summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* IPA SUDO: Implement smart refreshPavel Březina2016-01-193-7/+438
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit cc7f9b639144183eb4f8bd86e5bed077da7d4e35)
* SDAP: Add sdap_or_filtersPavel Březina2016-01-192-7/+27
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit ad5a48c4947183fda49308259e3411d17a8b0a13)
* IPA SUDO: Remember USNPavel Březina2016-01-191-2/+48
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit d06cc0974e59cd6cf1da45cc8c60d6e822b731c2)
* IPA SUDO: Implement rules refreshPavel Březina2016-01-195-5/+186
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 9630a4614ba4d5f68e967d4e108893550a996f30)
* IPA SUDO: Implement full refreshPavel Březina2016-01-195-1/+2281
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit a641a13889d617aca6bd998025e9087e822ff7f0)
* IPA SUDO: Implement sudo handlerPavel Březina2016-01-192-0/+120
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/XXXX Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 4ddd5591c50e27dffa55f03fbce0dcc85cd50a8b)
* IPA SUDO: Add ipasudocmd mappingPavel Březina2016-01-195-0/+26
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit cc7766c8456653ab5d7dedbf432cb1711a905804)
* IPA SUDO: Add ipasudocmdgrp mappingPavel Březina2016-01-195-0/+28
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit ed8650be18af26b7bf389e1246f7e8cdb363f829)
* IPA SUDO: Add ipasudorule mappingPavel Březina2016-01-196-0/+92
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit a2057618f30a3c64bdffb35a2ef3c2ba148c8a03)
* IPA SUDO: choose between IPA and LDAP schemaPavel Březina2016-01-192-58/+88
| | | | | | | | | | | | This patch implement logic to choose between IPA and LDAP schema. From this point the sudo support in IPA is removed if sudo search base is not set specifically, it will be brought back in furter patches. Resolves: https://fedorahosted.org/sssd/ticket/1108 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 0f04241fc90f134af0272eb0999e75fb6749b595)
* SDAP: use ipa_get_rdn() in nested groupsPavel Březina2016-01-191-71/+9
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit a6dd4a6c55773e81490dcafd61d4b9782705e9bf)
* IPA: add ipa_get_rdn and ipa_check_rdnPavel Březina2016-01-193-0/+416
| | | | | | | To exploit knowledge of IPA LDAP hierarchy. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit b407fe0474a674bb42f0f42ab47c7f530a07a367)
* SUDO: fail on failed request that cannot be retryPavel Březina2016-01-191-0/+3
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit cad751beaa12e34e15565bc413442b1e80ac0c29)
* SUDO: allow to disable ptaskPavel Březina2016-01-191-16/+20
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit e085a79acfcd5331b6f99748e21765579a9a99f2)
* SUDO: move code shared between ldap and ipa to separate modulePavel Březina2016-01-194-110/+197
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 85feb8d77a2c832787880944e02104846c4d5376)
* SUDO: make sudo sysdb interface more reusablePavel Březina2016-01-198-396/+354
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 68abbe716bed7c8d6790d9bec168ef44469306a1)
* SUDO: use sdap_search_bases instead custom sb iteratorPavel Březina2016-01-191-104/+23
| | | | | | | Removes code duplication. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit e9ae5cd285dcc8fa232e16f9c7a29f18537272f2)
* SDAP: support empty filters in sdap_combine_filters()Pavel Březina2016-01-191-1/+4
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 1d3f5fc2802c218916e6d6bc98eeaed79c66bafe)
* SDAP: rename sdap_get_id_specific_filterPavel Březina2016-01-1917-57/+35
| | | | | | | | | More generic name is used now since it is not used only for id filters. Probably all references will be deleted when the code uses sdap_search_in_bases istead of custom search base iterators. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 92ec40e6aa25f75903ffdb166a8ec56b67bfd77d)
* SDAP: Add request that iterates over all search basesPavel Březina2016-01-195-7/+286
