summaryrefslogtreecommitdiffstats
path: root/src/responder/sudo
Commit message (Collapse)AuthorAgeFilesLines
* Lookup domains at startupSumit Bose2013-06-041-0/+6
| | | | | | | | | | | | To make sure that e.g. the short/NetBIOS domain name is available this patch make sure that the responders send a get_domains request to their backends at startup the collect the domain information or read it from the cache if the backend is offline. For completeness I added this to all responders even if they do not need the information at the moment. Fixes https://fedorahosted.org/sssd/ticket/1951
* Fixing critical format string issues.Lukas Slebodnik2013-05-201-2/+3
| | | | | | --missing arguments. --format '%s', but argument is integer. --wrong format string, examle: '%\n'
* sudo responder: search rules for subdomains in parent domain subtreePavel Březina2013-05-101-0/+5
| | | | | | | | https://fedorahosted.org/sssd/ticket/1912 SUDO rules are stored under cn=ipa.domain,cn=sysdb tree but sobdomains users are in cn=sub.domain,cn=sysdb. When we search for rules for subdomain users we have to switch domain context to parent.
* Remove unused TALLOC_CTX from responder_get_domain()Sumit Bose2013-05-021-1/+1
| | | | | | Recent refactoring removed the need to copy the domain info data of sub-domains because the related objects will not be removed from memory anymore.
* Check for correct variable nameJakub Hrozek2013-04-031-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1864
* change responder contexts hierarchyPavel Březina2013-03-201-9/+14
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1575 The hierarchy is now: main_ctx -> responder_ctx -> specific_ctx where specific_ctx is one of sudo, pam, etc.
* do not leak memory on failure in *_process_init()Pavel Březina2013-03-201-3/+7
|
* Removing unused parameter type from sudosrv_get_sudorules_query_cache()Lukas Slebodnik2013-03-071-6/+4
| | | | https://fedorahosted.org/sssd/ticket/1825
* Parent and subdomains use the same sysdbSimo Sorce2013-02-101-66/+7
| | | | | | Remove code that tries to get the 'right' sysdb, as it is always going to get the same answer anyway since the recent patches to rework the domains/sysdb relationship.
* Add function get_next_domain()Simo Sorce2013-02-101-3/+3
| | | | | | | Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
* sudo responder: change num_rules type from size_t to uint32_tPavel Březina2013-01-225-20/+20
| | | | | | | | https://fedorahosted.org/sssd/ticket/1779 2^32 should be enough to store sudo rules. size_t type was causing troubles on big endian architectures, because it wasn't used correctly in combination with D-Bus.
* Add domain arguments to sysdb sudo functionsSimo Sorce2013-01-151-4/+5
|
* Add domain argument to sysdb_search_custom()Simo Sorce2013-01-151-3/+7
| | | | Also changes sysdb_search_custom_by_name()
* Pass domain to sysdb_get<pw/gr>nam() functionsSimo Sorce2013-01-151-1/+1
| | | | | | Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore fqnames proper value in subdomains, by testing for a parent domain being present or not.
* RESPONDERS: Create a common file with service names and versionsJakub Hrozek2012-12-182-2/+1
| | | | | | | The monitor sends calls different sbus methods to different responders. Instead of including headers of the particular responders directly in monitor, which breaks layering a little, create a common header file that will be included from src/responder/common/
* sudo: print rule name if notBefore or notAfter attribute is missingPavel Březina2012-12-061-1/+1
| | | | | | | | | | | ...and if sudo_timed = true. https://fedorahosted.org/sssd/ticket/1688 A comma was missing in attribute list. This caused concatenation of the two attributes so we requested one attribute called "objectClasscn". This doesn't affect functionality, only debug messages.
