summaryrefslogtreecommitdiffstats
path: root/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* KRB5: Add and use krb5_auth_queue_send to queue requests by defaultJakub Hrozek2015-07-061-0/+17
| | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2701 Previously, only the krb5 provides used to queue requests, which resulted in concurrent authentication requests stepping on one another. This patch queues requests by default. Reviewed-by: Sumit Bose <sbose@redhat.com>
* sss_client: Use initgr mmap cache in client codeLukas Slebodnik2015-07-031-0/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2485 Reviewed-by: Michal Židek <mzidek@redhat.com>
* test_ipa_subdomains_server: Fix build with --coverageLukas Slebodnik2015-07-021-0/+1
| | | | | | | | | | | It seems that gcc did some optimization and used execve instead of execle when the code was instrumented for coverage analysis. So the exec* function was not wrapped and it tried to call real binary ipa-getkeytab Reviewed-by: Michal Židek <mzidek@redhat.com>
* IFP: add FindByCertificate method for User objectsSumit Bose2015-06-191-1/+3
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_search_user_by_cert() and sysdb_search_object_by_cert()Sumit Bose2015-06-191-0/+1
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* certs: add PEM/DER conversion utilitiesSumit Bose2015-06-191-0/+38
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sbus: listen to NameOwnerChangedPavel Březina2015-06-191-0/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2326 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: add support for incoming signalsPavel Březina2015-06-191-0/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Export nodesPavel Březina2015-06-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | IFP now exports cached users and groups in introspection. After a user is cached with: dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Store And Introspection called with: dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.DBus.Introspectable.Introspect The cached users would be visible in the Introspection XML as: <node name="ipaldap/397400000" /> </node> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Implement org.freedesktop.sssd.infopipe.Cache[.Object]Pavel Březina2015-06-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2338 Example use: $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.FindByName \ string:admin object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000" $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ ] $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Store boolean true $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000" ] $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Remove boolean true $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ ] Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Store keytabs in /var/lib/sss/keytabsJakub Hrozek2015-06-161-2/+5
| | | | | | Make sure the directory is only accessible to the sssd user Reviewed-by: Michal Židek <mzidek@redhat.com>
* CONFIG: Add SSS_STATEDIR as VARDIR/lib/sssJakub Hrozek2015-06-161-0/+2
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* AD: Rename ad_create_default_options to ad_create_2way_trust_optionsJakub Hrozek2015-06-141-5/+12
| | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2638 Better reflects what's going on in the function. Also adds a unit test. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Fetch keytab for 1way trustsJakub Hrozek2015-06-141-0/+4
| | | | | | | | | Uses the ipa-getkeytab call to retrieve keytabs for one-way trust relationships. https://fedorahosted.org/sssd/ticket/2636 Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Add unit test for the subdomain_server.c moduleJakub Hrozek2015-06-141-0/+31
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Add a common mock_be_ctx functionJakub Hrozek2015-06-141-0/+4
| | | | | | Reduces code duplication between tests. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Split off keytab creation into a common moduleJakub Hrozek2015-06-141-0/+2
| | | | | | This change will make the keytab creating reusable by other tests. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Split two functions to new module ipa_subdomains_utils.cJakub Hrozek2015-06-141-0/+18
| | | | | | | | | These functions will be later reused by the subdomains_server.c module. Splitting them into a separate subdomains_utils.c module will make sure there are no cyclic dependencies and the functions are testable in isolation. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Move server-mode functions to a separate moduleJakub Hrozek2015-06-141-0/+1
| | | | | | | | There is already quite a few functions that are server-mode specific and there will be even more with one-way trusts. Split the server-mode specific functions into a separate module. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Add a test for sysdb_subdomains.cJakub Hrozek2015-06-141-0/+16
| | | | | | | The sysdb_subdomains.c module should have its own sysdb test, not share the generic sysdb one. Reviewed-by: Sumit Bose <sbose@redhat.com>
* PROXY: proxy_child should work in non-root modeLukas Slebodnik2015-05-311-0/+2
