summaryrefslogtreecommitdiffstats
path: root/contrib
Commit message (Collapse)AuthorAgeFilesLines
* certs: add PEM/DER conversion utilitiesSumit Bose2015-06-192-0/+3
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* BUILD: Store keytabs in /var/lib/sss/keytabsJakub Hrozek2015-06-161-1/+2
| | | | | | Make sure the directory is only accessible to the sssd user Reviewed-by: Michal Židek <mzidek@redhat.com>
* IPA: Fetch keytab for 1way trustsJakub Hrozek2015-06-142-0/+19
| | | | | | | | | Uses the ipa-getkeytab call to retrieve keytabs for one-way trust relationships. https://fedorahosted.org/sssd/ticket/2636 Reviewed-by: Sumit Bose <sbose@redhat.com>
* Add Vagrant configuration for SSSDStephen Gallagher2015-06-021-0/+21
| | | | | | | | | | | | | | | | | | | | To set up a Vagrant development environment: * Install the Vagrant packages for your development system * On Fedora 22 and later: 'dnf install vagrant-libvirt' * Deploy the Vagrant box: * 'vagrant up' * Build SSSD: * vagrant ssh -c "cd /vagrant; reconfig; chmake" Vagrant can keep your development tree in-sync with the Vagrant box by running 'vagrant rsync-auto' in a shell (this will continue to run, monitoring for changes and syncing them as they are saved). Alternately, it can be manually synced with 'vagrant rsync' at will. More information: http://fedoramagazine.org/running-vagrant-fedora-22/ Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* PROXY: proxy_child should work in non-root modeLukas Slebodnik2015-05-311-1/+1
| | | | | | | | | | | | | | | | | | | According to design page[1], proxy_child should run with root privileges in non-root mode however proxy_child did not have setuid bit. After setting setuid bit proxy_child will be executed with extra privileges. The effective user ID will be 0 but effective group ID will be still the same as egid of sssd_be. Therefore gid of private pipe for proxy_child should be the same. Otherwise proxy_child will fail due to wrong permissions of unix pipe (sbus_client_init -> check_file) [1] https://fedorahosted.org/sssd/wiki/DesignDocs/NotRootSSSD Resolves: https://fedorahosted.org/sssd/ticket/2655 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Add integration testsNikolai Kondrashov2015-05-283-1/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add "intgcheck" make target. Update CI to use it. The "intgcheck" target configures and builds sssd in a sub-directory, installs it into a prefix in another sub-directory, and then makes the "intgcheck-installed" target from within src/tests/intg in that separate build. The "intgcheck-installed" target in src/tests/intg runs py.test for all tests it can find in that directory, under fakeroot and nss_wrapper/uid_wrapper environments emulating running under root. It also adds the value of INTGCHECK_PYTEST_ARGS environment/make variable to the py.test command line. You can use it to pass additional py.test options, such as specifying a subset of tests to run. See "py.test --help" output. There are only two test suites in src/tests/intg at the moment: ent_test.py and ldap_test.py. The ent_test.py runs tests on ent.py - a module of assertion functions for checking entries in NSS database (passwd and group), for use in actual tests. The ent_test.py suite can be used as ent.py usage reference. The ldap_test.py suite sets up and starts a slapd instance, adds a few user and group entries, configures and starts sssd and verifies that those users and groups are retrieved correctly using various NSS functions. The tests are very basic at the moment. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* SPEC: Fix cyclic dependencies between sssd-{krb5,}-commonLukas Slebodnik2015-05-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | libsss_ldap_common(sssd-common) requires libsss_krb5_common.so(sssd-krb5-common) and sssd-krb5-common requires sssd-common. sh$ nm --dynamic --defined-only /usr/lib64/sssd/libsss_krb5_common.so 000000000000c4d0 T krb5_service_init 000000000000b8c0 T krb5_try_kdcip 000000000000c710 T remove_krb5_info_files 0000000000014960 T select_principal_from_keytab 00000000000141d0 T sss_krb5_get_error_message sh$ nm --dynamic --undefined-only /usr/lib64/sssd/libsss_ldap_common.so U krb5_service_init U krb5_try_kdcip U remove_krb5_info_files U select_principal_from_keytab U sss_krb5_get_error_message This patch fix cyclic dependency with rpm packaging becuase it's not simple task to remove krb5 dependency from ldap provider. Resolves: https://fedorahosted.org/sssd/ticket/2507 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SPEC: Few cosmetic changesLukas Slebodnik2015-04-081-6/+4
| | | | | | | | - removed unnecessary blank lines (leftover after many changes) - list manual pages according to section number - add missing white spaces to shall scripts Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SPEC: Remove unused optionLukas Slebodnik2015-04-081-1/+0
| | | | | | | | | | The optional definition of rpm macro with_ccache was removed in patch "BUILD: Remove unnecessary patch and configure opts" as a part of ticket https://fedorahosted.org/sssd/ticket/2036. It is not used anymore so it can be removed. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SPEC: Drop workarounds for old rpmbuildLukas Slebodnik2015-04-081-9/+0
| | | | | | | Old versions of rpmbuild require ghost files to be present in the buildroot. It was mainly problem of rpmbuild on rhel5 which is not supported anymore. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SPEC: Drop workaround for old libtoolLukas Slebodnik2015-04-081-9/+0
