On Fri, 2011-12-16 at 14:02 +0100, Pavel Březina wrote: > https://fedorahosted.org/sssd/ticket/1105 (review ticket) > https://fedorahosted.org/sssd/ticket/623 (sudo integration) > > Hello, > it is finally here. > > These patches *assume* that "Responders: Split getting domain by name > into separate function" patch has been applied, it can be found in > "Ability to set a domain as case sensitive or insensitive" thread. > > Design page: > https://fedorahosted.org/sssd/wiki/DesignDocs/SUDOIntegrationNewApproach > > What's left: > 1. implementing support of sssd in sudo sudoers plugin > 2. periodical update of all rules > 3. provide documentation > 4. in memory cache in responder > 5. refactor DP request using "RESPONDER: Refactor DP requests into > tevent_req style" patch > 6. provide few more configuration options > 7. support the IPA scheme > > How to configure it: > 1. configure --enable-all-experimental-features > 2. sssd.conf: > services += sudo > domain options: sudo_provider, ldap_sudo_search_base > > How to test it: > > sss_sudo_cli username > This will display rules for %username. It performs two lookups: > 1. using native sssd api to get and display raw date (it prints every > byte as char so don't be scared of silly characters that are shown > instead of numbers) > 2. using api that we provide to sudo and use it to display data in user > readable format > > Big thanks to Jakub, who has written whole sysdb api and a big part of > responder.
I'm acking this and pushing it to master provisionally. It's self-contained code that only builds with the --enable-all-experimental-features flag, so we're going to break with our usual process here somewhat and get the changes in now. We'll tweak what needs tweaking during the 1.8.0 process, but there's no reason to hold it back in the meantime. I'm pushing the patches with one minor modification to the sysdb patch to fix a -Wformat-security warning due to passing a variable directly to a talloc_asprintf. Pushed to master.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
