summaryrefslogtreecommitdiffstats
path: root/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* UTIL: Fixing Makefile.am for util/sss_cli_cmd.hmpgfixPetr Cech2015-09-011-0/+1
| | | | | | | | | Last patch for ticket 2708 broke make distcheck. This is fix. Resolves: https://fedorahosted.org/sssd/ticket/2708 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* UTIL: Function 2string for enum sss_cli_commandPetr Cech2015-08-311-1/+3
| | | | | | | | | | | | Improvement of debug messages. Instead of:"(0x0400): Running command [17]..." We could see:"(0x0400): Running command [17][SSS_NSS_GETPWNAM]..." (It's not used in sss_client. There are only hex numbers of commands.) Resolves: https://fedorahosted.org/sssd/ticket/2708 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_override: support import and exportPavel Březina2015-08-201-0/+2
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2737 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: sanitize group name when used in filterPavel Reichl2015-08-171-0/+22
| | | | | | | | | | | cleanup_groups() uses DN of group in filter for ldbsearch. But the name might contain characters with special meaning for filtering like - "*()\/" Resolves: https://fedorahosted.org/sssd/ticket/2744 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* pam: Incerease p11 child timeoutMichal Židek2015-08-171-0/+1
| | | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2746 It was timeouting often in CI machines. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* IPA: Always re-fetch the keytab from the IPA serverJakub Hrozek2015-08-141-0/+2
| | | | | | | | | | Even if a keytab for one-way trust exists, re-fetch the keytab again and try to use it. Fall back to the previous one if it exists. This is in order to allow the admin to re-establish the trust keytabs with a simple sssd restart. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* krb5 utils: add sss_krb5_realm_has_proxy()Sumit Bose2015-08-051-0/+1
| | | | | Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* ssh: generate public keys from certificateSumit Bose2015-07-311-2/+5
| | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: add certificate support to PAM (pre-)auth requestsSumit Bose2015-07-311-0/+5
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Add NSS version of p11_childSumit Bose2015-07-311-1/+24
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* utils: add NSS version of cert utilsSumit Bose2015-07-311-4/+25
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TOOLS: add sss_override for local overridesPavel Březina2015-07-271-1/+15
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2584 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TOOLS: add common command frameworkPavel Březina2015-07-271-1/+4
| | | | | | | | | | Add general framework to simplify creating "cmd COMMAND [OPTIONS...]" style tools. Preparation for: https://fedorahosted.org/sssd/ticket/2584 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* KRB5: Add and use krb5_auth_queue_send to queue requests by defaultJakub Hrozek2015-07-061-0/+17
| | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2701 Previously, only the krb5 provides used to queue requests, which resulted in concurrent authentication requests stepping on one another. This patch queues requests by default. Reviewed-by: Sumit Bose <sbose@redhat.com>
* sss_client: Use initgr mmap cache in client codeLukas Slebodnik2015-07-031-0/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2485 Reviewed-by: Michal Židek <mzidek@redhat.com>
* test_ipa_subdomains_server: Fix build with --coverageLukas Slebodnik2015-07-021-0/+1
| | | | | | | | | | | It seems that gcc did some optimization and used execve instead of execle when the code was instrumented for coverage analysis. So the exec* function was not wrapped and it tried to call real binary ipa-getkeytab Reviewed-by: Michal Židek <mzidek@redhat.com>
* IFP: add FindByCertificate method for User objectsSumit Bose2015-06-191-1/+3
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_search_user_by_cert() and sysdb_search_object_by_cert()Sumit Bose2015-06-191-0/+1
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* certs: add PEM/DER conversion utilitiesSumit Bose2015-06-191-0/+38
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sbus: listen to NameOwnerChangedPavel Březina2015-06-191-0/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2326 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: add support for incoming signalsPavel Březina2015-06-191-0/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Export nodesPavel Březina2015-06-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | IFP now exports cached users and groups in introspection. After a user is cached with: dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Store And Introspection called with: dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.DBus.Introspectable.Introspect The cached users would be visible in the Introspection XML as: <node name="ipaldap/397400000" /> </node> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Implement org.freedesktop.sssd.infopipe.Cache[.Object]Pavel Březina2015-06-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2338 Example use: $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.FindByName \ string:admin object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000" $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ ] $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Store boolean true $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000" ] $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Remove boolean true $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ ] Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Store keytabs in /var/lib/sss/keytabsJakub Hrozek2015-06-161-2/+5
| | | | | | Make sure the directory is only accessible to the sssd user Reviewed-by: Michal Židek <mzidek@redhat.com>
* CONFIG: Add SSS_STATEDIR as VARDIR/lib/sssJakub Hrozek2015-06-161-0/+2
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* AD: Rename ad_create_default_options to ad_create_2way_trust_optionsJakub Hrozek2015-06-141-5/+12
| | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2638 Better reflects what's going on in the function. Also adds a unit test. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Fetch keytab for 1way trustsJakub Hrozek2015-06-141-0/+4
| | | | | | | | | Uses the ipa-getkeytab call to retrieve keytabs for one-way trust relationships. https://fedorahosted.org/sssd/ticket/2636 Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Add unit test for the subdomain_server.c moduleJakub Hrozek2015-06-141-0/+31
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Add a common mock_be_ctx functionJakub Hrozek2015-06-141-0/+4
| | | | | | Reduces code duplication between tests. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Split off keytab creation into a common moduleJakub Hrozek2015-06-141-0/+2