| | | | | | | | | We often need to iterate over many search bases but we always use mostly copy&paste iterator. This will reduce code duplication and simplify code flow. Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit d0599eaa9369fd867953e3c58b8d7bb445525ff5)
* sudo: remove unused param. in ldap_get_sudo_optionsPavel Reichl2016-01-153-5/+3
| | | | | | | Remove unused talloc memory context. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 8835ecb2ff5126629993a6b6d3fb0bb7baa3b765)
* sudo: remove unused param name in sdap_sudo_get_usn()Pavel Reichl2016-01-151-2/+1
| | | | | Reviewed-by: Petr Cech <pcech@redhat.com> (cherry picked from commit e307c269fe1dc94a1771b459c5925e449ba7668b)
* SDAP: do not fail if refs are found but not processedPavel Březina2016-01-151-10/+1
| | | | | | | | | | | It is possible to end up with not-processed referrals when using AD provider and ldap_referrals=true. Resolves: https://fedorahosted.org/sssd/ticket/2906 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> (cherry picked from commit 468495d91d536603a1c485424275b6dcf2bb83de)
* KRB5: Adding DNS SRV lookup for krb5 providerPetr Cech2016-01-141-0/+7
| | | | | | | | | | This patch add DNS SRV lookup for krb5 provider. Resolves: https://fedorahosted.org/sssd/ticket/2888 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 684191e61d891b1c34f3742a40d5a2ed6a1192dd)
* ldap: remove originalMeberOf if there is no memberOfSumit Bose2016-01-122-2/+18
| | | | | | | | | | | | | Since originalMemerberOf is not mapped directly to an original attribute and is handled specially it is not automatically removed if there is no memberOf in the original object anymore. This patch put originalMemerberOf on the list of attribute which should be removed in that case. Resolves https://fedorahosted.org/sssd/ticket/2917 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 9a2f018c0f68a3ada4cea4128a861a7f85893f22)
* AD SRV: prefer site-local DCs in LDAP pingPavel Březina2016-01-111-10/+30
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2765 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit a1c6869c67fcf4971ac843315b97bf46893ca92d)
* ipa_s2n_save_objects(): use configured user and group timeoutSumit Bose2016-01-071-5/+5
| | | | | | | Resolves https://fedorahosted.org/sssd/ticket/2899 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit acce97e8d97e81a9e660d46c4e3c00bcb423c035)
* sdap_save_grpmem: determine domain by SID if possibleSumit Bose2016-01-061-13/+35
| | | | | | | Resolves https://fedorahosted.org/sssd/ticket/2910 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 0c1fe8a15cced95e8451ad4c9260c5e4ecca45f1)
* Use right domain for user lookupsSumit Bose2016-01-061-1/+1
| | | | | | | Related to https://fedorahosted.org/sssd/ticket/2910 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit cc1370dab6de99e50ac41126b500382f0aaa73ae)
* nfs idmap: fix infinite loopSumit Bose2016-01-051-2/+2
| | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2909 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Noam Meltzer <tsnoam@gmail.com> (cherry picked from commit 2a256e4e4b64891fe846e933589506daa68aa13e)
* Update translations for the 1.13.3 releasesssd-1_13_3Jakub Hrozek2015-12-1517-14295/+15784
|
* SUDO: get srv_opts after we are connectedPavel Březina2015-12-151-1/+3
| | | | | | | It may be NULL in _send if SSSD has not been connected to LDAP so far. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 6b83f562fbd67cf61a7167c6057764fd08146241)
* SUDO: use size_t instead of int in for cyclesPavel Březina2015-12-151-2/+2
| | | | | | | | So we compare proper data types. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 15ebeedaad83cc5dcf896cfcdea850227fdc46b5)
* SUDO: make sdap_sudo_handler staticPavel Březina2015-12-152-2/+4
| | | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 895b8d884d0f5277e181fe1212ec0c0daaf3977d)
* SUDO: remove finalizerPavel Březina2015-12-151-7/+1
| | | | | | | | It is not used anywhere anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 38262a2622af9fe71ca336799da6e88d91be0d81)
* SUDO: obtain host information when going onlinePavel Březina2015-12-153-55/+101
| | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit cb235ec146f1ba81c211f8506736edea436be28a)
