summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* build: Switch to AM_DISTCHECK_CONFIGURE_FLAGSNikolai Kondrashov2014-05-261-3/+3
| | | | | | | | | | | | | Use AM_DISTCHECK_CONFIGURE_FLAGS in Makefile.am instead of DISTCHECK_CONFIGURE_FLAGS to allow using the latter at build time, upon making distcheck target. In particular, the above would allow specifying --with-test-dir option to help archive test data in CI runs, like this: make distcheck DISTCHECK_CONFIGURE_FLAGS=--with-test-dir=/dev/shm/ci-test-dir Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* TEST: fix warning in sbus_codegen_testsPavel Reichl2014-05-261-0/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* UTIL: Include netinet/in.h for ip adress macrosLukas Slebodnik2014-05-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The manual page in.h (man in.h) says: The <netinet/in.h> header shall define the in6_addr structure that con‐ tains at least the following member: uint8_t s6_addr[16] The <netinet/in.h> header shall define the following macros that test for special IPv6 addresses. Each macro is of type int and takes a sin‐ gle argument of type const struct in6_addr *: IN6_IS_ADDR_LINKLOCAL: Unicast link-local address. IN6_IS_ADDR_LOOPBACK: Loopback address. IN6_IS_ADDR_MULTICAST: Multicast address. The header file netinet/in.h> was not included directly in src/util/util.c and it caused few problems. ./src/util/util.h:378: warning: 'struct in6_addr' declared inside parameter list ./src/util/util.h:378: warning: its scope is only this definition or declaration, which is probably not what you want src/util/util.c: In function 'check_ipv4_addr': src/util/util.c:765: error: implicit declaration of function 'IN_MULTICAST' src/util/util.c:769: error: 'IN_LOOPBACKNET' undeclared (first use in this function) src/util/util.c:769: error: (Each undeclared identifier is reported only once src/util/util.c:769: error: for each function it appears in.) src/util/util.c:778: error: 'INADDR_BROADCAST' undeclared (first use in this function) src/util/util.c: At top level: src/util/util.c:786: warning: 'struct in6_addr' declared inside parameter list src/util/util.c:787: error: conflicting types for 'check_ipv6_addr' ./src/util/util.h:378: error: previous declaration of 'check_ipv6_addr' was here src/util/util.c: In function 'check_ipv6_addr': src/util/util.c:796: error: implicit declaration of function 'IN6_IS_ADDR_LINKLOCAL' src/util/util.c:799: error: implicit declaration of function 'IN6_IS_ADDR_LOOPBACK' src/util/util.c:802: error: implicit declaration of function 'IN6_IS_ADDR_MULTICAST' Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Don't use macro _XOPEN_SOURCE for extra featuresLukas Slebodnik2014-05-261-2/+2
| | | | | | | | | | | | | | We defined macro _XOPEN_SOURCE before time.h, because we need function strptime The problem is with undef after including header time.h The macro _XOPEN_SOURCE can be defined on some platforms and undef can cause problems. We detect all necessary feature macros in configure script using AC_USE_SYSTEM_EXTENSIONS or AC_GNU_SOURCE. It is better to include header file config.h instead of defining macro _XOPEN_SOURCE Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: Fix order of header files.Lukas Slebodnik2014-05-261-1/+3
| | | | | | | | | | | | | | | | | | | | | | The older version of glibc and different implementations of libs requires feature macros for enabling function getline. getline(), getdelim(): Since glibc 2.10: _POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700 Before glibc 2.10: _GNU_SOURCE All feature macros are in header file config.h and are detected by configure script. The header file config.h was included after few other header files. The problem is that header files stdio.h is included just once and is included from many external header files. We need to include config.h before any other header file to prevent problems. src/util/nscd.c: In function ‘sss_nscd_parse_conf’: src/util/nscd.c:150: error: implicit declaration of function ‘getline’ Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SBUS: Include config.h for enabling function in stdio.hLukas Slebodnik2014-05-261-0/+3
