| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the libwbclient API for Samba daemons and
utilities. The main purpose is to map Active Directory users and groups
identified by their SID to POSIX users and groups identified by their
POSIX UIDs and GIDs respectively.
The API is not fully implemented because SSSD does not support some AD
features like WINS or NTLM. Additionally this implementation has its
focus on the file-server use case and hence does not implement some
features which might be needed for a domain controller use case.
Some API calls are generic and independent of the backend like e.g.
converting binary SIDs and GUIDs into a string representation and back
or memory allocation and deallocation. These parts are taken from the
original Samba sources together with copyright and authors. Files
with'_sssd' as part of the name contain the SSSD related calls.
Resolves: https://fedorahosted.org/sssd/ticket/1588
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When upgrading from a 1.9 version with monolithic packaging to 1.10 or
later with per-provider subpackage, sssd-common can be upgraded (and
restarted) before the new sssd-$provider is restarted. This can lead to
a startup failure, because the sssd_be process from already upgraded
sssd-common would attempt to load a sssd_$provider.so from the
legacy sssd package.
Restarting the service in %posttrans makes sure all the packages are in
place when we restart the service.
Resolves:
https://fedorahosted.org/sssd/ticket/2399
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
git archive needn't have support for tar.gz format:
[testm1 contrib]# git --version
git version 1.7.1
Thanks Sami K
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Creating SRPM with patches is useful for some static analysers, which can do
two builds. The first time without patches and the second with patches.
Bash function add_patches is inspired by file rpm/add_patches.sh from project\
389-ds-base.
commit 2a92a6cccd1002f4fe976ee7a5b79d779b009f87
Author: Mark Reynolds
Thanks.
Resolves:
https://fedorahosted.org/sssd/ticket/2149
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
The system bus has the ability to start services on demant. This patch
adds the sysbus service activation file that, currently, only calls the
sss_signal tool to signal the monitor.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
A minimal tool whose only purpose is to signal the monitor with
SIGUSR2. The tool will be executed by the system bus in order to provide
system activation, so it's packaged in libexec.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
RPM build errors:
error: Installed (but unpackaged) file(s) found:
/usr/lib64/sssd/libsss_ad_common.so
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
since the IFP responder is currently the only planned consumer.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The file sssd_ifp was installed by two subpackages: sssd-common and sssd-dbus
I din't have instaled file org.freedesktop.sssd.infopipe.conf, because it is
in package sssd-dbus. Missing conf file caused problem with starting
the ifp service.
[sssd] [monitor_service_init] (0x0400): Initializing D-BUS Service
[sssd] [mt_svc_exit_handler] (0x0040): Child [ifp] exited with code [3]
[sssd] [mt_svc_exit_handler] (0x0010): Process [ifp], definitely stopped!
[sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.522"
is not allowed to own the service "org.freedesktop.sssd.infopipe" due to
security policies in the configuration file
[sssd[ifp]] [ifp_process_init] (0x0020):
Failed to connect to the system message bus
[sssd[ifp]] [sss_responder_ctx_destructor] (0x0400):
Responder is being shut down
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2072
Adds the possibility for the InfoPipe responder to connect to the system bus.
At the moment, only a dummy method "Ping" is provided. The method only
accepts a single string parameter that has to be 'ping'.
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2072
This commit only adds the responder and the needed plumbing. No DBus
related code is in yet.
|
|
|
|
|
|
|
| |
Clarify comment on CFLAGS contents in "warn" description.
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Michal Žídek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Explicitly substitute empty strings for unbound variables in bashrc_sssd
to support its use in scripts with unbound variable detection enabled
(set -u).
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Michal Žídek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Use functions instead of aliases as commands in bashrc_sssd.
This allows easier use of bashrc_sssd in scripts, since aliases are
disabled by default for non-interactive Bash shells.
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Michal Žídek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Use "machine hardware name" instead of "processor name" as the build
architecture in bashrc_sssd.
This fixes determining architecture on systems where "processor name" is
not available and is reported by uname(1) as "unknown", e.g. Debian.
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Michal Žídek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
systemd supports overrides of the standard service file to be placed in
/etc/systemd/system/<service>.service.d/
With this patch, we will install a commented-out override file to /etc
that will instruct the user on how to enable logging to journald.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
The journal provided by systemd gives us structured logging
capabilities that we should be taking advantage of.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
| |
* Stop using --target (unneeded)
* Drop explicit use of --with-default-ccache* since we now pick it up
from libkrb5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use systemd-lgin in preference to check if the user is logged in or not.
Fall back to the old method if no systemd-login support is available at compile
time or if it returns a fatal error, and can't determine the status of the user
on its own.
This will allow to consider a user really active (in order to reuse or refresh
crdentials) only if it really is logged into the system, and not just if one
of the user's processes is stuck around.
