summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* UTIL: allow to skip default options for child processesSumit Bose2016-01-196-38/+47
| | | | | | | | | | | | | | Currently the SSSD default options like e.g. --debug-level are added unconditionally to the command line options of a child process when started with the child helper functions. If a binary from a different source should be started as a child by SSSD those options might not be known or used differently. This patch adds an option to exec_child_ex() which allows to skip the default options and only add specific options. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 9dcc7dbf04466cd8cd90aa0bb8acbebef9aca832)
* IPA SUDO: Add support for ipaSudoRunAsExt* attributesPavel Březina2016-01-195-0/+23
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit a7d2b4f157194c14bc4a40c74f6416b82befa460)
* SUDO: simplify usn filterPavel Březina2016-01-192-11/+5
| | | | | | | usn >= current && usn != currect is equivalent to usn >= current + 1 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 1476d5348fcf387e7481d833becbd993d91f8019)
* SUDO: remember usn as number instead of stringPavel Březina2016-01-194-28/+31
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit f58ffb26aeaae0642a149643672fa59ec01a3a36)
* SUDO: allow disabling full refreshPavel Březina2016-01-191-1/+1
| | | | | | | | | This condition always disabled smart refresh when full refresh interval was set to zero and thus disabling periodic refresh functionality completelely. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 8da71a9d5eebe7690b66fde8bfad195d5e3cc629)
* SUDO: assume zero if usn is unknownPavel Březina2016-01-194-30/+13
| | | | | | | | | When we switched to be_ptaks full_refresh_done has become obsolete since timing is handled in a better way. In case of unknown USN we assume zero which allows us to disable full refresh completely in configuration. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 8bd44a13de231d025882810c720dd07ca4ee564d)
* SUDO: remove full_refresh_in_progressPavel Březina2016-01-194-10/+0
| | | | | | | When we switched to be_ptask this variable has become obsolete. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 43bbf5b158ec3152806791ca49ae224ee978de24)
* SUDO: sdap_sudo_set_usn() do not steal usnPavel Březina2016-01-192-3/+10
| | | | | | | This is less error prone. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 3ff3bb43ae6509905bbf7fa6540c44cdbbd0f738)
* IPA SUDO: Implement smart refreshPavel Březina2016-01-193-7/+438
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit cc7f9b639144183eb4f8bd86e5bed077da7d4e35)
* SDAP: Add sdap_or_filtersPavel Březina2016-01-192-7/+27
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit ad5a48c4947183fda49308259e3411d17a8b0a13)
* IPA SUDO: Remember USNPavel Březina2016-01-191-2/+48
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit d06cc0974e59cd6cf1da45cc8c60d6e822b731c2)
* IPA SUDO: Implement rules refreshPavel Březina2016-01-195-5/+186
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 9630a4614ba4d5f68e967d4e108893550a996f30)
* IPA SUDO: Implement full refreshPavel Březina2016-01-196-2/+2285
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit a641a13889d617aca6bd998025e9087e822ff7f0)
* IPA SUDO: Implement sudo handlerPavel Březina2016-01-193-0/+121
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/XXXX Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 4ddd5591c50e27dffa55f03fbce0dcc85cd50a8b)
* IPA SUDO: Add ipasudocmd mappingPavel Březina2016-01-195-0/+26
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit cc7766c8456653ab5d7dedbf432cb1711a905804)
* IPA SUDO: Add ipasudocmdgrp mappingPavel Březina2016-01-195-0/+28
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit ed8650be18af26b7bf389e1246f7e8cdb363f829)
* IPA SUDO: Add ipasudorule mappingPavel Březina2016-01-196-0/+92
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit a2057618f30a3c64bdffb35a2ef3c2ba148c8a03)
* IPA SUDO: choose between IPA and LDAP schemaPavel Březina2016-01-192-58/+88
