| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
- removed unnecessary blank lines (leftover after many changes)
- list manual pages according to section number
- add missing white spaces to shall scripts
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The optional definition of rpm macro with_ccache was removed in patch
"BUILD: Remove unnecessary patch and configure opts"
as a part of ticket https://fedorahosted.org/sssd/ticket/2036.
It is not used anymore so it can be removed.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Old versions of rpmbuild require ghost files to be present in the buildroot.
It was mainly problem of rpmbuild on rhel5 which is not supported anymore.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
This workaround was for libtool in rhel 5
and we dropped support for it few months ago due to missing dependencies.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generated warning:
/usr/include/features.h:328:4: warning: warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]
warning _FORTIFY_SOURCE requires compiling with optimization (-O)
Macro _FORTIFY_SOURCE requiers to be compiled with optimization. But
the problem with bash function chmake is that it turns off optimization.
To avoid generating warning chmake should undefine macro
_FORTIFY_SOURCE.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2574
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
| |
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2574
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
|
| |
Some pyhton bindings pysss and pysss_murmur was in package sssd-common.
Therefore package sssd-common had python as a dependency.
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
| |
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
| |
RHEL6.6 contains libnl3.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2017
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2550
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
|
|
|
|
|
| |
The problem is already fixed in fedora >= 21
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
If sssd_be is running unprivileged, then krb5_child must be setuid to be
able to access the keytab and become arbitrary user.
Related:
https://fedorahosted.org/sssd/ticket/2370
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Missing dependency, libini_config >= 1.1 is in debian testing
for some time.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
| |
In order for the sssd_be process to run as unprivileged user, we need to
move the semanage processing to a process that runs as the root user
using setuid privileges.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
| |
The ldap_child permissions should be 4750, owned by root.sssd,
to make sure only root and sssd can execute the child and if executed by
sssd, the child will run as root.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Starting from Automake 1.13, the parallel testsuite harness has been made
the default one; this harness is quite silent.
VERBOSE=yes will displays the logs of the non-passed tests (i.e., only
of the failed or skipped ones, or of the ones that passed unexpectedly).
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a private SSSD user in the %pre section of SSSD specfile. Also
changes the ownership of SSSD private directories to sssd.sssd.
Does not change the configure time default, so SSSD will still run as
root. The file and directory ownership does not widen, because the
directories are still only accessible by the private user (whose shell
is /sbin/nologin) and of course the root user.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
Remove Clang analyzer run from contrib/ci/run as it takes a long time
(5-8 minutes) and its results are unused.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Adds a unit test using the nss_wrapper and uid_wrapper libraries that
exercises the ability to become another user.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mock config with name default is usually symbolic link
to the configuration file of local architecture. The side effect
of this patch is that we will not try to rebuild on old architectures
src.rpm for new architectures(fedora). It caused issues with mock tmpfs
plugin.
Resolves:
https://fedorahosted.org/sssd/ticket/2441
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
|
|
|
|
|
|
|
| |
Remove --vgdb=no option from CI's Valgrind invocation, as default
condition for starting gdb (--vgdb-error=999999999) is highly unlikely
and therefore this option is unnecessary.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
| |
Add check for Valgrind test result to contrib/ci/run.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Add suppressions for all issues detected by Valgrind during CI runs.
These seem to be false positives, or cannot be fixed.
Resolves:
https://fedorahosted.org/sssd/ticket/2428
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an empty Valgrind suppressions file, use it when invoking Valgrind.
This prepares for addition of Valgrind suppressions for current false
positives and issues that cannot be fixed, preparing for enforcing
Valgrind check.
Make Valgrind output a suppression for every error and make it output
used suppression names and counts at the end of each run. This
simplifies discovery and addition of new suppressions and removal of
unused ones.
Related to https://fedorahosted.org/sssd/ticket/2428
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Disable running dlopen-tests under Valgrind as their use of dlclose
makes Valgrind drop symbols and produce meaningless backtraces, which
cannot be matched with specific suppressions.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Preserve timestamps of mock configuration files when customizing them in
CI to avoid unnecessary cache rebuilds. This reduces CI run time.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make needn't be installed by default.
