summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_sudo.c
Commit message (Collapse)AuthorAgeFilesLines
* DP: Switch to new interfacePavel Březina2016-06-201-105/+128
| | | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Rename dp_backend.h to backend.hPavel Březina2016-06-201-1/+1
| | | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: assume zero if usn is unknownPavel Březina2016-01-191-4/+0
| | | | | | | | When we switched to be_ptaks full_refresh_done has become obsolete since timing is handled in a better way. In case of unknown USN we assume zero which allows us to disable full refresh completely in configuration. Reviewed-by: Sumit Bose <sbose@redhat.com>
* SUDO: make sudo sysdb interface more reusablePavel Březina2016-01-191-1/+0
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* SUDO: make sdap_sudo_handler staticPavel Březina2015-12-151-1/+3
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: remove finalizerPavel Březina2015-12-151-7/+1
| | | | | | | It is not used anywhere anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: obtain host information when going onlinePavel Březina2015-12-151-47/+32
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2672 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix potential memory leak in sdap_sudo_initPavel Březina2015-12-151-2/+9
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: fix tevent stylePavel Březina2015-12-151-5/+1
| | | | | | | | Rearrage and rename functions in sdap_async_sudo.c to obey tevent style and improve readability. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: simplify error handlingPavel Březina2015-12-151-11/+11
| | | | | | | | This patch removes state->error and uses only ret instead since state->error was only duplication anyway. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: move offline check to handlerPavel Březina2015-12-151-0/+5
| | | | | | | | | | | We let sdap_id_op decide if we are offline or not here but we should not get to this code since ptask is disabled and we will not get through sudo handler if offline. This simplyfies the code and make it more similar to other providers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: move refreshes from sdap_sudo.c to sdap_sudo_refresh.cPavel Březina2015-12-151-642/+0
| | | | | | | sdap_sudo.c will contain only initialization and handlers. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SUDO: convert periodical refreshes to be_ptaskPavel Březina2015-12-151-458/+12
| | | | | | | | | | | | | | | This removes old sudo timer and simplyfies code a lot. It also allows to manage offline/online state. - Full and smart refresh are disabled when offline. - Full refresh is run immediately when sssd is back online. - Smart refresh is scheduled normally when sssd is back online. Resolves: https://fedorahosted.org/sssd/ticket/1943 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sudo: remove unused param. in ldap_get_sudo_optionsPavel Reichl2015-10-121-1/+1
| | | | | | Remove unused talloc memory context. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sudo: replace asterisk with escape sequence in host filterPavel Březina2014-07-291-1/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2377 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Make DEBUG macro invocations variadicNikolai Kondrashov2014-02-121-88/+88
| | | | | | | | | | | | | | | | | | | | | | | | Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SYSDB: Drop the sysdb_ctx parameter from the sysdb_sudo.c moduleJakub Hrozek2013-11-151-4/+2
|
* Fix formating of variables with type: time_tLukas Slebodnik2013-09-111-2/+2
|
* sudo: continue if we are unable to resolve fqdnPavel Březina2013-08-191-1/+0
| | | | https://fedorahosted.org/sssd/ticket/2043
* LDAP: sdap_id_ctx might contain several connectionsJakub Hrozek2013-06-071-3/+3
| | | | | | | | | | | | | | | | | | | With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches.
* Add be_req_get_data() helper funciton.Simo Sorce2013-01-211-2/+2
| | | | In preparation for making struct be_req opaque.
* Add be_req_get_be_ctx() helper.Simo Sorce2013-01-211-1/+2
| | | | In preparation for making be_req opaque
* Remove sysdb as a be context structure memberSimo Sorce2013-01-211-3/+3
| | | | The sysdb context is already available through the 'domain' structure.
* Add domain arguments to sysdb sudo functionsSimo Sorce2013-01-151-2/+7
|
* sudo smart refresh: fix debug messagePavel Březina2013-01-071-1/+1
|
* sudo smart refresh: do not include usn in filter if no valid usn is knownPavel Březina2013-01-071-5/+12
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1736 When there are no rules during first refresh, we don't have valid USN value. We use 0 in this case, but it turned out that OpenLDAP takes it as invalid time format (if modifyTimestamp is used instead of USN) and thus returns no records. Now we don't include USN/modifyTimestamp attribute in the filter if such situasion occurs.
* LDAP: initialize refresh function handlerOndrej Kos2013-01-041-1/+1
|
* Add default section to switch statementSumit Bose2012-12-191-0/+3
| | | | | | switch statements should always have a default section. In this particular case gcc gave a "'send_fn' may be used uninitialized in this function" warning.
