summaryrefslogtreecommitdiffstats
path: root/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* Remove old hash support from example specStephen Gallagher2013-05-231-1/+0
| | | | | | SSSD 1.10 and later will no longer support RHEL 5, so we should be using the native hash algorithm on the newer versions of RPM by default.
* Check NSCD configuration fileOndrej Kos2013-05-211-1/+2
| | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1785 nscd.conf file is now checked for the presence of caching settings for databases controlled by SSSD. Syslog warning is now written only if NSCD is running with interfering configuration or if configuration file couldn't be loaded. New configure option added to support non-standard locations --with-nscd-conf=PATH (defaultly set to /etc/nscd.conf) This is just a workaround until the following bugzilla is resolved: https://bugzilla.redhat.com/show_bug.cgi?id=963908
* Move nscd.c from tools to utilOndrej Kos2013-05-211-1/+1
| | | | | | Preparation for the following patch which will include the nscd.c in the monitor code due to newly introduced function for checking the nscd configuration file.
* Rename SAFEALIGN macros.Michal Zidek2013-05-141-0/+1
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1772 SAFEALIGN macros have been renamed in this patch to make it easy to pick the right macro when data is copied from byte buffer to a variable or vice versa. The renamed macros are placed in new header file to avoid code duplication (the old ones were defined in two files, one for the client code and one for the rest of sssd).
* AD: read flat name and SID of the AD domainSumit Bose2013-05-071-0/+2
| | | | | | | | | | | | | | | For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468
* Active Directory dynamic DNS updatesJakub Hrozek2013-05-031-0/+1
| | | | | | | | https://fedorahosted.org/sssd/ticket/1504 Implements dynamic DNS updates for the AD provider. By default, the updates also update the reverse zone and run periodically every 24 hours.
* dyndns: new option dyndns_refresh_intervalJakub Hrozek2013-05-031-0/+3
| | | | | | | This new options adds the possibility of updating the DNS entries periodically regardless if they have changed or not. This feature will be useful mainly in AD environments where the Windows clients periodically update their DNS records.
* Convert IPA-specific options to be back-end agnosticJakub Hrozek2013-05-031-1/+2
| | | | | | This patch introduces new options for dynamic DNS updates that are not specific to any back end. The current ipa dyndns options are still usable, just with a deprecation warning.
* Refactor dynamic DNS updatesJakub Hrozek2013-05-031-3/+27
| | | | | | | | | | | | Provides two new layers instead of the previous IPA specific layer: 1) dp_dyndns.c -- a very generic dyndns layer on the DP level. Its purpose it to make it possible for any back end to use dynamic DNS updates. 2) sdap_dyndns.c -- a wrapper around dp_dyndns.c that utilizes some LDAP-specific features like autodetecting the address from the LDAP connection. Also converts the dyndns code to new specific error codes.
* Add python interface to libsss_nss_idmapSumit Bose2013-05-031-1/+14
| | | | | | | | | | To allow to use libsss_nss_idmap from python applications, e.g. the FreeIPA server, the patch adds pythin bindings to libsss_nss_idmap. The contributed spec file will place the python bindings in a new package called libsss_nss_idmap-python. Alexander Bokovoy <abokovoy@redhat.com> kindly provided the code to check the type of the python objects and loop over the list entries.
* Add client library for SID related lookupsSumit Bose2013-05-031-4/+24
| | | | | | | | | | | | This patch add a library for client side lookups for a SID or with a SID through the calls: - sss_nss_getsidbyname - sss_nss_getsidbyid - sss_nss_getnamebysid - sss_nss_getidbysid The library is called libsss_nss_idmap and the contributed spec file will create two new packages libsss_nss_idmap and libsss_nss_idmap-devel.
* Add SID related calls to the NSS responderSumit Bose2013-05-031-0/+1
| | | | | | | | | | The patch adds 4 new calls to the NSS responder: - SSS_NSS_GETSIDBYNAME - SSS_NSS_GETSIDBYID - SSS_NSS_GETNAMEBYSID - SSS_NSS_GETIDBYSID to either return the SIDs of the requested object or map the SID to the name or the POSIX ID of the related object.
* SUDO: IPA providerLukas Slebodnik2013-05-031-0/+5
| | | | | | This patch added auto configuration SUDO with ipa provider and compat tree. https://fedorahosted.org/sssd/ticket/1733
* Fix segmentation fault in test_io.Abhishek Singh2013-05-021-1/+2
| | | | | tests_set_cwd is used and relativepath calculation method is changed and is made general based on basedir.