* SUDO: fix potential memory leak in sdap_sudo_initPavel Březina2015-12-151-2/+9
| | | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 556801ec367543a8d534e55ecd11a977642bcee6)
* SUDO: do not imitate full refresh if usn is unknown in smart refreshPavel Březina2015-12-152-20/+23
| | | | | | | | | USN value should be always known now if at least one full refresh was successful. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit c0000a8cc9eccdf5cd8dd72fd6e9bc09d8c7cf00)
* SUDO: built host filter inside sdap_sudo_refresh requestPavel Březina2015-12-153-245/+215
| | | | | | | | | Preparation for: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 1ab2b07c71da6c19c3855e390d10156d598c06a2)
* SUDO: set USN inside sdap_sudo_refresh requestPavel Březina2015-12-153-60/+49
| | | | | | | | Reduce code duplication. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit a00c89f23bd50d4fd9cf24aa09037c997781b8c9)
* SUDO: sdap_sudo_load_sudoers improve iteratorPavel Březina2015-12-151-69/+55
| | | | | | | | | The old search base iterator was difficult to read since its logic spread through all functions. This patch also shorten names. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit d103c2e4a704b1dfffd39fea2b601c2f337d06d5)
* SUDO: fix sdap_sudo_smart_refresh_recv()Pavel Březina2015-12-151-7/+7
| | | | | | | | This fix huge violation of tevent coding style. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit efa19bb588ce1dc6c3f4b94b94464886ad764d09)
* SUDO: fix tevent stylePavel Březina2015-12-154-300/+265
| | | | | | | | | Rearrage and rename functions in sdap_async_sudo.c to obey tevent style and improve readability. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 24eac34a8c1f0a284cb697e8d5c09ff049181691)
* SUDO: fix sdap_id_op logicPavel Březina2015-12-151-16/+18
| | | | | | | | Adds missing sdap_id_op_done call and retry logic. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 7e0158f9fdb1d299ab2d018e9d81cc71eed98c15)
* SUDO: simplify error handlingPavel Březina2015-12-154-70/+41
| | | | | | | | | This patch removes state->error and uses only ret instead since state->error was only duplication anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit fc19031212369d69a9693ac8777ce1e61a16fe93)
* SUDO: move offline check to handlerPavel Březina2015-12-152-6/+5
| | | | | | | | | | | | We let sdap_id_op decide if we are offline or not here but we should not get to this code since ptask is disabled and we will not get through sudo handler if offline. This simplyfies the code and make it more similar to other providers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 81f135f9e83031c4a021a3d19009b2bc179c8468)
* SUDO: move refreshes from sdap_sudo.c to sdap_sudo_refresh.cPavel Březina2015-12-153-642/+639
| | | | | | | | sdap_sudo.c will contain only initialization and handlers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 00fea5c2aaa0277bea522d2f61de75699ee2ed49)
* SUDO: convert periodical refreshes to be_ptaskPavel Březina2015-12-154-657/+185
| | | | | | | | | | | | | | | | This removes old sudo timer and simplyfies code a lot. It also allows to manage offline/online state. - Full and smart refresh are disabled when offline. - Full refresh is run immediately when sssd is back online. - Smart refresh is scheduled normally when sssd is back online. Resolves: https://fedorahosted.org/sssd/ticket/1943 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit a13cf3d295a4a6654dfa7e4193c0a2bc8bb78e92)
* KRB5_CHILD: Debug logs for PAC timeoutPetr Cech2015-12-141-0/+3
| | | | | | | | | | | | This patch adds debug message that inform user when KRB5_CHILD calls PAC responder. This action might take a bit of time in case the cache is not populated or up to date. Resolves: https://fedorahosted.org/sssd/ticket/2846 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* KRB5: Mark globals in krb5_opts.h as externPavel Březina2015-12-142-23/+48
| | | | | | | To avoid collisions when we want to work with them elsewhere in the code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 291a6c8af9759e41cec6f332cb72606ca90768c3)
generated by cgit (git 2.34.1) at 2025-09-28 07:11:04 +0000