* sudo: print message if old protocol is usedPavel Březina2012-12-021-3/+15
|
* SUDO: Fix wrong variable checkJakub Hrozek2012-11-191-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1650
* sudo: print how many rules we are refreshing or returningPavel Březina2012-11-141-3/+4
|
* sudo: do not send domain name with usernamePavel Březina2012-11-143-6/+5
| | | | | | | | This caused troubles with subdomain users and it is not really necessary. This patch does not change the protocol itself, that should be done on the earliest possible occasion. Part of https://fedorahosted.org/sssd/ticket/1616
* sudo: support users from subdomainsPavel Březina2012-11-144-60/+214
| | | | https://fedorahosted.org/sssd/ticket/1616
* use tmp_ctx in sudosrv_get_sudorules_from_cache()Pavel Březina2012-11-141-8/+20
|
* sudo: fix missing parameter in two debug messagesPavel Březina2012-11-141-3/+3
|
* sudo: do not hardcode protocol versionPavel Březina2012-10-301-1/+2
|
* Include talloc log in our debug facilityMichal Zidek2012-10-291-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1495
* Add new option default_domain_suffixSumit Bose2012-10-011-1/+2
|
* Remove SYSDB_SUDO_CACHE_OC from attribute listsPavel Březina2012-08-071-1/+0
| | | | It is not an attribute.
* Rename SYSDB_SUDO_CACHE_AT_OC to SYSDB_SUDO_CACHE_OCPavel Březina2012-08-071-1/+1
| | | | | It does not contain name of the object class attribute but the value itself. I renamed it to avoid confusion.
* Fix uninitialized valuesNick Guay2012-07-181-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1379
* Fix potential NULL-dereferenceStephen Gallagher2012-07-091-1/+2
| | | | Coverity #12800
* Fix potential NULL-dereferenceStephen Gallagher2012-07-091-1/+3
| | | | Coverity #12801
* sudo responder: schedule OOB full refresh when expired rule is deletedPavel Březina2012-06-292-4/+40
|
* sudo responder: refresh expired rulesPavel Březina2012-06-291-31/+106
|
* sudo responder: update dp interfacePavel Březina2012-06-293-34/+72
|
* sudo responder: allow fetching only expired rules in ↵Pavel Březina2012-06-291-25/+22
| | | | sudosrv_get_sudorules_query_cache()
* sudo sysdb: add expiration time to the filterPavel Březina2012-06-291-1/+1
|
* sudo responder: new request enum typePavel Březina2012-06-293-13/+19
| | | | | | | | | sss_sudo_type represents query type that comes to the responder sss_dp_sudo_type represents query type to DP that is issued by the responder I'm leaving current values of sss_dp_sudo_type untouched so the compilation is not broken. Hovewer, they will be changed to new DP types once the DP interface is updated.
* sudo responder: discard in-memory cachePavel Březina2012-06-293-375/+0
|
* sudo responder: change protocol version to 1Pavel Březina2012-06-291-0/+9
|
* sudo api: send uid, username and domainnamePavel Březina2012-06-294-109/+102
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1239 Test client was changed accordingly. The new usage is: sss_sudo_cli username [uid] If uid is not set, getpwnam(username) is called. It will retrieve both default options and rules.
* sudo responder: get rid of dctx where possiblePavel Březina2012-06-293-93/+102
|
* sudo responder: remove code duplication in commandsPavel Březina2012-06-294-277/+283
|
* Make re_expression and full_name_format per domain optionsStef Walter2012-06-121-2/+2
| | | | | | | | | | | * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
* Modified responder_get_domain()Jan Zeleny2012-04-241-1/+1
| | | | Now it checks for subdomains as well as for the domain itself
* Potential NULL-dereference in sudosrv_cmd_get_sudorulesPavel Březina2012-03-091-14/+12
| | | | https://fedorahosted.org/sssd/ticket/1236
* Use of unininitialized value in sudosrv_cache_set_entry and ↵Pavel Březina2012-03-091-0/+2
| | | | | | sudosrv_cache_lookup_internal https://fedorahosted.org/sssd/ticket/1232
* Use the correct hash table for pending requestsSimo Sorce2012-03-081-1/+1
| | | | | | | | | | | | | The function that handled pending requests on reconnect was checking an orphaned global variable that was never used, redenring the whole function uselsess. This fixes a very nasty bug that was causing requests for which we never received an answer for (for example because the backend failed and was restarted) to be never removed and therefore causing a black hole effect for any other request of the same type. Fixes: https://fedorahosted.org/sssd/ticket/1229
* Remove sysdb_get_ctx_from_list()Sumit Bose2012-02-291-7/+4
|
* Move sudo_dom_ctx.user to local variablePavel Březina2012-02-232-8/+8
|
* Honor case_sensitive option in sudo responderPavel Březina2012-02-234-21/+100
| | | | https://fedorahosted.org/sssd/ticket/1205