* Add idmap context to nss contextSumit Bose2013-05-021-0/+1
| | | | | This allows the nss responder to use libsss_idmap to convert between different SID representations.
* DNS sites support - add AD SRV pluginPavel Březina2013-05-021-1/+5
| | | | https://fedorahosted.org/sssd/ticket/1032
* libsss_idmap: function to calculate rangeMichal Zidek2013-04-291-2/+3
| | | | | | | | Calculation of range for domains is moved from sdap_idmap code to sss_idmap code. Some refactoring have been done to allow this move. https://fedorahosted.org/sssd/ticket/1844
* DB: Switch to new libini_config APIOndrej Kos2013-04-261-0/+2
| | | | | | | https://fedorahosted.org/sssd/ticket/1786 Since we need to support the old interface as well, the configure scritp is modified and correct ini interface is chosen.
* tests: Link the simple access tests with -ldlJakub Hrozek2013-04-221-0/+1
| | | | | | | | | | | | | | | | | | | | In SSSD, we use dlopen() and dlsym() in two files src/providers/data_provider_be.c and src/providers/proxy/proxy_init.c. Hence we should explicitly link with -ldl also in simple_access-tests. SSSD can be compiled with two crypto libraries nss or libcrypto. NSS has dependency nspr which depends on "libdl and libpthread" This is a reason why compilation of test did not fail even if -ldl was not explicitly added to simple_access_tests_LDADD. But libcrypto doesn't depend on libdl, so in this case compilation of tests will not be successful. Upstream nspr 4.9 has two ways have to obtain metainformation about libraries pkg-config and own script nspr-config. First one doesn't list "-ldl" "-lpthread" but second one lists both "-ldl" "-lpthread" That's also why the Ubuntu maintainer found this bug -- Fedora has got patched version of nspr, but Debian (Ubuntu) doesn't
* Make leak checks usable in tests that do not utilize checkJakub Hrozek2013-04-171-1/+3
| | | | | | * Remove check-specific failure reporting from common_check.c * Check-specific abstraction over memleak checks * Rename common_check.c to leak_check.c
* DNS sites support - add IPA SRV pluginPavel Březina2013-04-101-0/+2
| | | | https://fedorahosted.org/sssd/ticket/1032
* DNS sites support - SRV DNS lookup pluginPavel Březina2013-04-101-0/+1
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1032 This plugin mimics the current behaviour. If discovery_domain is set it is the only domain that is tried. If discovery_domain is not set, we try to autodetect domain first and if that fails or SRV lookup on this domain fails, we fallback to SSSD domain name.
* DNS sites support - SRV lookup plugin interfacePavel Březina2013-04-101-0/+1
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1032 Introduces two new error codes: - ERR_SRV_NOT_FOUND - ERR_SRV_LOOKUP_ERROR Since id_provider is authoritative in case of SRV plugin choise, ability to override the selected pluging during runtime is not desirable. We rely on the fact that id_provider is initialized before all other providers, thus the plugin is set correctly.
* resolv: add resolv_get_domain request to resolv utilsPavel Březina2013-04-101-1/+2
|
* cmocka unittest for io addedAbhishek Singh2013-04-101-1/+10
|
* cmocka unittest for find_uid addedAbhishek Singh2013-04-101-1/+20
|
* Init failover with be_res optionsJakub Hrozek2013-04-031-0/+1
|
* refactor nested group processing: replace old codePavel Březina2013-04-021-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1784
* BUILD: Always run distcheck and RPM tests in /dev/shmStephen Gallagher2013-03-201-1/+7
| | | | | | | | Some of the tests (such as the sysdb tests) are highly I/O limited. By running them on a ramdisk, we can significantly speed up the test runs when doing a distcheck or RPM build. https://fedorahosted.org/sssd/ticket/1840
* ldap: Fallback option for rfc2307 schemaSimo Sorce2013-03-201-0/+1
| | | | | | | | | | | Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
* Resolve GIDs in the simple access providerJakub Hrozek2013-03-191-4/+11
| | | | | | | | | | | | | | Changes the simple access provider's interface to be asynchronous. When the simple access provider encounters a group that has gid, but no meaningful name, it attempts to resolve the name using the be_file_account_request function. Some providers (like the AD provider) might perform initgroups without resolving the group names. In order for the simple access provider to work correctly, we need to resolve the groups before performing the access check. In AD provider, the situation is even more tricky b/c the groups HAVE name, but their name attribute is set to SID and they are set as non-POSIX
* Fix sss_client breakage.Lukas Slebodnik2013-03-181-0/+2
| | | | | | | | | | Adding missing dependencies for linker. Missing dependency was introduced by commit 22d381367c27910fe82f476a76b9f4ede555e35a in changed file src/sss_client/nss_mc_common.c All function declaration for io.c was moved from util.h to separate file io.h, https://fedorahosted.org/sssd/ticket/1838
* Removing unused header file providers.hLukas Slebodnik2013-03-131-1/+0
| | | | | | | | | Header file "providers.h" is not included in any other file and function "dp_process_init" declared in this header file has no implementation. Header file protos.h is not also included in any other file and even hole content is commented out.