| | | | | | | | | | | | | | | | | | | According to design page[1], proxy_child should run with root privileges in non-root mode however proxy_child did not have setuid bit. After setting setuid bit proxy_child will be executed with extra privileges. The effective user ID will be 0 but effective group ID will be still the same as egid of sssd_be. Therefore gid of private pipe for proxy_child should be the same. Otherwise proxy_child will fail due to wrong permissions of unix pipe (sbus_client_init -> check_file) [1] https://fedorahosted.org/sssd/wiki/DesignDocs/NotRootSSSD Resolves: https://fedorahosted.org/sssd/ticket/2655 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Add integration testsNikolai Kondrashov2015-05-281-1/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add "intgcheck" make target. Update CI to use it. The "intgcheck" target configures and builds sssd in a sub-directory, installs it into a prefix in another sub-directory, and then makes the "intgcheck-installed" target from within src/tests/intg in that separate build. The "intgcheck-installed" target in src/tests/intg runs py.test for all tests it can find in that directory, under fakeroot and nss_wrapper/uid_wrapper environments emulating running under root. It also adds the value of INTGCHECK_PYTEST_ARGS environment/make variable to the py.test command line. You can use it to pass additional py.test options, such as specifying a subset of tests to run. See "py.test --help" output. There are only two test suites in src/tests/intg at the moment: ent_test.py and ldap_test.py. The ent_test.py runs tests on ent.py - a module of assertion functions for checking entries in NSS database (passwd and group), for use in actual tests. The ent_test.py suite can be used as ent.py usage reference. The ldap_test.py suite sets up and starts a slapd instance, adds a few user and group entries, configures and starts sssd and verifies that those users and groups are retrieved correctly using various NSS functions. The tests are very basic at the moment. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* SSSDConfigTest: Use unique temporary directoryLukas Slebodnik2015-05-261-0/+1
| | | | | | | | | | | | | | | | Test SSSDConfigTest is executed twice with make check if python2 and python3 are available. Tests are executed in parallel with new automake and therefore it caused sometimes failures e.g. ERROR: testModifyExistingConfig (__main__.SSSDConfigTestValid) ---------------------------------------------------------------------- Traceback (most recent call last): File "/tmp/sssd/src/config/SSSDConfigTest.py", line 215, in testModifyExistingConfig mode = os.stat(of)[ST_MODE] FileNotFoundError: [Errno 2] No such file or directory: '/tmp/testModifyExistingConfig.conf' Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* libwbclient-sssd: update interface to version 0.12Sumit Bose2015-05-261-5/+13
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* IFP: add org.freedesktop.sssd.infopipe.Users.UserPavel Březina2015-05-221-0/+2
| | | | | | | | | | | | Example calls: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/10001 org.freedesktop.DBus.Properties.Get string:org.freedesktop.sssd.infopipe.Users.User string:name method return sender=:1.159 -> dest=:1.165 reply_serial=2 variant string "user-1" Resolves: https://fedorahosted.org/sssd/ticket/2150 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: add org.freedesktop.sssd.infopipe.UsersPavel Březina2015-05-221-0/+2
| | | | | | | | | | | | | | | | Example calls: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByName string:user-1 method return sender=:1.159 -> dest=:1.160 reply_serial=2 object path "/org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/10001" dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByID uint32:10001 method return sender=:1.159 -> dest=:1.163 reply_serial=2 object path "/org/freedesktop/sssd/infopipe/Users/LDAP_2ePB/1000 Resolves: https://fedorahosted.org/sssd/ticket/2150 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: provide custom error namesPavel Březina2015-05-221-0/+1
| | | | | | | Errors provided directly by D-Bus are not sufficient to fulfill all our needs. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: add PAM responder unit testSumit Bose2015-05-081-0/+32
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* pam_sss: move message encoding into separate fileSumit Bose2015-05-081-0/+2
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* pam_sss: add pre-auth and 2fa supportSumit Bose2015-05-081-0/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* utils: add sss_authtok_[gs]et_2faSumit Bose2015-05-081-0/+5
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Add leak check and command line option to test_authtokSumit Bose2015-05-081-0/+3
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* tests: Add NSS responder tests for bysid requestsJakub Hrozek2015-04-241-0/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* selinux: Only call semanage if the context actually changesJakub Hrozek2015-04-141-0/+5
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2624 Add a function to query the libsemanage database for a user context and only update the database if the context differes from the one set on the server. Adds talloc dependency to libsss_semanage. Reviewed-by: Michal Židek <mzidek@redhat.com>
* SDAP: Extract filtering AD group to functionLukas Slebodnik2015-04-141-0/+2