| | | | | | | This workaround was for libtool in rhel 5 and we dropped support for it few months ago due to missing dependencies. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* RPM: BuildRequire libcmocka >= 1.0Jakub Hrozek2015-03-111-1/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: fix chmake not to generate warningPavel Reichl2015-03-021-1/+2
| | | | | | | | | | | | | Generated warning: /usr/include/features.h:328:4: warning: warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp] warning _FORTIFY_SOURCE requires compiling with optimization (-O) Macro _FORTIFY_SOURCE requiers to be compiled with optimization. But the problem with bash function chmake is that it turns off optimization. To avoid generating warning chmake should undefine macro _FORTIFY_SOURCE. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* SPEC: Build python3 bindings on available platformsLukas Slebodnik2015-02-253-8/+143
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2574 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* SPEC: Replace python_ macros with python2_Lukas Slebodnik2015-02-251-14/+20
| | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* BUILD: Add possibility to build python{2,3} bindingsLukas Slebodnik2015-02-251-0/+4
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2574 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* SPEC: Move python bindings to separate packagesLukas Slebodnik2015-02-251-2/+33
| | | | | | | Some pyhton bindings pysss and pysss_murmur was in package sssd-common. Therefore package sssd-common had python as a dependency. Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* SPEC: Use new convention for python packagesLukas Slebodnik2015-02-251-8/+12
| | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* SPEC: Use libnl3 for epel6Lukas Slebodnik2015-01-201-4/+0
| | | | | | RHEL6.6 contains libnl3. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Python3 support in SSSDBohuslav Kabrda2015-01-131-5/+7
| | | | https://fedorahosted.org/sssd/ticket/2017
* spec: sifp requires sssd-dbusPavel Březina2015-01-091-0/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2550 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Suppress memory errors from poptGetNextOptJakub Hrozek2014-12-071-0/+29
| | | | Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* CI: Update valgrind suppresion database for libselinuxLukas Slebodnik2014-12-051-0/+13
| | | | | | The problem is already fixed in fedora >= 21 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Install krb5_child as suid if running under non-privileged userJakub Hrozek2014-11-181-1/+1
| | | | | | | | | | | If sssd_be is running unprivileged, then krb5_child must be setuid to be able to access the keytab and become arbitrary user. Related: https://fedorahosted.org/sssd/ticket/2370 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Build sssd on debian with samba supportLukas Slebodnik2014-11-111-7/+0
| | | | | | | Missing dependency, libini_config >= 1.1 is in debian testing for some time. Reviewed-by: Michal Židek <mzidek@redhat.com>
* IPA: Move setting the SELinux context to a child processJakub Hrozek2014-11-051-0/+1
| | | | | | | | In order for the sssd_be process to run as unprivileged user, we need to move the semanage processing to a process that runs as the root user using setuid privileges. Reviewed-by: Michal Židek <mzidek@redhat.com>
* BUILD: Install ldap_child and as setuid if running under non-privileged userJakub Hrozek2014-11-051-1/+1
| | | | | | | | The ldap_child permissions should be 4750, owned by root.sssd, to make sure only root and sssd can execute the child and if executed by sssd, the child will run as root. Reviewed-by: Michal Židek <mzidek@redhat.com>
* SPEC: Print testsuite log for failed testLukas Slebodnik2014-10-221-1/+1
| | | | | | | | | | Starting from Automake 1.13, the parallel testsuite harness has been made the default one; this harness is quite silent. VERBOSE=yes will displays the logs of the non-passed tests (i.e., only of the failed or skipped ones, or of the ones that passed unexpectedly). Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* RPM: Change file ownership to sssd.sssdJakub Hrozek2014-10-221-11/+15
| | | | | | | | | | | | | Adds a private SSSD user in the %pre section of SSSD specfile. Also changes the ownership of SSSD private directories to sssd.sssd. Does not change the configure time default, so SSSD will still run as root. The file and directory ownership does not widen, because the directories are still only accessible by the private user (whose shell is /sbin/nologin) and of course the root user. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* CI: Remove Clang analyzerNikolai Kondrashov2014-10-223-60/+5
| | | | | | | Remove Clang analyzer run from contrib/ci/run as it takes a long time (5-8 minutes) and its results are unused. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* RPM: Package the libsss_semanage.so libraryJakub Hrozek2014-10-201-0/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* TESTS: Add a test to change user IDsJakub Hrozek2014-10-102-0/+6
| | | | | | | Adds a unit test using the nss_wrapper and uid_wrapper libraries that exercises the ability to become another user. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Don't say Valgrind is ignored in README.mdNikolai Kondrashov2014-09-251-2/+1
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* CI: Use default config for mock buildLukas Slebodnik2014-09-221-6/+5