$ contrib/ci/run
install-deps: success 00:16:43 ci-install-deps.log
autoreconf: success 00:00:12 ci-autoreconf.log
DEBUG BUILD: ci-build-debug
configure: success 00:00:13 ci-build-debug/ci-configure.log
make-tests: failure 00:00:01 ci-build-debug/ci-make-tests.log
FAILURE
$ cat ci-build-debug/ci-make-tests.log
Start: Mon Sep 8 09:31:43 CEST 2014
+ make-check-wrap -j 4 check -- true
/tmp/sssd/contrib/ci/make-check-wrap: line 52: make: command not found
End: Mon Sep 8 09:31:44 CEST 2014
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
changes from previous patch:
* fixed idmapd.conf example (sss plugin name)
* squahsed the rpm spec into one commit
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
It can be possible to build current master without samba
on rhel5, but the spec file would be very complicated.
It is better to simplify spec file.
Resolves:
https://fedorahosted.org/sssd/ticket/1974
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add explicit dependency on libcmocka-devel when running on any Red Hat
distros, as it turns out it exists everywhere, if only in EPEL distros,
and even though the spec file doesn't require it.
This makes the contrib/ci/run consider cmocka present on all the
supported distros, so remove the corresponding condition as well.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
| |
Add libnfsidmap-dev to CI Debian dependency list. This fixes CI builds
on Debian.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Roland Mainz <rmainz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add basic support for executing continuous integration (CI) tests on
RHEL6, RHEL7, Fedora 20, Fedora Rawhide and Debian Testing.
This adds two front-end scripts which can be executed either locally by
developers, or on a CI server: contrib/ci/run and contrib/ci/clean.
The first one will run the tests and the second will wipe out the
artifacts.
See contrib/ci/README.md for further details.
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
This patch adds everything what is needed to build the MIT Kerberos
localauth plugin if the used version of MIT Kerberos supports it. It
does not implement the plugin.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the libwbclient API for Samba daemons and
utilities. The main purpose is to map Active Directory users and groups
identified by their SID to POSIX users and groups identified by their
POSIX UIDs and GIDs respectively.
The API is not fully implemented because SSSD does not support some AD
features like WINS or NTLM. Additionally this implementation has its
focus on the file-server use case and hence does not implement some
features which might be needed for a domain controller use case.
Some API calls are generic and independent of the backend like e.g.
converting binary SIDs and GUIDs into a string representation and back
or memory allocation and deallocation. These parts are taken from the
original Samba sources together with copyright and authors. Files
with'_sssd' as part of the name contain the SSSD related calls.
Resolves: https://fedorahosted.org/sssd/ticket/1588
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When upgrading from a 1.9 version with monolithic packaging to 1.10 or
later with per-provider subpackage, sssd-common can be upgraded (and
restarted) before the new sssd-$provider is restarted. This can lead to
a startup failure, because the sssd_be process from already upgraded
sssd-common would attempt to load a sssd_$provider.so from the
legacy sssd package.
Restarting the service in %posttrans makes sure all the packages are in
place when we restart the service.
Resolves:
https://fedorahosted.org/sssd/ticket/2399
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
git archive needn't have support for tar.gz format:
[testm1 contrib]# git --version
git version 1.7.1
Thanks Sami K
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Creating SRPM with patches is useful for some static analysers, which can do
two builds. The first time without patches and the second with patches.
Bash function add_patches is inspired by file rpm/add_patches.sh from project\
389-ds-base.
commit 2a92a6cccd1002f4fe976ee7a5b79d779b009f87
Author: Mark Reynolds
Thanks.
Resolves:
https://fedorahosted.org/sssd/ticket/2149
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
The system bus has the ability to start services on demant. This patch
adds the sysbus service activation file that, currently, only calls the
sss_signal tool to signal the monitor.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
A minimal tool whose only purpose is to signal the monitor with
SIGUSR2. The tool will be executed by the system bus in order to provide
system activation, so it's packaged in libexec.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|