Resolves:
https://fedorahosted.org/sssd/ticket/2084
|
|
|
|
|
|
|
|
|
| |
It was discovered that duplicating files in two subpackages is not
permitted by Fedora packaging guidelines[1]. This patch moves the PAC
responder to a new sssd-common-pac subpackage that both the sssd-ipa
and sssd-ad subpackages will require.
[1] https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#DuplicateFiles
|
|
|
|
|
|
|
|
|
| |
Now that we use the libkrb5 defaults for the default ccname template
we do not need the patch that changes the man pages defaults nor the
configure options to change sssd defaults anymore.
Related:
https://fedorahosted.org/sssd/ticket/2036
|
|
|
|
|
|
| |
There was an inconsistency with how the warnings were specified and
how they were consumed by the macros. The result was that warnings were
hidden.
|
|
|
|
|
| |
The NSS responder recently started using libsss_idmap in the getbysid
functions. The bug itself was spotted by one of our automated QA tools.
|
|
|
|
|
| |
This will ensure that we aren't pulling in extra samba4
dependencies for the Kerberos provider.
|
|
|
|
| |
The PAC responder is now used by both IPA and AD providers.
|
|
|
|
|
| |
There are no longer any Fedora platforms running SSSD with SYSV
init scripts. We don't need the upgrade logic any more.
|
| |
|
|
|
|
|
| |
* Include localized pam_sss manpages in sssd-client
* Call ldconfig after libsss_nss_idmap is installed or removed
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1510
This patch splits the previously monolithic sssd package into sssd-common
that contains the deamon and the responders and per-provider packages
such as sssd-ldap or sssd-ipa.
This split would benefit two parties:
1) security auditors who are often trying to find the smallest package
set including dependencies needed for the package to function.
They would be able to i.e. install sssd-ldap and not bother
about sssd-ipa or sssd-ad pulling in more dependencies.
2) 3rd party programs such as realmd or authconfig
that would only be able to require or install on demand the
needed packages.
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1797
This patch adds the _hardened_build macro on platforms where it is
defined by the RPM. The macro amounts to compiling with cc
--spec=/usr/lib/rpm/redhat/redhat-hardened-cc1 and then linking with ld
--spec=/usr/lib/rpm/redhat/redhat-hardened-ld.
On Fedora 19, the gcc spec files contain -z now and fPIC or fPIE.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1845
libsss_sudo and libsss_autofs are separate packages that contain just a
single client library with no additional dependencies. This separation
comes from the F-17 timeframe where the feature was really just a tech
preview so we didn't want it to be packaged in sssd proper. On the other
hand users are getting regularly confused about "sudo not working" when
all they really miss is the single library.
This patch moves the files owned by the libsss_autofs and libsss_sudo
packages back to the main sssd package. We also no longer build the
libsss_sudo documentation by default and do not ship the header file as
it was just a private one.
|
|
|
|
|
|
|
|
|
|
|
| |
Recommended way to create SRPM is to run make (prerelease-)srpm.
But in previous case make file have to be generated, therefore
configure script should not fail. (all sssd required dependencies have to be
installed)
Script make_srpm.sh can be runned without running configure, script can be
runned only from git repository.
https://fedorahosted.org/sssd/ticket/1927
|
|
|
|
|
|
|
|
|
|
| |
To allow to use libsss_nss_idmap from python applications, e.g. the
FreeIPA server, the patch adds pythin bindings to libsss_nss_idmap. The
contributed spec file will place the python bindings in a new package
called libsss_nss_idmap-python.
Alexander Bokovoy <abokovoy@redhat.com> kindly provided the code to
check the type of the python objects and loop over the list entries.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add a library for client side lookups for a SID or with a
SID through the calls:
- sss_nss_getsidbyname
- sss_nss_getsidbyid
- sss_nss_getnamebysid
- sss_nss_getidbysid
The library is called libsss_nss_idmap and the contributed spec file
will create two new packages libsss_nss_idmap and
libsss_nss_idmap-devel.
|
|
|
|
|
|
|
|
| |
Package sssd contains python files. Python files should be installed
in noarch package, therefore all python files from directory
src/config/SSSDConfig was moved to new noarch package python-sssdconfig.
https://fedorahosted.org/sssd/ticket/1839
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/812
Update the monitor code to be using the new libnl3 API.
Changed configure option
--with-libnl
By default, it tries to build with libnl3, if not found, then with
libnl1, if this isn't found either, build proceeds without libnl, just
with warning.
Specifing --with-libnl=<libnl3|libnl1|no> checks for the specific given
version, if not found, configure ends with error.
|
|
|
|
|
|
|
|
| |
Some of the tests (such as the sysdb tests) are highly I/O limited.
By running them on a ramdisk, we can significantly speed up the
test runs when doing a distcheck or RPM build.
https://fedorahosted.org/sssd/ticket/1840
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
There is a large amount of duplicated code being linked into multiple
SSSD binaries. Instead of statically linking this code throughout the
SSSD, we should instead create private shared libraries for them and
drop this code on the system only once.
|
| |
|