| | | | | | | | | | | | | | | The mock config with name default is usually symbolic link to the configuration file of local architecture. The side effect of this patch is that we will not try to rebuild on old architectures src.rpm for new architectures(fedora). It caused issues with mock tmpfs plugin. Resolves: https://fedorahosted.org/sssd/ticket/2441 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
* CI: Remove disabling of Valgrind gdb invocationNikolai Kondrashov2014-09-221-1/+0
| | | | | | | | Remove --vgdb=no option from CI's Valgrind invocation, as default condition for starting gdb (--vgdb-error=999999999) is highly unlikely and therefore this option is unnecessary. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Enforce Valgrind checkNikolai Kondrashov2014-09-221-1/+1
| | | | | | Add check for Valgrind test result to contrib/ci/run. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Suppress all detected Valgrind issuesNikolai Kondrashov2014-09-221-0/+102
| | | | | | | | | | Add suppressions for all issues detected by Valgrind during CI runs. These seem to be false positives, or cannot be fixed. Resolves: https://fedorahosted.org/sssd/ticket/2428 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Add Valgrind suppression supportNikolai Kondrashov2014-09-222-2/+15
| | | | | | | | | | | | | | | | Add an empty Valgrind suppressions file, use it when invoking Valgrind. This prepares for addition of Valgrind suppressions for current false positives and issues that cannot be fixed, preparing for enforcing Valgrind check. Make Valgrind output a suppression for every error and make it output used suppression names and counts at the end of each run. This simplifies discovery and addition of new suppressions and removal of unused ones. Related to https://fedorahosted.org/sssd/ticket/2428 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Don't run dlopen-tests under ValgrindNikolai Kondrashov2014-09-221-1/+2
| | | | | | | | Disable running dlopen-tests under Valgrind as their use of dlclose makes Valgrind drop symbols and produce meaningless backtraces, which cannot be matched with specific suppressions. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* CI: Preserve mock config timestampsNikolai Kondrashov2014-09-161-1/+3
| | | | | | | Preserve timestamps of mock configuration files when customizing them in CI to avoid unnecessary cache rebuilds. This reduces CI run time. Reviewed-by: Michal Židek <mzidek@redhat.com>
* CI: Add missing debian dependencyLukas Slebodnik2014-09-161-0/+1
| | | | | | | | | | | | | | | | | | | | make needn't be installed by default. $ contrib/ci/run install-deps: success 00:16:43 ci-install-deps.log autoreconf: success 00:00:12 ci-autoreconf.log DEBUG BUILD: ci-build-debug configure: success 00:00:13 ci-build-debug/ci-configure.log make-tests: failure 00:00:01 ci-build-debug/ci-make-tests.log FAILURE $ cat ci-build-debug/ci-make-tests.log Start: Mon Sep 8 09:31:43 CEST 2014 + make-check-wrap -j 4 check -- true /tmp/sssd/contrib/ci/make-check-wrap: line 52: make: command not found End: Mon Sep 8 09:31:44 CEST 2014 Reviewed-by: Michal Židek <mzidek@redhat.com>
* libwbclient: avoid collision with Samba versionSumit Bose2014-09-081-4/+4
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* NFSv4 client: man pageNoam Meltzer2014-09-081-0/+1
| | | | | | | | changes from previous patch: * fixed idmapd.conf example (sss plugin name) * squahsed the rpm spec into one commit Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SPEC: Drop old OS conditions from spec file.Lukas Slebodnik2014-09-051-75/+4
| | | | | | | | | | | It can be possible to build current master without samba on rhel5, but the spec file would be very complicated. It is better to simplify spec file. Resolves: https://fedorahosted.org/sssd/ticket/1974 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SPEC: Use netlink library version 3 for rhel7Lukas Slebodnik2014-09-051-1/+3
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* CI: Consider libcmocka-devel always presentNikolai Kondrashov2014-09-052-14/+4
| | | | | | | | | | | Add explicit dependency on libcmocka-devel when running on any Red Hat distros, as it turns out it exists everywhere, if only in EPEL distros, and even though the spec file doesn't require it. This makes the contrib/ci/run consider cmocka present on all the supported distros, so remove the corresponding condition as well. Reviewed-by: Michal Židek <mzidek@redhat.com>
* CI: Add libnfsidmap-dev Debian dependencyNikolai Kondrashov2014-09-021-0/+1
| | | | | | | Add libnfsidmap-dev to CI Debian dependency list. This fixes CI builds on Debian. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* NFSv4 client: add to RPM specNoam Meltzer2014-09-021-0/+7
| | | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Roland Mainz <rmainz@redhat.com>
* Add basic support for CI test executionNikolai Kondrashov2014-09-0210-0/+1044
| | | | | | | | | | | | | | | Add basic support for executing continuous integration (CI) tests on RHEL6, RHEL7, Fedora 20, Fedora Rawhide and Debian Testing. This adds two front-end scripts which can be executed either locally by developers, or on a CI server: contrib/ci/run and contrib/ci/clean. The first one will run the tests and the second will wipe out the artifacts. See contrib/ci/README.md for further details. Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Add conditional build for MIT Kerberos localauth pluginSumit Bose2014-09-021-0/+12
| | | | | | | | This patch adds everything what is needed to build the MIT Kerberos localauth plugin if the used version of MIT Kerberos supports it. It does not implement the plugin. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>