summaryrefslogtreecommitdiffstats
path: root/contrib
Commit message (Collapse)AuthorAgeFilesLines
* libwbclient: SSSD implementationSumit Bose2014-08-211-0/+26
| | | | | | | | | | | | | | | | | | | | | | | This patch implements the libwbclient API for Samba daemons and utilities. The main purpose is to map Active Directory users and groups identified by their SID to POSIX users and groups identified by their POSIX UIDs and GIDs respectively. The API is not fully implemented because SSSD does not support some AD features like WINS or NTLM. Additionally this implementation has its focus on the file-server use case and hence does not implement some features which might be needed for a domain controller use case. Some API calls are generic and independent of the backend like e.g. converting binary SIDs and GUIDs into a string representation and back or memory allocation and deallocation. These parts are taken from the original Samba sources together with copyright and authors. Files with'_sssd' as part of the name contain the SSSD related calls. Resolves: https://fedorahosted.org/sssd/ticket/1588 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* RPM: Restart service in %posttrans, not %postJakub Hrozek2014-08-111-3/+2
| | | | | | | | | | | | | | | When upgrading from a 1.9 version with monolithic packaging to 1.10 or later with per-provider subpackage, sssd-common can be upgraded (and restarted) before the new sssd-$provider is restarted. This can lead to a startup failure, because the sssd_be process from already upgraded sssd-common would attempt to load a sssd_$provider.so from the legacy sssd package. Restarting the service in %posttrans makes sure all the packages are in place when we restart the service. Resolves: https://fedorahosted.org/sssd/ticket/2399
* AD-GPO: Store policy settings in local filesYassir Elley2014-07-201-0/+3
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* CONTRIB: Fix creation of tar.gz with old version of gitLukas Slebodnik2014-07-091-3/+3
| | | | | | | | | | git archive needn't have support for tar.gz format: [testm1 contrib]# git --version git version 1.7.1 Thanks Sami K Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* CONTRIB: make_srpm.sh can prepare SRPM with patchesLukas Slebodnik2014-07-091-8/+54
| | | | | | | | | | | | | | | | Creating SRPM with patches is useful for some static analysers, which can do two builds. The first time without patches and the second with patches. Bash function add_patches is inspired by file rpm/add_patches.sh from project\ 389-ds-base. commit 2a92a6cccd1002f4fe976ee7a5b79d779b009f87 Author: Mark Reynolds Thanks. Resolves: https://fedorahosted.org/sssd/ticket/2149 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Add the DBus service activationJakub Hrozek2014-07-081-0/+1
| | | | | | | | The system bus has the ability to start services on demant. This patch adds the sysbus service activation file that, currently, only calls the sss_signal tool to signal the monitor. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* TOOLS: New helper tool sss_signalJakub Hrozek2014-07-081-0/+1
| | | | | | | | A minimal tool whose only purpose is to signal the monitor with SIGUSR2. The tool will be executed by the system bus in order to provide system activation, so it's packaged in libexec. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SPEC: Add gpo_child to package sssd-adLukas Slebodnik2014-07-011-0/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD-GPO: Add gpo-smb implementation in gpo_child processYassir Elley2014-07-011-1/+1
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* sss_sifp: buildPavel Březina2014-05-291-0/+38
| | | | | | https://fedorahosted.org/sssd/ticket/2254 Reviewed-by: Sumit Bose <sbose@redhat.com>
* contrib: add BuildRequires libsmbclient-devel to spec fileSumit Bose2014-05-231-0/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SPEC: Add libsss_ad_common.so to the package sssd-adLukas Slebodnik2014-05-141-0/+1
| | | | | | | | RPM build errors: error: Installed (but unpackaged) file(s) found: /usr/lib64/sssd/libsss_ad_common.so Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss_config: build only when IFP is allowedPavel Březina2014-05-141-2/+2
| | | | | | since the IFP responder is currently the only planned consumer. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_config: buildPavel Březina2014-05-141-0/+2
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SPEC: Remove duplicate sssd_ifp.Lukas Slebodnik2014-05-021-1/+0
| | | | | | | | | | | | | | | | | | | | The file sssd_ifp was installed by two subpackages: sssd-common and sssd-dbus I din't have instaled file org.freedesktop.sssd.infopipe.conf, because it is in package sssd-dbus. Missing conf file caused problem with starting the ifp service. [sssd] [monitor_service_init] (0x0400): Initializing D-BUS Service [sssd] [mt_svc_exit_handler] (0x0040): Child [ifp] exited with code [3] [sssd] [mt_svc_exit_handler] (0x0010): Process [ifp], definitely stopped! [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.522" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus [sssd[ifp]] [sss_responder_ctx_destructor] (0x0400): Responder is being shut down Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Connect to the system busJakub Hrozek2014-04-041-0/+2
| | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2072 Adds the possibility for the InfoPipe responder to connect to the system bus. At the moment, only a dummy method "Ping" is provided. The method only accepts a single string parameter that has to be 'ping'.
