summaryrefslogtreecommitdiffstats
path: root/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* AUTOTOOLS: More robust detection of inotify.Lukas Slebodnik2013-09-091-0/+1
| | | | | | | | | We checked only header file "sys/inotify" for detection whether inotify works. Some platforms do not have built in inotify, but contain library, which provides inotify-compatible interface. This patch adds more robust detection of inotify in configuration time and appends linker flags to Makefile if inotify is provided by library.
* AUTOMAKE: Use portable way to link with gettextLukas Slebodnik2013-09-091-1/+4
| | | | | | | | | | | | Function gettext needn't be included in libc, it can be part of another library. Autotools macro AM_GNU_GETTEXT generate makefile variables (LIBINTL, LTLIBINTL), which contain necessary linker flags. checking for GNU gettext in libc... no checking for iconv... yes checking for GNU gettext in libintl... yes checking whether to use NLS... yes checking where the gettext function comes from... external libintl
* AUTOMAKE: Use portable way to link with dlopenLukas Slebodnik2013-09-091-2/+2
|
* UTIL: Create new wraper header file sss_endian.hLukas Slebodnik2013-08-281-0/+1
| | | | | | Some platform have header file endian.h and anothers have sys/endian.h. We nedd to use conditional build to handle it correctly, therefore new header file sss_endian.h was created.
* providers: refresh expired netgroupsPavel Březina2013-08-111-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1713
* back end: add refresh expired records periodic taskPavel Březina2013-08-111-0/+2
| | | | | | https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
* back end: periodical refresh of expired records APIPavel Březina2013-08-111-0/+2
| | | | https://fedorahosted.org/sssd/ticket/1713
* back end: periodic task APIPavel Březina2013-08-111-0/+2
| | | | https://fedorahosted.org/sssd/ticket/1891
* SUDO: IPA providerLukas Slebodnik2013-05-101-0/+5
| | | | | | This patch added auto configuration SUDO with ipa provider and compat tree. https://fedorahosted.org/sssd/ticket/1733
* tests: Link the simple access tests with -ldlJakub Hrozek2013-04-221-0/+1
| | | | | | | | | | | | | | | | | | | | In SSSD, we use dlopen() and dlsym() in two files src/providers/data_provider_be.c and src/providers/proxy/proxy_init.c. Hence we should explicitly link with -ldl also in simple_access-tests. SSSD can be compiled with two crypto libraries nss or libcrypto. NSS has dependency nspr which depends on "libdl and libpthread" This is a reason why compilation of test did not fail even if -ldl was not explicitly added to simple_access_tests_LDADD. But libcrypto doesn't depend on libdl, so in this case compilation of tests will not be successful. Upstream nspr 4.9 has two ways have to obtain metainformation about libraries pkg-config and own script nspr-config. First one doesn't list "-ldl" "-lpthread" but second one lists both "-ldl" "-lpthread" That's also why the Ubuntu maintainer found this bug -- Fedora has got patched version of nspr, but Debian (Ubuntu) doesn't
* ldap: Fallback option for rfc2307 schemaSimo Sorce2013-03-211-0/+1
| | | | | | | | | | | Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
* Resolve GIDs in the simple access providerJakub Hrozek2013-03-191-4/+13
| | | | | | | | | | | | | | Changes the simple access provider's interface to be asynchronous. When the simple access provider encounters a group that has gid, but no meaningful name, it attempts to resolve the name using the be_file_account_request function. Some providers (like the AD provider) might perform initgroups without resolving the group names. In order for the simple access provider to work correctly, we need to resolve the groups before performing the access check. In AD provider, the situation is even more tricky b/c the groups HAVE name, but their name attribute is set to SID and they are set as non-POSIX
* Don't use srcdir with testsJakub Hrozek2013-02-041-3/+3
| | | | Fixes build with automake 1.13 or newer.
* TOOLS: Refresh memcache after changes to local users and groupsJakub Hrozek2013-01-151-2/+8
|
* TOOLS: Split querying nss responder into a separate functionJakub Hrozek2013-01-151-6/+11
| | | | | | The tools query the responder in order to sync the memcache after performing changes to the local database. The functions will be reused by other tools so I split them into a separate functions.