| | | | | | | | | | | | This patch implement logic to choose between IPA and LDAP schema. From this point the sudo support in IPA is removed if sudo search base is not set specifically, it will be brought back in furter patches. Resolves: https://fedorahosted.org/sssd/ticket/1108 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 0f04241fc90f134af0272eb0999e75fb6749b595)
* SDAP: use ipa_get_rdn() in nested groupsPavel Březina2016-01-192-71/+11
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit a6dd4a6c55773e81490dcafd61d4b9782705e9bf)
* IPA: add ipa_get_rdn and ipa_check_rdnPavel Březina2016-01-194-0/+438
| | | | | | | To exploit knowledge of IPA LDAP hierarchy. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit b407fe0474a674bb42f0f42ab47c7f530a07a367)
* SUDO: fail on failed request that cannot be retryPavel Březina2016-01-191-0/+3
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit cad751beaa12e34e15565bc413442b1e80ac0c29)
* SUDO: allow to disable ptaskPavel Březina2016-01-191-16/+20
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit e085a79acfcd5331b6f99748e21765579a9a99f2)
* SUDO: move code shared between ldap and ipa to separate modulePavel Březina2016-01-195-110/+199
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 85feb8d77a2c832787880944e02104846c4d5376)
* SUDO: make sudo sysdb interface more reusablePavel Březina2016-01-199-398/+354
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 68abbe716bed7c8d6790d9bec168ef44469306a1)
* SUDO: use sdap_search_bases instead custom sb iteratorPavel Březina2016-01-191-104/+23
| | | | | | | Removes code duplication. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit e9ae5cd285dcc8fa232e16f9c7a29f18537272f2)
* SDAP: support empty filters in sdap_combine_filters()Pavel Březina2016-01-191-1/+4
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 1d3f5fc2802c218916e6d6bc98eeaed79c66bafe)
* SDAP: rename sdap_get_id_specific_filterPavel Březina2016-01-1917-57/+35
| | | | | | | | | More generic name is used now since it is not used only for id filters. Probably all references will be deleted when the code uses sdap_search_in_bases istead of custom search base iterators. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 92ec40e6aa25f75903ffdb166a8ec56b67bfd77d)
* SDAP: Add request that iterates over all search basesPavel Březina2016-01-196-7/+288
| | | | | | | | | We often need to iterate over many search bases but we always use mostly copy&paste iterator. This will reduce code duplication and simplify code flow. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit d0599eaa9369fd867953e3c58b8d7bb445525ff5)
* sudo: remove unused param. in ldap_get_sudo_optionsPavel Reichl2016-01-153-5/+3
| | | | | | | Remove unused talloc memory context. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 8835ecb2ff5126629993a6b6d3fb0bb7baa3b765)
* sudo: remove unused param name in sdap_sudo_get_usn()Pavel Reichl2016-01-151-2/+1
| | | | | Reviewed-by: Petr Cech <pcech@redhat.com> (cherry picked from commit e307c269fe1dc94a1771b459c5925e449ba7668b)
* SDAP: do not fail if refs are found but not processedPavel Březina2016-01-151-10/+1
| | | | | | | | | | | It is possible to end up with not-processed referrals when using AD provider and ldap_referrals=true. Resolves: https://fedorahosted.org/sssd/ticket/2906 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> (cherry picked from commit 468495d91d536603a1c485424275b6dcf2bb83de)
* KRB5: Adding DNS SRV lookup for krb5 providerPetr Cech2016-01-141-0/+7
| | | | | | | | | | This patch add DNS SRV lookup for krb5 provider. Resolves: https://fedorahosted.org/sssd/ticket/2888 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 684191e61d891b1c34f3742a40d5a2ed6a1192dd)
* ldap: remove originalMeberOf if there is no memberOfSumit Bose2016-01-122-2/+18
| | | | | | | | | | | | | Since originalMemerberOf is not mapped directly to an original attribute and is handled specially it is not automatically removed if there is no memberOf in the original object anymore. This patch put originalMemerberOf on the list of attribute which should be removed in that case. Resolves https://fedorahosted.org/sssd/ticket/2917 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 9a2f018c0f68a3ada4cea4128a861a7f85893f22)