* IFP: Re-add the InfoPipe serverJakub Hrozek2014-04-041-0/+17
| | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2072 This commit only adds the responder and the needed plumbing. No DBus related code is in yet.
* Clarify CFLAGS handling in bashrc_sssdNikolai Kondrashov2014-02-201-1/+2
| | | | | | | Clarify comment on CFLAGS contents in "warn" description. Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Michal Žídek <mzidek@redhat.com>
* Handle unbound variables in bashrc_sssdNikolai Kondrashov2014-02-201-2/+2
| | | | | | | | | Explicitly substitute empty strings for unbound variables in bashrc_sssd to support its use in scripts with unbound variable detection enabled (set -u). Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Michal Žídek <mzidek@redhat.com>
* Use functions, not aliases in bashrc_sssdNikolai Kondrashov2014-02-201-45/+67
| | | | | | | | | Use functions instead of aliases as commands in bashrc_sssd. This allows easier use of bashrc_sssd in scripts, since aliases are disabled by default for non-interactive Bash shells. Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Michal Žídek <mzidek@redhat.com>
* Use HW instead of processor name as build archNikolai Kondrashov2014-02-201-1/+1
| | | | | | | | | | | Use "machine hardware name" instead of "processor name" as the build architecture in bashrc_sssd. This fixes determining architecture on systems where "processor name" is not available and is reported by uname(1) as "unknown", e.g. Debian. Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Michal Žídek <mzidek@redhat.com>
* SPEC: Fix packaging rpms on OSes without systemdLukas Slebodnik2014-02-201-1/+3
| | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* BUILD: Simplify enabling journald on installed systemsStephen Gallagher2014-02-191-0/+2
| | | | | | | | | | | systemd supports overrides of the standard service file to be placed in /etc/systemd/system/<service>.service.d/ With this patch, we will install a commented-out override file to /etc that will instruct the user on how to enable logging to journald. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: Build with journald support by default on FedoraStephen Gallagher2014-02-192-0/+3
| | | | | | | | The journal provided by systemd gives us structured logging capabilities that we should be taking advantage of. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: Update bashrc macrosStephen Gallagher2013-10-301-4/+2
| | | | | | * Stop using --target (unneeded) * Drop explicit use of --with-default-ccache* since we now pick it up from libkrb5
* Spec file changes for cifs-utils pluginSumit Bose2013-10-151-0/+25
|
* util: Use systemd-login to check user sessionsSimo Sorce2013-09-161-0/+3
| | | | | | | | | | | | | Use systemd-lgin in preference to check if the user is logged in or not. Fall back to the old method if no systemd-login support is available at compile time or if it returns a fatal error, and can't determine the status of the user on its own. This will allow to consider a user really active (in order to reuse or refresh crdentials) only if it really is logged into the system, and not just if one of the user's processes is stuck around. Resolves: https://fedorahosted.org/sssd/ticket/2084
* RPM: Add new subpackage for PAC responderStephen Gallagher2013-09-051-8/+31
| | | | | | | | | It was discovered that duplicating files in two subpackages is not permitted by Fedora packaging guidelines[1]. This patch moves the PAC responder to a new sssd-common-pac subpackage that both the sssd-ipa and sssd-ad subpackages will require. [1] https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#DuplicateFiles
* BUILD: Remove unnecessary patch and configure optsSimo Sorce2013-08-282-29/+0
| | | | | | | | | Now that we use the libkrb5 defaults for the default ccname template we do not need the patch that changes the man pages defaults nor the configure options to change sssd defaults anymore. Related: https://fedorahosted.org/sssd/ticket/2036
* BUILD: Fix contrib build macros to display warningsStephen Gallagher2013-08-221-6/+6
| | | | | | There was an inconsistency with how the warnings were specified and how they were consumed by the macros. The result was that warnings were hidden.
* RPM: Require libsss_idmap from sssd-commonJakub Hrozek2013-07-171-3/+1
| | | | | The NSS responder recently started using libsss_idmap in the getbysid functions. The bug itself was spotted by one of our automated QA tools.
* Move sssd_pac binary to the IPA and AD providersStephen Gallagher2013-07-021-5/+8
| | | | | This will ensure that we aren't pulling in extra samba4 dependencies for the Kerberos provider.
* RPM: Move sssd_pac to the krb5-common subpackageJakub Hrozek2013-07-021-4/+4
| | | | The PAC responder is now used by both IPA and AD providers.
* Remove sysv->systemd upgrade routinesStephen Gallagher2013-07-021-12/+0
| | | | | There are no longer any Fedora platforms running SSSD with SYSV init scripts. We don't need the upgrade logic any more.