* Reuse sss_open_cloexec at other places in code.Lukas Slebodnik2013-03-131-2/+4
| | | | | | | | Functions open_cloexec and openat_cloexec were renamed with prefix "sss_" and moved to separete file. Replacing duplicated code of function sss_open_cloexec everywhere in the source code. https://fedorahosted.org/sssd/ticket/1794
* BUILD: Fix up whitespace in Makefile.amStephen Gallagher2013-03-131-11/+13
|
* BUILD: Fix cmocka detectionStephen Gallagher2013-03-111-0/+2
| | | | | | | | | | We were not properly detecting that cmocka was unavailable. It was expecting an empty value and getting "no" instead. This patch corrects the expectation, so we will now skip building and running cmocka tests on platforms that do not have it available. Also, we were missing the cmocka header files in the distribution tarball, so 'make distcheck' was failing.
* CMocka based test for the NSS responderJakub Hrozek2013-03-081-0/+43
|
* BUILD: Include build aliases in the tarballStephen Gallagher2013-03-071-0/+1
|
* Add SSSD specific error codes and definitionsSimo Sorce2013-03-041-1/+3
| | | | | | | | | | This code adds a new range of error codes specific to SSSD, It also provides helper functions to print out error defintions like you can do with system error messages and the strerror() function. The sss_strerror() function can accept both the new sssd errors and system errno_t errors falling back to the system strerror() if the error code provide is not a valid SSSD error code.
* BUILD: Build shared components as an internal shared libraryStephen Gallagher2013-03-011-6/+19
| | | | | | | There is a large amount of duplicated code being linked into multiple SSSD binaries. Instead of statically linking this code throughout the SSSD, we should instead create private shared libraries for them and drop this code on the system only once.
* Don't use srcdir with testsJakub Hrozek2013-02-041-3/+3
| | | | Fixes build with automake 1.13 or newer.
* Introduce be_req_terminate() helperSimo Sorce2013-01-211-1/+0
| | | | | Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
* Split simple_access_check function outSimo Sorce2013-01-211-1/+2
| | | | | Need to split out the function or new additions to the handler funtion will not allow simple access tests to compile anymore.
* Move ldap provider access functionsSimo Sorce2013-01-211-0/+1
| | | | | | It was confusing to see the ldap provider own handler mixed with the generic ldap access code used also by the ipa and ad providers. So move the ldap provider handler code in its own file.
* TOOLS: Refresh memcache after changes to local users and groupsJakub Hrozek2013-01-151-2/+8
|
* TOOLS: Split querying nss responder into a separate functionJakub Hrozek2013-01-151-6/+11
| | | | | | The tools query the responder in order to sync the memcache after performing changes to the local database. The functions will be reused by other tools so I split them into a separate functions.
* TOOLS: move memcache related functions to tools_mc_utils.cJakub Hrozek2013-01-151-0/+1
| | | | | | | The upcoming patches will link only users of this file with client libs, so it's better to have it separate. There is no functional change in this patch
* Change pam data auth tokens.Simo Sorce2013-01-101-0/+2
| | | | Use the new authtok abstraction and interfaces throught the code.
* Add authtok utility functions.Simo Sorce2013-01-101-0/+2
| | | | | | These functions allow handling of auth tokens in a completely opaque way, with clear semantics and accessor fucntions that guarantee consistency, proper access to data and error conditions.
* Add tests for get_gids_from_pac()Sumit Bose2013-01-081-0/+1
|
generated by cgit (git 2.34.1) at 2024-04-28 05:08:26 +0000