| | | | | | This change will make the keytab creating reusable by other tests. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Split two functions to new module ipa_subdomains_utils.cJakub Hrozek2015-06-141-0/+18
| | | | | | | | | These functions will be later reused by the subdomains_server.c module. Splitting them into a separate subdomains_utils.c module will make sure there are no cyclic dependencies and the functions are testable in isolation. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Move server-mode functions to a separate moduleJakub Hrozek2015-06-141-0/+1
| | | | | | | | There is already quite a few functions that are server-mode specific and there will be even more with one-way trusts. Split the server-mode specific functions into a separate module. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Add a test for sysdb_subdomains.cJakub Hrozek2015-06-141-0/+16
| | | | | | | The sysdb_subdomains.c module should have its own sysdb test, not share the generic sysdb one. Reviewed-by: Sumit Bose <sbose@redhat.com>
* PROXY: proxy_child should work in non-root modeLukas Slebodnik2015-05-311-0/+2
| | | | | | | | | | | | | | | | | | | According to design page[1], proxy_child should run with root privileges in non-root mode however proxy_child did not have setuid bit. After setting setuid bit proxy_child will be executed with extra privileges. The effective user ID will be 0 but effective group ID will be still the same as egid of sssd_be. Therefore gid of private pipe for proxy_child should be the same. Otherwise proxy_child will fail due to wrong permissions of unix pipe (sbus_client_init -> check_file) [1] https://fedorahosted.org/sssd/wiki/DesignDocs/NotRootSSSD Resolves: https://fedorahosted.org/sssd/ticket/2655 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Add integration testsNikolai Kondrashov2015-05-281-1/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add "intgcheck" make target. Update CI to use it. The "intgcheck" target configures and builds sssd in a sub-directory, installs it into a prefix in another sub-directory, and then makes the "intgcheck-installed" target from within src/tests/intg in that separate build. The "intgcheck-installed" target in src/tests/intg runs py.test for all tests it can find in that directory, under fakeroot and nss_wrapper/uid_wrapper environments emulating running under root. It also adds the value of INTGCHECK_PYTEST_ARGS environment/make variable to the py.test command line. You can use it to pass additional py.test options, such as specifying a subset of tests to run. See "py.test --help" output. There are only two test suites in src/tests/intg at the moment: ent_test.py and ldap_test.py. The ent_test.py runs tests on ent.py - a module of assertion functions for checking entries in NSS database (passwd and group), for use in actual tests. The ent_test.py suite can be used as ent.py usage reference. The ldap_test.py suite sets up and starts a slapd instance, adds a few user and group entries, configures and starts sssd and verifies that those users and groups are retrieved correctly using various NSS functions. The tests are very basic at the moment. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* SSSDConfigTest: Use unique temporary directoryLukas Slebodnik2015-05-261-0/+1
| | | | | | | | | | | | | | | | Test SSSDConfigTest is executed twice with make check if python2 and python3 are available. Tests are executed in parallel with new automake and therefore it caused sometimes failures e.g. ERROR: testModifyExistingConfig (__main__.SSSDConfigTestValid) ---------------------------------------------------------------------- Traceback (most recent call last): File "/tmp/sssd/src/config/SSSDConfigTest.py", line 215, in testModifyExistingConfig mode = os.stat(of)[ST_MODE] FileNotFoundError: [Errno 2] No such file or directory: '/tmp/testModifyExistingConfig.conf' Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* libwbclient-sssd: update interface to version 0.12Sumit Bose2015-05-261-5/+13
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* IFP: add org.freedesktop.sssd.infopipe.Users.UserPavel Březina2015-05-221-0/+2
| | | | | | | | | | | | Example calls: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/10001 org.freedesktop.DBus.Properties.Get string:org.freedesktop.sssd.infopipe.Users.User string:name method return sender=:1.159 -> dest=:1.165 reply_serial=2 variant string "user-1" Resolves: https://fedorahosted.org/sssd/ticket/2150 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: add org.freedesktop.sssd.infopipe.UsersPavel Březina2015-05-221-0/+2
| | | | | | | | | | | | | | | | Example calls: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByName string:user-1 method return sender=:1.159 -> dest=:1.160 reply_serial=2 object path "/org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/10001" dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByID uint32:10001 method return sender=:1.159 -> dest=:1.163 reply_serial=2 object path "/org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/1000 Resolves: https://fedorahosted.org/sssd/ticket/2150 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: provide custom error namesPavel Březina2015-05-221-0/+1
| | | | | | | Errors provided directly by D-Bus are not sufficient to fulfill all our needs. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: add PAM responder unit testSumit Bose2015-05-081-0/+32
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* pam_sss: move message encoding into separate fileSumit Bose2015-05-081-0/+2
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* pam_sss: add pre-auth and 2fa supportSumit Bose2015-05-081-0/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* utils: add sss_authtok_[gs]et_2faSumit Bose2015-05-081-0/+5
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Add leak check and command line option to test_authtokSumit Bose2015-05-081-0/+3
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* tests: Add NSS responder tests for bysid requestsJakub Hrozek2015-04-241-0/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* selinux: Only call semanage if the context actually changesJakub Hrozek2015-04-141-0/+5
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2624 Add a function to query the libsemanage database for a user context and only update the database if the context differes from the one set on the server. Adds talloc dependency to libsss_semanage. Reviewed-by: Michal Židek <mzidek@redhat.com>
* SDAP: Extract filtering AD group to functionLukas Slebodnik2015-04-141-0/+2
| | | | | | Patch remove code duplication. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Add missing header file to tarballLukas Slebodnik2015-03-241-0/+1
| | | | | | | | | | | | make distcheck failed due to missing header file. ../src/tests/cmocka/test_ldap_auth.c:33:45: fatal error: tests/cmocka/test_expire_common.h: No such file or directory #include "tests/cmocka/test_expire_common.h" ^ compilation terminated. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TESTS: test expirationPavel Reichl2015-03-231-0/+44
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-02 06:06:47 +0000