes
and where to call sudosrv_cmd_done to finish the client
request. Converting it whole to tevent makes it much
more simpler to read and follow the request logic.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
15d41c8f28259061e39715acdbbbaea778b6ecc8 |
|
19-Apr-2016 |
Pavel Březina <pbrezina@redhat.com> |
sudo: do not use tevent when parsing query
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
52300e30a0ec0bbfa1b0918ee0b495f06f5d142a |
|
19-Apr-2016 |
Pavel Březina <pbrezina@redhat.com> |
sudo: use cache_req for initgroups
This is just blind code change, the next patch will improve it so
for example we don't do initgroups during query-parsing phase.
Resolves:
https://fedorahosted.org/sssd/ticket/1126
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
536dcc7fb975acfc126846a889d90332304e88ba |
|
19-Apr-2016 |
Pavel Březina <pbrezina@redhat.com> |
sudo: remove unused structure sudo_dp_request
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
52e3ee5c5ff2c5a4341041826a803ad42d2b2de7 |
|
14-Aug-2015 |
Pavel Březina <pbrezina@redhat.com> |
sudo: use "higher value wins" when ordering rules
This commit changes the default ordering logic (lower value wins) to
a correct one that is used by native ldap support. It also adds a new
option sudo_inverse_order to switch to the original SSSD (incorrect)
behaviour if needed.
Resolves:
https://fedorahosted.org/sssd/ticket/2682
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
2a25713afc6beefb11a799903a43f695c5d7a4f9 |
|
14-Apr-2015 |
Adam Tkac <vonsch@gmail.com> |
Option filter_users had no effect for retrieving sudo rules
Previously sssd_sudo always obtained sudo rules for user from LDAP even
when user was enlisted in filter_users.
Resolves https://fedorahosted.org/sssd/ticket/2625
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
5ff1c3c5a12930692cb6284d14f7fda3a974af8e |
|
22-Jan-2013 |
Pavel Březina <pbrezina@redhat.com> |
sudo responder: change num_rules type from size_t to uint32_t
https://fedorahosted.org/sssd/ticket/1779
2^32 should be enough to store sudo rules. size_t type was causing
troubles on big endian architectures, because it wasn't used
correctly in combination with D-Bus. |
e880949305cee3aca79441fe6113a9d79e7c98f2 |
|
18-Dec-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
RESPONDERS: Create a common file with service names and versions
The monitor sends calls different sbus methods to different responders.
Instead of including headers of the particular responders directly in
monitor, which breaks layering a little, create a common header file
that will be included from src/responder/common/ |
7379170a0860790f2739e07fffe3d6ec85264566 |
|
14-Nov-2012 |
Pavel Březina <pbrezina@redhat.com> |
sudo: do not send domain name with username
This caused troubles with subdomain users and it is not really
necessary. This patch does not change the protocol itself, that
should be done on the earliest possible occasion.
Part of https://fedorahosted.org/sssd/ticket/1616 |
d38ffc9c92daeb62de7d28c409bdaeff98f82775 |
|
14-Nov-2012 |
Pavel Březina <pbrezina@redhat.com> |
sudo: support users from subdomains
https://fedorahosted.org/sssd/ticket/1616 |
20f82655b3a29cf0784ba5c912927d1ada1287df |
|
29-Jun-2012 |
Pavel Březina <pbrezina@redhat.com> |
sudo responder: schedule OOB full refresh when expired rule is deleted |
e5b34f0166ae61468e53f369578e691ddb09cdd0 |
|
29-Jun-2012 |
Pavel Březina <pbrezina@redhat.com> |
sudo responder: update dp interface |
76db25eab9010a33657f35e5afc8477c996df7a3 |
|
29-Jun-2012 |
Pavel Březina <pbrezina@redhat.com> |
sudo responder: new request enum type
sss_sudo_type represents query type that comes to the responder
sss_dp_sudo_type represents query type to DP that is issued by the responder
I'm leaving current values of sss_dp_sudo_type untouched so the compilation
is not broken. Hovewer, they will be changed to new DP types once the DP
interface is updated. |
b95c6b5485eee5f45f62f87df77c9178857d625e |
|
29-Jun-2012 |
Pavel Březina <pbrezina@redhat.com> |
sudo responder: discard in-memory cache |
46d3d2c731e8c7e138462e5b60a39a279dc77d81 |
|
29-Jun-2012 |
Pavel Březina <pbrezina@redhat.com> |
sudo api: send uid, username and domainname
https://fedorahosted.org/sssd/ticket/1239
Test client was changed accordingly. The new usage is:
sss_sudo_cli username [uid]
If uid is not set, getpwnam(username) is called. It will retrieve
both default options and rules. |
b0abb3bfdfd95951a23c9fc223c735805ffd2969 |
|
29-Jun-2012 |
Pavel Březina <pbrezina@redhat.com> |
sudo responder: get rid of dctx where possible |
710472d946f6c337a095699dfd79134fa8b9eab9 |
|
29-Jun-2012 |
Pavel Březina <pbrezina@redhat.com> |
sudo responder: remove code duplication in commands |
744dff21cc626efdc646dd293c97c6a19a9f6ed5 |
|
24-Feb-2012 |
Pavel Březina <pbrezina@redhat.com> |
Move sudo_dom_ctx.user to local variable |
278284224aa10805d58c978977e43b1d1126f9b1 |
|
24-Feb-2012 |
Pavel Březina <pbrezina@redhat.com> |
Honor case_sensitive option in sudo responder
https://fedorahosted.org/sssd/ticket/1205 |
c9aab1c04c399ca2d1abef74f6df22ced34983dc |
|
04-Feb-2012 |
Pavel Březina <pbrezina@redhat.com> |
SUDO Integration - responder 'sudo_timed' option
https://fedorahosted.org/sssd/ticket/1116 |
41ef946f3f74a46b9e26118116e4811e259b30ef |
|
04-Feb-2012 |
Pavel Březina <pbrezina@redhat.com> |
SUDO Integration - in-memory cache in responder
New sudo responder option: cache_timeout
https://fedorahosted.org/sssd/ticket/1111 |
c47e9d522f0d87259e5074ea643daaa3dfcb8d92 |
|
27-Jan-2012 |
Pavel Březina <pbrezina@redhat.com> |
SUDO Integration - responder command for cn=defaults
https://fedorahosted.org/sssd/ticket/1143 |
3d55c65fbe50074f6a63dcb8ae866c038a9e6b2b |
|
27-Jan-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
Rename sss_dp_type to sss_dp_sudo_type
I pushed an older version of this patch that had the incorrect
name. This is the interdiff. |
3b121852048a7931f8a608527b760963e2ed2bb4 |
|
27-Jan-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
Use the new SUDO request in DP and sudo responder
Also remove the old request implementation
https://fedorahosted.org/sssd/ticket/1115 |
3b09b74bf65867d882af87ec60e2a517b15264a6 |
|
27-Jan-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
SUDO: Provide a sudo DP request based on the internal_req |
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3 |
|
16-Dec-2011 |
Pavel Březina <pbrezina@redhat.com> |
SUDO Integration - responder |