sssd.git/src/responder/sudo, branch nonroot sssd with jhrozek's patches RESPONDERS: Set default value for umask 2014-10-29T09:41:06+00:00 Pavel Reichl preichl@redhat.com 2014-10-24T11:42:50+00:00 458f5245dd5130d12666cce6faf8ef1ec7f80169 Resolves: https://fedorahosted.org/sssd/ticket/2468 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves: https://fedorahosted.org/sssd/ticket/2468

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SUDO: Run the sudo responder as the SSSD user 2014-10-22T13:44:51+00:00 Jakub Hrozek jhrozek@redhat.com 2014-10-17T16:14:45+00:00 3f9e2c24dbc14b2eafbe4f5a5ee16fe9af3c3f75 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
responders: Do not initialize pipe fd if already present 2014-10-22T13:44:39+00:00 Michal Zidek mzidek@redhat.com 2014-10-15T16:01:55+00:00 8bccd95e275fae760a991da394235e4e70e57bbd Allow to skip initialization of pipe file descriptor if the responder context already has one. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Allow to skip initialization of pipe file descriptor
if the responder context already has one.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
SSSD: Add the options to specify a UID and GID to run as 2014-10-20T19:43:40+00:00 Jakub Hrozek jhrozek@redhat.com 2014-10-06T14:28:13+00:00 ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Adds new command line options --uid and --gid to all SSSD servers,
making it possible to switch to another user ID if needed.

So far all code still runs as root.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
sudo: support views 2014-10-20T14:25:17+00:00 Pavel Březina pbrezina@redhat.com 2014-10-10T14:51:26+00:00 e15872d8e804b3a48b7bdd3f68c276b3ae8d11db Reviewed-by: Sumit Bose <sbose@redhat.com> 
Reviewed-by: Sumit Bose <sbose@redhat.com>
SUDO: Use the override_space option 2014-08-13T13:10:40+00:00 Jakub Hrozek jhrozek@redhat.com 2014-08-01T06:00:46+00:00 3b96d478851fbbe391ab30e3d6a0afdb9ecdd4a0 https://fedorahosted.org/sssd/ticket/2397 With this path, a user whose name is "space user" would match a sudo rule while using the override_default_space option. Please note that the option is only a client-side override, so the sudoUser attribute must contain the space in order to match the original name. In other words, when substituting space ( ) for underscore (_), this attribute would match: sudoUser: space user this would not: sudoUser: space_user Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
https://fedorahosted.org/sssd/ticket/2397

With this path, a user whose name is "space user" would match a sudo
rule while using the override_default_space option. Please note that the
option is only a client-side override, so the sudoUser attribute must
contain the space in order to match the original name. In other words,
when substituting space ( ) for underscore (_), this attribute would match:
    sudoUser: space user
this would not:
    sudoUser: space_user

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
sudo: use dbus array for rules refresh 2014-07-24T11:48:03+00:00 Pavel Březina pbrezina@redhat.com 2014-07-23T12:21:34+00:00 dfef1d050c35398c6061256a947b4cc9c1f4b8e6 D-Bus only supports 255 signatures which caused a segmentation fault when sudo responder tried to refresh more rules at once. Resolves: https://fedorahosted.org/sssd/ticket/2387 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
D-Bus only supports 255 signatures which caused a segmentation fault
when sudo responder tried to refresh more rules at once.

Resolves:
https://fedorahosted.org/sssd/ticket/2387

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
sudo: fetch sudoRunAs attribute 2014-07-15T14:45:05+00:00 Pavel Březina pbrezina@redhat.com 2014-07-14T12:23:50+00:00 7c30e60c525ea798aaab142766ff00eef4b5df3b This attribute was used in pre 1.7 versions of sudo and it is now deprecated by sudoRunAsUser and sudoRunAsGroup. However, some users still use this attribute so we need to support it to ensure backward compatibility. This patch makes sure that this attribute is downloaded if present and provided to sudo. Sudo than decides how to handle it. The new mapping option is not present in a man page since this attribute is deprecated in sudo for a very long time. Resolves: https://fedorahosted.org/sssd/ticket/2212 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This attribute was used in pre 1.7 versions of sudo and it is now
deprecated by sudoRunAsUser and sudoRunAsGroup. However, some users
still use this attribute so we need to support it to ensure backward
compatibility.

This patch makes sure that this attribute is downloaded if present and
provided to sudo. Sudo than decides how to handle it.

The new mapping option is not present in a man page since this
attribute is deprecated in sudo for a very long time.

Resolves:
https://fedorahosted.org/sssd/ticket/2212

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
IFP: Provide a SBUS method to reconnect to sysbus 2014-07-08T18:38:16+00:00 Jakub Hrozek jhrozek@redhat.com 2014-06-25T10:33:03+00:00 b76419cf8830440b46c20a15585562343c7b1924 Introduces a new method implemented only by the IFP responder. When this method is received, the responder attempts to reconnect to the system bus, if not connected already. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Introduces a new method implemented only by the IFP responder. When this
method is received, the responder attempts to reconnect to the system
bus, if not connected already.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
sudo: return after tevent_req_error 2014-06-27T08:23:37+00:00 Pavel Reichl preichl@redhat.com 2014-06-26T15:21:16+00:00 979f969abe7a75a2f41f6fddabec94674ca3c722 Don't call tevent_req_done after tevent_req_error (for the same request). Reviewed-by: Sumit Bose <sbose@redhat.com> 
Don't call tevent_req_done after tevent_req_error (for the same request).

Reviewed-by: Sumit Bose <sbose@redhat.com>