| | | | | | | | | | | | | | | | | Older versions of glibc requires extra feature macros for function open_memstream. fmemopen(), open_memstream(), open_wmemstream(): Since glibc 2.10: _XOPEN_SOURCE >= 700 || _POSIX_C_SOURCE >= 200809L Before glibc 2.10: _GNU_SOURCE src/sbus/sssd_dbus_introspect.c: In function 'introspect_begin': src/sbus/sssd_dbus_introspect.c:82: error: implicit declaration of function 'open_memstream' src/sbus/sssd_dbus_introspect.c:82: warning: assignment makes pointer from integer without a cast Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SBUS: Define DBUS_ERROR_INIT for old version of dbusLukas Slebodnik2014-05-261-0/+4
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AUTOCONF: Move detection of samba libraries to one fileLukas Slebodnik2014-05-263-7/+11
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* contrib: add BuildRequires libsmbclient-devel to spec fileSumit Bose2014-05-231-0/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD-GPO: add libsmbclient to makefilesYassir Elley2014-05-233-3/+13
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* AD-GPO: Remove dependency on libsamba-securityYassir Elley2014-05-234-27/+586
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* IFP: Support multiple interfaces on sysbusJakub Hrozek2014-05-231-18/+29
| | | | | | | | Instead of passing just one interface with the functions, we need to support multiple interfaces for the InfoPipe and export them all on the sysbus. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SBUS: Add org.freedesktop.DBus.Properties.Get to IntrospectionJakub Hrozek2014-05-222-0/+18
| | | | | Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SBUS: Add several error constant definitionsJakub Hrozek2014-05-221-0/+20
| | | | | | | | Several error constants we use were added in later DBus versions. This patch conditionally #defines them. Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SBUS: Return / if an object path getter returns NULLJakub Hrozek2014-05-225-1/+29
| | | | | Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SBUS: Return empty string if a string getter returns NULLPavel Březina2014-05-225-2/+32
| | | | | | | | | In line with getters never returning errors, a getter should return an empty string instead of NULL in case a string-like property in SSSD is not set. Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SBUS: Implement org.freedesktop.DBus.Properties.Get for primitive typesJakub Hrozek2014-05-227-44/+1229
| | | | | | | | | | | | | | This patch implements type-safe getters for primitive types and their arrays. The patch includes unit tests of all supported types and arrays of these types. All getter are synchronous. The getters never fail, instead, they return a default or 'not defined' value. Making the getters synchronous and always returning a value will make it significantly easier to implement the GetAll method. Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SBUS: Start implementing property accessStef Walter2014-05-2210-19/+213
| | | | | | | | | | | | | | | | This patch adds the basis of SBUS getters and setters. A new module, sssd_dbus_properties.c would contain handlers for the property methods like Get, Set and GetAll. Type-safe property access works in a similar fashion like type-safe method calls - the invoker calls the getter which returns the primitive type, which is in turn marshalled into variant by the invoker. This patch does not contain the complete functionality, see later patches that continue implementing the getters and setters. Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IFP: Allow Set, Get and GetAll from DBus.PropertiesJakub Hrozek2014-05-221-0/+10
| | | | | | | | | | | | The InfoPipe will support all three of: DBus.Properties.Get DBus.Properties.GetAll DBus.Properties.Set Hence it must allow these calls to be received. Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SBUS: Utility function sbus_request_return_array_as_variantPavel Březina2014-05-222-0/+124
| | | | | | | | | Adds a utility function that returns an array of types values, each of a given size, with a given type in a variant. This utility function will be used by the GetAll property call. Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SBUS: Utility function sbus_request_return_as_variantJakub Hrozek2014-05-222-0/+68
| | | | | | | | Adds a utility function that returns a single value with a given type in a variant. This utility function will be used by the Get property call. Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IFP: Add a unit test for ifp_reply_objpathJakub Hrozek2014-05-221-0/+30
| | | | | Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IFP: Add a utility function to reply with an object pathPavel Březina2014-05-222-0/+48
| | | | | Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IFP: Add utility functions to escape and unescape object pathsJakub Hrozek2014-05-223-1/+240
| | | | | | | | | | | | D-Bus spec says: Each element must only contain the ASCII characters "[A-Z][a-z][0-9]_" This patch adds two utility functions to escape raw input into format suitable for DBus and conversely transform escaped paths back into raw paths. Reviewed-by: Stef Walter <stefw@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: Initialize user_map_cnt in server modeJakub Hrozek2014-05-221-0/+1
| | | | | | | | | | | user_map_cnt was initialized when all the traditional back ends are initialized. However, for the server mode, we simply copy the defaults and the count was left zeroed, which led to crashes. Down the road, we should consider tying the map and the attribute count together (see ticket #2336) Reviewed-by: Pavel Reichl <preichl@redhat.com>
* well known sids: Windows Server 2012 new asserted identity SIDsAlexander Bokovoy2014-05-211-0/+2
| | | | | | | | | | http://support.microsoft.com/kb/2830145 In Windows Server 2012, two new security principal SIDs are introduced to differentiate between proof of possession and Service-for-User-to-Self (S4U2Self) protocol transitions . Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* ipa subdomains provider: make sure search by SID works for homedirAlexander Bokovoy2014-05-211-5/+15
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* resolv: Do not try to free addrinfo in case of errorLukas Slebodnik2014-05-201-1/+2
| | | | | | | | | | | We should call freeaddrinfo only in situation if getaddrinfo succeeds. It is not specified in RFC2553 the behaviour of calling freeaddrinfo with the NULL argument. It is more portable to do not rely on undocumented behaviour of glibc. http://www.ietf.org/rfc/rfc2553.txt [Page 28] Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Remove unused parameter from ifp_user_get_groups_replyLukas Slebodnik2014-05-201-4/+2
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Remove unused parameter from ifp_user_get_attr_handle_replyLukas Slebodnik2014-05-201-4/+4
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* CONFIGURE: Remove duplicate detection of pamLukas Slebodnik2014-05-181-6/+0
| | | | | | The same test is in file src/external/pam.m4 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* CRYPTO: Use unprefixed version of function stpncpyLukas Slebodnik2014-05-182-4/+4
| | | | | | | | | | | | | | | | glibc contains two versions of finction stpncpy sh-4.2$ nm --dynamic --defined-only /lib64/libc.so.6 | grep stpncpy 0000003ce1c89b00 i stpncpy 0000003ce1c89b00 i __stpncpy 0000003ce1d040a0 T __stpncpy_chk We should use more portable version of stpncpy without prefix with underscores. The function __stpncpy was used in initial veersion e65c65fc710fa030bfb8319efc43fcdc9ce5a26f, which was based on http://people.redhat.com/drepper/SHA-crypt.txt Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: macro PAM_DATA_REPLACE isn't available in openpam.Lukas Slebodnik2014-05-181-0/+2
| | | | | | | This part was introduced in commit dba7903ba7fc04bc331004b0453938c116be3663 "PAM: close socket fd with pam_set_data" Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: Fix problem with missing declaration.Lukas Slebodnik2014-05-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The functions strdup and strncmp are used in pam_test_client, but header file string.h was not included directly in this file. The header file string.h was indirectly included by the header file security/pam_client.h. src/sss_client/pam_test_client.c: In function 'main': src/sss_client/pam_test_client.c:45: error: implicit declaration of function 'strdup' src/sss_client/pam_test_client.c:45: warning: incompatible implicit declaration of built-in function 'strdup' src/sss_client/pam_test_client.c:49: warning: incompatible implicit declaration of built-in function 'strdup' src/sss_client/pam_test_client.c:52: warning: incompatible implicit declaration of built-in function 'strdup' src/sss_client/pam_test_client.c:64: error: implicit declaration of function 'strncmp' gmake[2]: *** [src/sss_client/pam_test_client.o] Error 1 sh-4.2$ nm --undefined-only ./pam_test_client | grep -E "strdup|strncmp" U __strdup@@GLIBC_2.2.5 U strncmp@@GLIBC_2.2.5 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SBUS: Fix warning declaration shadows a global declarationLukas Slebodnik2014-05-161-4/+4
