summaryrefslogtreecommitdiffstats
path: root/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* pac responder: limit access by checking UIDsSumit Bose2012-07-101-1/+16
| | | | | | | | | | | | A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
* AD: Add manpages and SSSDConfig entriesStephen Gallagher2012-07-061-0/+1
|
* AD: Add AD access-control providerStephen Gallagher2012-07-061-0/+2
| | | | | This patch adds support for checking whether a user is expired or disabled in AD.
* AD: Add AD identity providerStephen Gallagher2012-07-061-0/+42
| | | | | | This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.
* KRB5: Create a common init routine for krb5_child optionsStephen Gallagher2012-07-061-1/+3
| | | | | This will reduce code duplication between the krb5, ipa and ad providers
* sudo ldap provider: load host filter configuration on initPavel Březina2012-06-291-0/+1
| | | | | | | We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
* sudo ldap provider: add new timer APIPavel Březina2012-06-291-0/+1
|
* sudo provider: remove old timerPavel Březina2012-06-291-2/+0
|
* sudo ldap provider: move async routines to sdap_async_sudo.cPavel Březina2012-06-291-0/+1
|
* sudo responder: discard in-memory cachePavel Březina2012-06-291-1/+0
|
* libsss_sudo: bump version to 2:0:1Pavel Březina2012-06-291-1/+1
|
* Build pac responder tests only if pac responder is buildSumit Bose2012-06-251-2/+6
|
* Add support for ID rangesSumit Bose2012-06-211-0/+1
|
* PAC client: add krb5 authdata pluginSumit Bose2012-06-211-0/+21
|
* PAC responder: test suiteJan Zeleny2012-06-211-1/+18
|
* PAC responder: add some utility functionsJan Zeleny2012-06-211-0/+1
|
* PAC responder: add basic infrastructureSumit Bose2012-06-211-0/+21
| | | | | This adds only the basic outline of the PAC responder, it won't support any operations, it will just start and initialize itself.
* Add a credential cache back end structureJakub Hrozek2012-06-141-0/+3
| | | | | | To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
* Add a krb5_child test toolJakub Hrozek2012-06-141-0/+24
| | | | https://fedorahosted.org/sssd/ticket/1127
* LDAP: Add support for AD chain matching extension in initgroupsStephen Gallagher2012-06-131-0/+1
|
* LDAP: Add support for AD chain matching extension in group lookupsStephen Gallagher2012-06-131-0/+1
|
* SSSDConfig: Make default config and schema file locations configurableStephen Gallagher2012-05-311-5/+27
| | | | https://fedorahosted.org/sssd/ticket/1008
* SSSDConfig: Make SSSDConfig a packageStephen Gallagher2012-05-311-3/+3
| | | | | We were polluting the primary Python space with several dependencies. We will now install them their own directory/module.
* Fix libsss_hbac library versionSumit Bose2012-05-141-1/+1
|
* Rename struct dom_sid to struct sss_dom_sidSumit Bose2012-05-141-1/+1
| | | | | To avoid conflicts with struct dom_sid used by samba the sss_ prefix is added to the struct used by libsss_idmap.
* build: resolve link failureJan Engelhardt2012-05-111-0/+1
| | | | | | | | | | | libtool: link: gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -fno-strict-aliasing -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,--version-script -Wl,./src/providers/sssd_be.exports -o sssd_be src/providers/data_provider_be.o src/providers/data_provider_fo.o src/providers/data_provider_opts.o src/providers/data_provider_callbacks.o src/providers/fail_over.o src/resolv/async_resolv.o -Wl,--export-dynamic -lpam -lcares ./.libs/libsss_util.a -ltevent -ltalloc -lpopt -lldb -ldbus-1 -lpcre -lini_config -lcollection -ldhash -llber -lldap -ltdb -lunistring -lcrypto /usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: src/providers/data_provider_be.o: undefined reference to symbol 'dlsym@@GLIBC_2.2.5' /usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: note: 'dlsym@@GLIBC_2.2.5' is defined in DSO /lib64/libdl.so.2 so try adding it to the linker command line /lib64/libdl.so.2: could not read symbols: Invalid operation collect2: error: ld returned 1 exit status make[2]: *** [sssd_be] Error 1 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* LDAP: Handle very large Active Directory groupsStephen Gallagher2012-05-101-0/+2
| | | | | | | | | | | | | Active Directory 2008R2 allows only 1500 group members to be retrieved in a single lookup. However, when we hit such a situation, we can take advantage of the ASQ lookups, which are not similarly limited. With this patch, we will add any members found by ASQ that were not found by the initial lookup so we will end with a complete group listing. https://fedorahosted.org/sssd/ticket/783
* LDAP: Add helper routines for ID-mappingStephen Gallagher2012-05-031-2/+6
|
* SYSDB: Add sysdb routines for ID-mappingStephen Gallagher2012-05-031-0/+1
|
* SSH: Add dp_get_host_send to common responder codeJakub Hrozek2012-05-031-0/+1
| | | | | | | | Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176
* Allow different SID representations in libidmapSumit Bose2012-05-011-2/+4
| | | | | | Besides as strings it is now possible to use binary SIDs or a struct containing all SID information. Functions to convert between these formats are added as well.
* UTIL: Add HMAC-SHA-1 functionJan Cholasta2012-04-241-0/+2
|
* Add ID operations in subdomainsJan Zeleny2012-04-241-0/+1
|
* Add s2n extended operationSumit Bose2012-04-241-0/+1
|
* Moved expand_homedir_template() from NSS responder to utility codeJan Zeleny2012-04-241-0/+2
|
* IPA: Add get-domains targetSumit Bose2012-04-241-0/+2
|
* Responder part of the subdomain retrieval workJan Zeleny2012-04-241-1/+2
|
* Add some utility functions for subdomainsJan Zeleny2012-04-241-1/+2
|
* Sysdb routines for subdomainsJan Zeleny2012-04-241-0/+1
|
* Fix linker issue with pam_sssStephen Gallagher2012-04-201-0/+1
|
* Install and uninstall all documentationPavel Březina2012-04-201-3/+19
| | | | | Every directory listed in SSSD_DOCS in Makefile.am will be installed as documentation.
* Convert read and write operations to sss_atomic_readJakub Hrozek2012-04-201-1/+6
| | | | https://fedorahosted.org/sssd/ticket/1209
* Move atomic io function to a separate moduleJakub Hrozek2012-04-201-0/+2
| | | | | | We'll be using it on various places of the SSSD. The function is in its own file to allow using just the one piece without having to drag in the whole util.c module.
* Put dp_option maps in their own fileStephen Gallagher2012-03-281-0/+3
| | | | There is no functional change due to this patch.
* BUILDSYS: Create common libs for LDAP and KRB5 sourcesStephen Gallagher2012-03-281-64/+48
| | | | | | This will eliminate the need for automake to build these files for each backend that consumes LDAP and KRB5 functionality (currently 'ldap', 'krb5' and 'ipa'; soon to include 'ad')
* Add idmap librarySumit Bose2012-03-261-3/+24
|
* sss_client: shared memory cache group map supportSimo Sorce2012-03-191-0/+1
|
* sss_client: shared memory cache passwd map supportSimo Sorce2012-03-191-0/+1
|
* sss_client: Add common shared memory cache utilsSimo Sorce2012-03-191-1/+4
|
* nsssrv: shared memory cache server initializationSimo Sorce2012-03-191-0/+5
|