* TOOLS: move memcache related functions to tools_mc_utils.cJakub Hrozek2013-01-151-0/+1
| | | | | | | The upcoming patches will link only users of this file with client libs, so it's better to have it separate. There is no functional change in this patch
* Add tests for get_gids_from_pac()Sumit Bose2013-01-081-0/+1
|
* Add responder_sbus.h to noinst_HEADERSJakub Hrozek2012-12-181-0/+1
|
* tools: sss_userdel and groupdel remove entries from memory cacheMichal Zidek2012-12-131-0/+8
| | | | https://fedorahosted.org/sssd/ticket/1659
* link sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy with -lpthreadTimo Aaltonen2012-12-041-0/+2
| | | | | | | | There used to be an overlinked dependency that's gone now, so to fix a build error add CLIENT_LIBS to sss_ssh_knownhostsproxy_LDFLAGS. v2: Fix sss_ssh_authorizedkeys linking as well.
* avoid versioning libsss_sudoPavel Březina2012-12-021-3/+4
|
* Include the auth_utils.h header in the distributionJakub Hrozek2012-11-121-0/+1
|
* util: Added new file util_lock.cMichal Zidek2012-11-061-1/+2
|
* krb5_child: send PAC to PAC responderSumit Bose2012-10-261-2/+4
| | | | | | If the authenticated user comes from a different realm the service ticket which was returned during the validation of the TGT is used to extract the PAC which is send to the pac responder for evaluation.
* Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudoJakub Hrozek2012-10-121-1/+0
|
* BUILD: Include the patch file in the tarballStephen Gallagher2012-10-011-0/+1
|
* Adding -std=gnu99 flag.Michal Zidek2012-09-041-1/+2
|
* RPM: Switch the default ccache locationJakub Hrozek2012-08-281-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1500
* Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the clientJakub Hrozek2012-08-271-1/+11
| | | | https://fedorahosted.org/sssd/ticket/1460
* Clean up cache on server reinitializationPavel Březina2012-08-231-0/+1
| | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
* Add python bindings for murmurhash3Sumit Bose2012-08-151-3/+18
|
* tests: build sysdb ssh tests conditionallyPavel Březina2012-08-031-1/+4
|
* Create a domain-realm mapping for krb5.conf to be includedJakub Hrozek2012-08-011-0/+1
| | | | | | | | When new subdomains are discovered, the SSSD creates a file that includes the domain-realm mappings. This file can in turn be included in the krb5.conf using the includedir directive, such as: includedir /var/lib/sss/pubconf/realm_mappings
* First-boot sss_seed toolNick Guay2012-08-011-1/+9
|
* Added unit test for sysdb_ssh.cMichal Zidek2012-08-011-0/+14
|
* Write SELinux config files in responder instead of PAM moduleJan Zeleny2012-07-271-1/+1
|
* tests: allow changing cwd in all testsPavel Březina2012-07-271-1/+4
|
* Renamed session provider to selinux providerJan Zeleny2012-07-271-2/+2
|
* pac responder: limit access by checking UIDsSumit Bose2012-07-101-1/+16
| | | | | | | | | | | | A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
* AD: Add manpages and SSSDConfig entriesStephen Gallagher2012-07-061-0/+1
|
* AD: Add AD access-control providerStephen Gallagher2012-07-061-0/+2
| | | | | This patch adds support for checking whether a user is expired or disabled in AD.
* AD: Add AD identity providerStephen Gallagher2012-07-061-0/+42
| | | | | | This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.
* KRB5: Create a common init routine for krb5_child optionsStephen Gallagher2012-07-061-1/+3
| | | | | This will reduce code duplication between the krb5, ipa and ad providers
* sudo ldap provider: load host filter configuration on initPavel Březina2012-06-291-0/+1
| | | | | | | We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
* sudo ldap provider: add new timer APIPavel Březina2012-06-291-0/+1
|
* sudo provider: remove old timerPavel Březina2012-06-291-2/+0
|
* sudo ldap provider: move async routines to sdap_async_sudo.cPavel Březina2012-06-291-0/+1
|
* sudo responder: discard in-memory cachePavel Březina2012-06-291-1/+0
|
* libsss_sudo: bump version to 2:0:1Pavel Březina2012-06-291-1/+1
|
* Build pac responder tests only if pac responder is buildSumit Bose2012-06-251-2/+6
|
generated by cgit (git 2.34.1) at 2024-04-25 07:14:21 +0000