summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_sudo.c
Commit message (Collapse)AuthorAgeFilesLines
* sudo: do full refresh when data provider is back online1.9.2-49Pavel Březina2012-12-181-7/+72
| | | | | | | | https://fedorahosted.org/sssd/ticket/1689 Add a online callback if the first full refresh fails due to the provider beeing offline so we can perform the refresh as soon as possible.
* sudo: schedule another full refresh in short interval if the first failsPavel Březina2012-12-181-0/+27
| | | | | | | https://fedorahosted.org/sssd/ticket/1689 If the first full refresh of sudo rules fails because the data provider is offline, we will schedule another one in 2, 4, ... minutes.
* check dp error in sdap_sudo_full_refresh_done()Pavel Březina2012-12-181-3/+8
| | | | https://fedorahosted.org/sssd/ticket/1689
* add sdap_sudo_schedule_refresh()Pavel Březina2012-12-181-43/+71
| | | | Reduces amount of code duplication.
* SUDO: strdup the input variable1.9.2-42Jakub Hrozek2012-12-141-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1701
* sudo: don't get stuck in rules and smart refresh when offline1.9.2-39Pavel Březina2012-12-141-4/+14
| | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1682 The problem was in following code: if (ret != EOK || state->dp_error != DP_ERR_OK || state->error != EOK) { tevent_req_error(req, ret); return; } In situation when data provider error occurs (e.g. when offline), ret == EOK but dp_error != DP_ERR_OK and we take the true branch. This results in calling tevent_req_error(req, EOK). Unfortunately, with EOK tevent_req_error only returns false, but does not trigger callback and this tevent request hangs forever, because no tevent_req_done(req) is called.
* sudo: store rules with no sudoHost attributePavel Březina2012-11-191-0/+7
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1640 Normal rules requires that sudoHost attribute is present. But this attribute is not mandatory for a special rule named cn=defaults. This patch modifies filter so that we store even rules that doesn't have sudoHost attribute specified. SUDO will then decide whether it is allowed or not.
* sudo refresh: handle errors properlyPavel Březina2012-11-051-8/+25
| | | | We should test both ret and (dp_error, errno) pair.
* sudo: do not fail if usn value is zero but full refresh is completedPavel Březina2012-11-051-7/+17
| | | | | | | | https://fedorahosted.org/sssd/ticket/1596 In case that LDAP server contains zero sudo rules, the full refresh completes succussfully and stores current USN value (= 0). But then smart refresh will fail because it takes USN=0 as invalid value.
* Variable in sdap_sudo_rules_refresh_send could be used, uninitialized.Michal Zidek2012-10-031-0/+1
|
* Rename SYSDB_SUDO_CACHE_AT_OC to SYSDB_SUDO_CACHE_OCPavel Březina2012-08-071-2/+2
| | | | | It does not contain name of the object class attribute but the value itself. I renamed it to avoid confusion.
* sdap_sudo.c: add missing end of line in few debug messagesPavel Březina2012-07-231-3/+3
|
* Fix uninitialized valuesNick Guay2012-07-181-6/+6
| | | | https://fedorahosted.org/sssd/ticket/1379
* Fix uninitialized variableStephen Gallagher2012-07-091-0/+1
| | | | Coverity #12802
* sudo ldap provider: do per-host updatesPavel Březina2012-06-291-3/+160
| | | | Add host information to LDAP filters.
* sudo ldap provider: mark sdap_sudo_setup_periodical_refresh() as staticPavel Březina2012-06-291-2/+2
|
* sudo ldap provider: load host filter configuration on initPavel Březina2012-06-291-3/+52
| | | | | | | We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
* sudo ldap provider: pass sudo_ctx instead of id_ctxPavel Březina2012-06-291-39/+57
| | | | | I had to create a new context structure to store additional information such as ip addresses and hostnames.