* AD SRV: prefer site-local DCs in LDAP pingPavel Březina2016-01-111-10/+30
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2765 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit a1c6869c67fcf4971ac843315b97bf46893ca92d)
* SPEC: Change package ownership of %{pubconfpath}/krb5.include.dLukas Slebodnik2016-01-111-1/+1
| | | | | | | | | | | | | | krb5 domain mapping files are stored to the directory %{pubconfpath}/krb5.include.d. It can be stored by ipa or ad provider. However this directory was owned by sub-package sssd-ipa. And ad provider can be installed without this package. Therefore %{pubconfpath}/krb5.include.d should be owned by common dependency. The owner of this directory was also fixed to sssd. It's already done by make install. It was changed only in spec file. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit b978d3e423c18d5697e6c1398c07e444e6f98e3f)
* ipa_s2n_save_objects(): use configured user and group timeoutSumit Bose2016-01-071-5/+5
| | | | | | | Resolves https://fedorahosted.org/sssd/ticket/2899 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit acce97e8d97e81a9e660d46c4e3c00bcb423c035)
* sdap_save_grpmem: determine domain by SID if possibleSumit Bose2016-01-061-13/+35
| | | | | | | Resolves https://fedorahosted.org/sssd/ticket/2910 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 0c1fe8a15cced95e8451ad4c9260c5e4ecca45f1)
* Use right domain for user lookupsSumit Bose2016-01-061-1/+1
| | | | | | | Related to https://fedorahosted.org/sssd/ticket/2910 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit cc1370dab6de99e50ac41126b500382f0aaa73ae)
* nfs idmap: fix infinite loopSumit Bose2016-01-051-2/+2
| | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2909 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Noam Meltzer <tsnoam@gmail.com> (cherry picked from commit 2a256e4e4b64891fe846e933589506daa68aa13e)
* Upgrading the version for the 1.13.4 releaseJakub Hrozek2015-12-151-1/+1
|
* Update translations for the 1.13.3 releasesssd-1_13_3Jakub Hrozek2015-12-1539-20807/+22399
|
* SUDO: get srv_opts after we are connectedPavel Březina2015-12-151-1/+3
| | | | | | | It may be NULL in _send if SSSD has not been connected to LDAP so far. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 6b83f562fbd67cf61a7167c6057764fd08146241)
* SUDO: use size_t instead of int in for cyclesPavel Březina2015-12-151-2/+2
| | | | | | | | So we compare proper data types. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 15ebeedaad83cc5dcf896cfcdea850227fdc46b5)
* SUDO: make sdap_sudo_handler staticPavel Březina2015-12-152-2/+4
| | | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 895b8d884d0f5277e181fe1212ec0c0daaf3977d)
* SUDO: remove finalizerPavel Březina2015-12-151-7/+1
| | | | | | | | It is not used anywhere anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 38262a2622af9fe71ca336799da6e88d91be0d81)
* SUDO: obtain host information when going onlinePavel Březina2015-12-153-55/+101
| | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit cb235ec146f1ba81c211f8506736edea436be28a)
* SUDO: fix potential memory leak in sdap_sudo_initPavel Březina2015-12-151-2/+9
| | | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 556801ec367543a8d534e55ecd11a977642bcee6)
* SUDO: do not imitate full refresh if usn is unknown in smart refreshPavel Březina2015-12-152-20/+23
| | | | | | | | | USN value should be always known now if at least one full refresh was successful. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00)
* SUDO: built host filter inside sdap_sudo_refresh requestPavel Březina2015-12-153-245/+215
| | | | | | | | | Preparation for: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 1ab2b07c71da6c19c3855e390d10156d598c06a2)
* SUDO: set USN inside sdap_sudo_refresh requestPavel Březina2015-12-153-60/+49
| | | | | | | | Reduce code duplication. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit a00c89f23bd50d4fd9cf24aa09037c997781b8c9)
generated by cgit (git 2.34.1) at 2025-09-28 02:37:50 +0000