* sudo: do full refresh when data provider is back onlinePavel Březina2012-12-181-7/+72
| | | | | | | | https://fedorahosted.org/sssd/ticket/1689 Add a online callback if the first full refresh fails due to the provider beeing offline so we can perform the refresh as soon as possible.
* sudo: schedule another full refresh in short interval if the first failsPavel Březina2012-12-181-0/+27
| | | | | | | https://fedorahosted.org/sssd/ticket/1689 If the first full refresh of sudo rules fails because the data provider is offline, we will schedule another one in 2, 4, ... minutes.
* check dp error in sdap_sudo_full_refresh_done()Pavel Březina2012-12-181-3/+8
| | | | https://fedorahosted.org/sssd/ticket/1689
* add sdap_sudo_schedule_refresh()Pavel Březina2012-12-181-43/+71
| | | | Reduces amount of code duplication.
* sudo: don't get stuck in rules and smart refresh when offlinePavel Březina2012-12-111-4/+14
| | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1682 The problem was in following code: if (ret != EOK || state->dp_error != DP_ERR_OK || state->error != EOK) { tevent_req_error(req, ret); return; } In situation when data provider error occurs (e.g. when offline), ret == EOK but dp_error != DP_ERR_OK and we take the true branch. This results in calling tevent_req_error(req, EOK). Unfortunately, with EOK tevent_req_error only returns false, but does not trigger callback and this tevent request hangs forever, because no tevent_req_done(req) is called.
* SUDO: strdup the input variableJakub Hrozek2012-12-071-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1701
* fix -O3 variable may be uninitialized warningsPavel Březina2012-11-161-2/+2
|
* sudo: store rules with no sudoHost attributePavel Březina2012-11-151-0/+7
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1640 Normal rules requires that sudoHost attribute is present. But this attribute is not mandatory for a special rule named cn=defaults. This patch modifies filter so that we store even rules that doesn't have sudoHost attribute specified. SUDO will then decide whether it is allowed or not.
* sudo refresh: handle errors properlyPavel Březina2012-10-241-8/+25
| | | | We should test both ret and (dp_error, errno) pair.
* sudo: do not fail if usn value is zero but full refresh is completedPavel Březina2012-10-241-7/+17
| | | | | | | | https://fedorahosted.org/sssd/ticket/1596 In case that LDAP server contains zero sudo rules, the full refresh completes succussfully and stores current USN value (= 0). But then smart refresh will fail because it takes USN=0 as invalid value.
* Variable in sdap_sudo_rules_refresh_send could be used, uninitialized.Michal Zidek2012-10-031-0/+1
|
* Rename SYSDB_SUDO_CACHE_AT_OC to SYSDB_SUDO_CACHE_OCPavel Březina2012-08-071-2/+2
| | | | | It does not contain name of the object class attribute but the value itself. I renamed it to avoid confusion.
* sdap_sudo.c: add missing end of line in few debug messagesPavel Březina2012-07-231-3/+3
|
* Fix uninitialized valuesNick Guay2012-07-181-6/+6
| | | | https://fedorahosted.org/sssd/ticket/1379
* Fix uninitialized variableStephen Gallagher2012-07-091-0/+1
| | | | Coverity #12802
* sudo ldap provider: do per-host updatesPavel Březina2012-06-291-3/+160
| | | | Add host information to LDAP filters.
* sudo ldap provider: mark sdap_sudo_setup_periodical_refresh() as staticPavel Březina2012-06-291-2/+2
|
* sudo ldap provider: load host filter configuration on initPavel Březina2012-06-291-3/+52
| | | | | | | We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
* sudo ldap provider: pass sudo_ctx instead of id_ctxPavel Březina2012-06-291-39/+57
| | | | | I had to create a new context structure to store additional information such as ip addresses and hostnames.
* sdap_sudo.c: move _recv after _donePavel Březina2012-06-291-45/+45
|
* sudo ldap provider: modify highest USN in sdap_sudo_rules_refresh_done()Pavel Březina2012-06-291-3/+14
|
* sudo ldap provider: notify responder when an expired rule has been deletedPavel Březina2012-06-291-11/+76
| | | | | | | | | | | | | | | | When an expired rule is not present on the server server during specific rule refresh, the provider will notify the sudo responder that it has been deleted. Because there is a high probability that some other rules were deleted from the server as well, we want to remove them from sysdb as soon as possible. Once the responder is notified, it will schedule an out of band full refresh. This is issued by responder, because we already have a mechanism that prohibits creation of similar request (i.e. once the OOB full refresh is scheduled, there won't be another). The notification is done by returning: DP error = DP_ERR_OK, error = ENOENT
generated by cgit (git 2.34.1) at 2024-06-09 19:24:01 +0000