* sdap_sudo.c: move _recv after _donePavel Březina2012-06-291-45/+45
|
* sudo ldap provider: modify highest USN in sdap_sudo_rules_refresh_done()Pavel Březina2012-06-291-3/+14
|
* sudo ldap provider: notify responder when an expired rule has been deletedPavel Březina2012-06-291-11/+76
| | | | | | | | | | | | | | | | When an expired rule is not present on the server server during specific rule refresh, the provider will notify the sudo responder that it has been deleted. Because there is a high probability that some other rules were deleted from the server as well, we want to remove them from sysdb as soon as possible. Once the responder is notified, it will schedule an out of band full refresh. This is issued by responder, because we already have a mechanism that prohibits creation of similar request (i.e. once the OOB full refresh is scheduled, there won't be another). The notification is done by returning: DP error = DP_ERR_OK, error = ENOENT
* sudo ldap provider: return number of downloaded rules in ↵Pavel Březina2012-06-291-4/+6
| | | | sdap_sudo_refresh_recv()
* sudo ldap provider: support periodical smart refreshPavel Březina2012-06-291-73/+177
| | | | | | | | | | | | When SSSD is started, then full refresh is scheduled. The smart refresh is scheduled after this full refresh, if USN (or modifyTimestamp) values are available. If full refresh interval <= smart refresh interval then full refresh will be disabled. If both refresh types are 0 then smart refresh interval is set to default value.
* sudo ldap provider: add periodical smart refresh APIPavel Březina2012-06-291-0/+63
|
* sudo ldap provider: add smart refresh APIPavel Březina2012-06-291-0/+128
|
* sudo ldap provider: remember highest usn after full refreshPavel Březina2012-06-291-1/+9
|
* sudo ldap provider: add sdap_sudo_set_usn()Pavel Březina2012-06-291-0/+22
|
* sudo ldap provider: find highest USNPavel Březina2012-06-291-2/+3
|
* sudo ldap provider: support periodical full refreshPavel Březina2012-06-291-0/+129
|
* sudo provider: remove old timerPavel Březina2012-06-291-67/+0
|
* sudo ldap provider: add support for on demand refresh of specific rulesPavel Březina2012-06-291-0/+8
|
* sudo ldap provider: provide API for refresh of specific rulesPavel Březina2012-06-291-0/+93
|
* sudo ldap provider: add support for on demand full refreshPavel Březina2012-06-291-16/+25
|
* sudo ldap provider: provide API for full refreshPavel Březina2012-06-291-0/+125
|
* sudo ldap provider: give sdap_sudo_refresh_send() search and purge filtersPavel Březina2012-06-291-2/+2
|
* sudo ldap provider: move async routines to sdap_async_sudo.cPavel Březina2012-06-291-675/+0
|
* Add support for filtering atributesJan Zeleny2012-05-311-1/+1
| | | | | This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
* LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher2012-05-101-1/+1
| | | | | | | This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
* LDAP: Only use paging control on requests for multiple entriesStephen Gallagher2012-02-241-1/+2
| | | | | | | | | | The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one
* Redesign purging of the sudo cachePavel Březina2012-02-171-19/+55
| | | | https://fedorahosted.org/sssd/ticket/1173
* Do not call sudo functions if built without-sudoJakub Hrozek2012-02-051-6/+0
|
* Move BUILD_SUDO outside the generic LDAP source filesJakub Hrozek2012-02-041-0/+107
| | | | Avoid #ifdefs in the general part of the code
* LDAP: Do not fail if RootDSE check cannot determine search basesStephen Gallagher2012-02-041-0/+9
| | | | https://fedorahosted.org/sssd/ticket/1152
* SUDO Integration - prepare data provider for new responder commandsPavel Březina2012-01-271-105/+173
| | | | https://fedorahosted.org/sssd/ticket/1143
* SUDO Integration - wrap data provider with tevent_reqPavel Březina2012-01-171-43/+130
| | | | https://fedorahosted.org/sssd/ticket/1110
* SUDO Integration review issuesPavel Březina2012-01-171-2/+1
|
* SUDO Integration - fixed memory leak in sdap_sudo_handler()Pavel Březina2011-12-201-0/+1
|
* SUDO Integration - be_sudo_req removed from sudo_ctxPavel Březina2011-12-201-1/+0
|
* SUDO integration - LDAP providerPavel Březina2011-12-161-0/+566
generated by cgit (git 2.34.1) at 2024-04-23 10:12:57 +0000