| | | | | | Patch remove code duplication. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Add missing header file to tarballLukas Slebodnik2015-03-241-0/+1
| | | | | | | | | | | | make distcheck failed due to missing header file. ../src/tests/cmocka/test_ldap_auth.c:33:45: fatal error: tests/cmocka/test_expire_common.h: No such file or directory #include "tests/cmocka/test_expire_common.h" ^ compilation terminated. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TESTS: test expirationPavel Reichl2015-03-231-0/+44
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sdap: properly handle binary objectGuid attributeSumit Bose2015-03-201-0/+16
| | | | | | | | | | | | | | Although in the initial processing SSSD treats the binary value right at some point it mainly assumes that it is a string. Depending on the value this might end up with the correct binary value stored in the cache but in most cases there will be only a broken entry in the cache. This patch converts the binary value into a string representation which is described in [MS-DTYP] and stores the result in the cache. Resolves https://fedorahosted.org/sssd/ticket/2588 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: Lock out ssh keys when account naturally expiresPavel Reichl2015-03-051-4/+9
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2534 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: convert GeneralizedTime to unix timePavel Reichl2015-03-051-3/+6
| | | | | | | | New utility function *sss_utc_to_time_t* to convert GeneralizedTime to unix time. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: refactor pwexpire policyPavel Reichl2015-03-031-0/+1
| | | | | | | | | Move part of pwexpire policy code to a separate function. Relates to: https://fedorahosted.org/sssd/ticket/2167 Reviewed-by: Sumit Bose <sbose@redhat.com>
* FO: Use SRV TTL in fail over codeJakub Hrozek2015-03-031-0/+19
| | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/1884 Removes the hardcoded SRV TTL timeout and uses TTL from the DNS instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* BUILD: Uninstall also symbolic links to python bindingsLukas Slebodnik2015-03-021-8/+16
| | | | | | | | | | | | | | | | | | | | | | Make uninstall did not remove symbolic links and make distcheck did not detect it. As a result of this bug another make install failed. cd /usr/lib64/python2.7/site-packages && \ ln -s _py2sss.so pysss.so ; \ ln -s _py2hbac.so pyhbac.so ; \ ln -s _py2sss_murmur.so pysss_murmur.so ; \ ln -s _py2sss_nss_idmap.so pysss_nss_idmap.so ln: failed to create symbolic link ‘pysss.so’: File exists ln: failed to create symbolic link ‘pyhbac.so’: File exists ln: failed to create symbolic link ‘pysss_murmur.so’: File exists ln: failed to create symbolic link ‘pysss_nss_idmap.so’: File exists Makefile:19361: recipe for target 'install-exec-hook' failed make[4]: *** [install-exec-hook] Error 1 This patch also use argument "-f" with command ln which remove existing destination files before creating symbolic link Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: print the pam status as string, tooJakub Hrozek2015-02-251-1/+3
| | | | | | | | On several places, let's add a pam_strerror() call so that it's easier to debug user problems. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
* TESTS: Run python tests with all supported python versionsLukas Slebodnik2015-02-251-5/+18
| | | | | | | This patch add simple bash wrappers for python tests. They are executed either with python2 or python3. Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* BUILD: Add possibility to build python{2,3} bindingsLukas Slebodnik2015-02-251-42/+154
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2574 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* BUILD: Remove unused libraries for pysss.soLukas Slebodnik2015-02-251-7/+1
| | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* IFP: move interface definitions from ifpsrv.c into separate filePavel Březina2015-02-171-0/+1
| | | | | | | Number of IFP interfaces will grown up rapidly in the future. It is not convenient to keep it inside ifpsrv.c. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: use hard coded getters instead of generatedPavel Březina2015-02-171-0/+2
| | | | | | | | | | | | | | | Properties are single value of a small number of predefined D-Bus types. There is no need to generate them with codegen. Actually, the source generator for property getters is already quite mess with branching for array, strings and object paths. Adding any more complex type in the future (such as dictionary) would require even more branching or creating a separate path for it. Hard coding the getters will simplify creating new ones for more complex types. This patch also reduces lots of code duplication and creates a simple function for GetAll. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* RESOLV: Remove obsolete in-tree implementation of SRV and TXT parsingJakub Hrozek2015-02-111-12/+0
| | | | | | | | | SSSD contained several backwards-compatible definitions of SRV and TXT APIs as well as structures that carry TTL data. These were intended for RHEL-5 and older releases. Since we don't support those upstream, it's better to remove the code -- it has drifted apart from upstream anyway. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-18 23:26:07 +0000