* Move pre and post scripts to sssd-commonStephen Gallagher2013-07-021-5/+5
|
* rpm: couple of small fixesJakub Hrozek2013-06-161-0/+7
| | | | | * Include localized pam_sss manpages in sssd-client * Call ldconfig after libsss_nss_idmap is installed or removed
* rpm: Split providers into separate subpackagesJakub Hrozek2013-06-111-46/+187
| | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1510 This patch splits the previously monolithic sssd package into sssd-common that contains the deamon and the responders and per-provider packages such as sssd-ldap or sssd-ipa. This split would benefit two parties: 1) security auditors who are often trying to find the smallest package set including dependencies needed for the package to function. They would be able to i.e. install sssd-ldap and not bother about sssd-ipa or sssd-ad pulling in more dependencies. 2) 3rd party programs such as realmd or authconfig that would only be able to require or install on demand the needed packages.
* rpm: Use hardened flags for RPM buildJakub Hrozek2013-06-111-0/+4
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1797 This patch adds the _hardened_build macro on platforms where it is defined by the RPM. The macro amounts to compiling with cc --spec=/usr/lib/rpm/redhat/redhat-hardened-cc1 and then linking with ld --spec=/usr/lib/rpm/redhat/redhat-hardened-ld. On Fedora 19, the gcc spec files contain -z now and fPIC or fPIE.
* rpm: Fold libsss_sudo and libsss_autofs back into the main SSSD packageJakub Hrozek2013-06-071-52/+12
| | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1845 libsss_sudo and libsss_autofs are separate packages that contain just a single client library with no additional dependencies. This separation comes from the F-17 timeframe where the feature was really just a tech preview so we didn't want it to be packaged in sssd proper. On the other hand users are getting regularly confused about "sudo not working" when all they really miss is the single library. This patch moves the files owned by the libsss_autofs and libsss_sudo packages back to the main sssd package. We also no longer build the libsss_sudo documentation by default and do not ship the header file as it was just a private one.
* Adding script to create a SRPMLukas Slebodnik2013-05-231-0/+120
| | | | | | | | | | | Recommended way to create SRPM is to run make (prerelease-)srpm. But in previous case make file have to be generated, therefore configure script should not fail. (all sssd required dependencies have to be installed) Script make_srpm.sh can be runned without running configure, script can be runned only from git repository. https://fedorahosted.org/sssd/ticket/1927
* Add python interface to libsss_nss_idmapSumit Bose2013-05-031-0/+14
| | | | | | | | | | To allow to use libsss_nss_idmap from python applications, e.g. the FreeIPA server, the patch adds pythin bindings to libsss_nss_idmap. The contributed spec file will place the python bindings in a new package called libsss_nss_idmap-python. Alexander Bokovoy <abokovoy@redhat.com> kindly provided the code to check the type of the python objects and loop over the list entries.
* Add client library for SID related lookupsSumit Bose2013-05-031-0/+36
| | | | | | | | | | | | This patch add a library for client side lookups for a SID or with a SID through the calls: - sss_nss_getsidbyname - sss_nss_getsidbyid - sss_nss_getnamebysid - sss_nss_getidbysid The library is called libsss_nss_idmap and the contributed spec file will create two new packages libsss_nss_idmap and libsss_nss_idmap-devel.
* Incorrect *.py[co] files placementLukas Slebodnik2013-04-101-4/+18
| | | | | | | | Package sssd contains python files. Python files should be installed in noarch package, therefore all python files from directory src/config/SSSDConfig was moved to new noarch package python-sssdconfig. https://fedorahosted.org/sssd/ticket/1839
* Provide libnl3 supportOndrej Kos2013-03-271-1/+3
| | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/812 Update the monitor code to be using the new libnl3 API. Changed configure option --with-libnl By default, it tries to build with libnl3, if not found, then with libnl1, if this isn't found either, build proceeds without libnl, just with warning. Specifing --with-libnl=<libnl3|libnl1|no> checks for the specific given version, if not found, configure ends with error.
* BUILD: Always run distcheck and RPM tests in /dev/shmStephen Gallagher2013-03-201-0/+1
| | | | | | | | Some of the tests (such as the sysdb tests) are highly I/O limited. By running them on a ramdisk, we can significantly speed up the test runs when doing a distcheck or RPM build. https://fedorahosted.org/sssd/ticket/1840
* Remove duplicate remake from bashrc_sssdJakub Hrozek2013-03-181-6/+0
|
* build: require libcmocka on fedora 18+Pavel Březina2013-03-131-0/+3
|
* BUILD: Add contributed macros and aliases to simplify buildingStephen Gallagher2013-03-071-0/+103
|
* BUILD: Build shared components as an internal shared libraryStephen Gallagher2013-03-011-0/+8
| | | | | | | There is a large amount of duplicated code being linked into multiple SSSD binaries. Instead of statically linking this code throughout the SSSD, we should instead create private shared libraries for them and drop this code on the system only once.
* Bump the version and reset release back to 0Jakub Hrozek2012-12-071-1/+1
|