| | | | | | | | | src/sbus/sssd_dbus_meta.c: In function 'sbus_meta_find_signal': src/sbus/sssd_dbus_meta.c:43: warning: declaration of 'signal' shadows a global declaration /usr/include/signal.h:101: warning: shadowed declaration is here Reviewed-by: Stef Walter <stefw@redhat.com>
* BUILD: Make samba4 libraries optionalLukas Slebodnik2014-05-165-5/+40
| | | | | | | | | | Samba 4 libraries are necessary for building {ad, ipa} provider, but samba4 needn't be available on older distributions. This patch add possibility to build SSSD without {ad, ipa} provider and thus without Samba 4 libraries. The script configure have new argument --with-samba with default value yes. Reviewed-by: Michal Židek <mzidek@redhat.com>
* TEST: Refactor test_ioLukas Slebodnik2014-05-161-48/+115
| | | | | | | Tests should not create resources. It is purpose of setup functions. Patch fixes also fd leaks from mkstemp. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Add a GetGroupsList methodJakub Hrozek2014-05-147-14/+226
| | | | | | | | | | | | | This patch adds a new method on the bus with the following synopsis: <method name="GetUserGroups"> <arg name="user" type="s" direction="in" /> <arg name="values" type="as" direction="out"/> </method> Its purpose is to return names of groups the user is a member of as a list of strings. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SYSDB: return SYSDB_NAME from sysdb_initgroupsJakub Hrozek2014-05-142-0/+6
| | | | | | | | For the GetGroupsList function it would be handy to get the user names as well with a single sysdb_initgroups() call. This patch adds SYSDB_NAME to the default attribute list. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* TEST: Remove unused variablePavel Reichl2014-05-141-3/+0
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SPEC: Add libsss_ad_common.so to the package sssd-adLukas Slebodnik2014-05-141-0/+1
| | | | | | | | RPM build errors: error: Installed (but unpackaged) file(s) found: /usr/lib64/sssd/libsss_ad_common.so Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss_config: build only when IFP is allowedPavel Březina2014-05-142-5/+11
| | | | | | since the IFP responder is currently the only planned consumer. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_config: unit testsPavel Březina2014-05-142-0/+903
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_config: buildPavel Březina2014-05-146-0/+50
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_config: the codePavel Březina2014-05-142-0/+580
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SBUS: Allow registering paths with fallbackJakub Hrozek2014-05-131-4/+76
| | | | | | | | | | | | Some interfaces we support, such as domain might not be bound to a single path, but rather anything under a path 'directory'. This patch allows the SBUS to register a fallback path that would route any messages under a given anchor to a handler of an interface. The fallback interface is denoted with a trailing wildcard: /org/sssd/anchor/* Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IFP: Per-attribute ACL for usersJakub Hrozek2014-05-1310-3/+361
| | | | | | | | | | | Introduces a new option called user_attributes that allows to specify which user attributes are allowed to be queried from the IFP responder. By default only the default POSIX set is allowed, this option allows to either add other attributes (+attrname) or remove them from the default set (-attrname). Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Implemented LDAP component of GPO-based access controlYassir Elley2014-05-1320-45/+2746
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD: Do not remove non-root domains when looking up root domainJakub Hrozek2014-05-131-3/+22
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2322 When the AD subdomains code looked up the root domain subsequently (after the domain list was already populated), the non-root domains might have been removed along with their respective tasks, because the root domain lookup only ever matched a single root domain. This could cause havoc especially during login when different lookups for different domains might be going on during user group refresh. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SBUS: remove unused variablesPavel Březina2014-05-131-4/+0
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
generated by cgit (git 2.34.1) at 2024-04-19 23:21:30 +0000