summaryrefslogtreecommitdiffstats
path: root/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* BUILD: Remove unused variable TEST_MOCK_OBJLukas Slebodnik2015-10-081-2/+0
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Link crypto_tests with existing libraryLukas Slebodnik2015-10-081-5/+4
| | | | | | | It's not necessary to bundle libsss_crypto to crypto_tests. We can link it directly. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Link just libsss_crypto with crypto librariesLukas Slebodnik2015-10-081-3/+5
| | | | | | | | It should prevent such failures as in commit 73ec8fdfddb2d4bf99977f758eec80e1b1ee8542 BUILD: Link test_data_provider_be with -ldl Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* HBAC: Better libhbac debuggingPetr Cech2015-10-011-1/+1
| | | | | | | | | | | | | Added support for logging via external log function. Log provides information about rules evaluating (HBAC_DBG_INFO level) and additionally can describe rules (HBAC_DBG_TRACE level). Resolves: https://fedorahosted.org/sssd/ticket/2703 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* BUILD: Link test_data_provider_be with -ldlLukas Slebodnik2015-09-301-0/+1
| | | | | | | | | | | | | | | | | | The module data_provider_be.o uses uncfion dlsym and thus need to be linked with -ldl. /usr/bin/ld: src/providers/test_data_provider_be-data_provider_be.o: undefined reference to symbol 'dlsym@@GLIBC_2.2.5' /usr/lib64/libdl.so.2: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status Makefile:10461: recipe for target 'test_data_provider_be' failed It was not a problem when sssd was compiled with NSS because it contains -ldl among its flags. NSS_LIBS='-lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl ' However the compilation failed when sssd was compiled with libcrypto Reviewed-by: Michal Židek <mzidek@redhat.com>
* BUILD: Remove unused variable SSSD_UTIL_OBJLukas Slebodnik2015-09-241-2/+0
| | | | | | | It was removed as part of commit fe2091327ff44f80d6681c261494e4432404e9ba Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Do not build libsss_ad_common.la as libraryLukas Slebodnik2015-09-241-18/+15
| | | | | | | | | | | | libsss_ad_common.la was a dynamic library and was linked just with unit tests. It was a workaroud because module libsss_ad.so cannot be linked with tests without portability issues. But it was addted to pkglib_LTLIBRARIES and therefore it was installed with other libraries. This patch changed it and libsss_ad_test.la (old name libsss_ad_common.la) will be compiled only for unit tests (check_LTLIBRARIES) and will not be installed with command "make install". Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Remove unused variable CHECK_OBJLukas Slebodnik2015-09-241-2/+2
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Simplify build of test_data_provider_beLukas Slebodnik2015-09-241-8/+3
| | | | | | | It's an alternative solution for https://fedorahosted.org/sssd/ticket/2799 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: Make p11_child timeout configurableMichal Židek2015-09-231-1/+0
| | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2773 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* LDAP: Filter out multiple entries when searching overlapping domainsJakub Hrozek2015-09-221-0/+4
| | | | | | | | | | In case domain overlap, we might download multiple objects. To avoid saving them all, we attempt to filter out the objects from foreign domains. We can only do this optimization for non-wildcard lookups. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: link dp tests with LDB directly to fix builds on DebianJakub Hrozek2015-09-221-0/+2
| | | | | | https://fedorahosted.org/sssd/ticket/2799 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* DP: Provide a way to mark subdomain as disabled and auto-enable it later ↵Jakub Hrozek2015-09-211-0/+26
| | | | | | | | | | | | | | | | with offline_timeout https://fedorahosted.org/sssd/ticket/2637 Adds a new Data Provider function be_mark_dom_offline() that is a replacement for be_mark_offline(). When called, the function would either set the whole back end offline, just like be_mark_offline or just set the subdomain status to inactive. When a subdomain is inactive, there is a singleton timed task that would re-set the subdomin after offline_timeout seconds. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* LDAP: Sanitize group dn before using in filterLukas Slebodnik2015-09-181-0/+1
| | | | | | | | | | Each string should be sanitized(rfc4515) before using ldbsearch. A group dn was not sanitized in the function cleanup_groups. Resolves: https://fedorahosted.org/sssd/ticket/2744 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Partially revert "LDAP: sanitize group name when used in filter"Lukas Slebodnik2015-09-181-1/+0
| | | | | | | This reverts commit e2e334b2f51118cb14c7391c4e4e44ff247ef638. + temporary disable unit test Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test_ipa_subdomains_server: Use unique dorectory for keytabsLukas Slebodnik2015-09-181-1/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2694 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* tests: Use unique name for TEST_PATHLukas Slebodnik2015-09-181-1/+3
| | | | | | | | | | | | | | We had a cases in patch where two tests were using the same TEST_PATH and therefore they were stepping each other to the same files which caused failures. These failures are not easy to reproduce. This patch uses macro BASE_FILE_STEM for unique name. It should prevent copy&paste problem resulting to intermittent failures. @see also https://www.gnu.org/software/make/manual/html_node/Automatic-Variables.html Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DATA_PROVIDER: BE_REQ as string in log messagePetr Cech2015-09-141-1/+4
| | | | | | | | | | | | | | | | | Add be_req2str() for translation BE_REQ to string. So we will have || Got request for [0x1001][FAST BE_REQ_USER][1][name=celestian] instead of || Got request for [0x1001][1][name=celestian] Function be_req2str() is used in data provider and in responder too. So this patch create new header file data_provider_req.h which delivers function be_req2str() and definitions of BE_REQ_*. Resolves: https://fedorahosted.org/sssd/ticket/2708 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* BUILD: Simplify build of simple_access_testsLukas Slebodnik2015-09-051-19/+5
| | | | | | | | | | | | | Link test with existing libraries instead of building all necessary source file on more time. It's not portable to link with libsss_simple.so because it is a dynamic module and not dynamic library. *** Warning: Linking the executable simple_access-tests against the loadable module *** libsss_simple.so is not portable! Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Speed up build of some testsLukas Slebodnik2015-09-051-75/+23
| | | | | | | | Some tests were built with files require for backend $(sssd_be_SOURCES). This automake variable contains 15 files which were build every time for each test. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Build libdlopen_test_providers.la as a dynamic libraryLukas Slebodnik2015-09-051-1/+1
| | | | | | | | | | Module which can be loaded by dlopen but cannot be linked with other binaries. *** Warning: Linking the executable test_xyzp against the loadable module *** libdlopen_test_providers.so is not portable! Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Makefile.am: Add missing AM_CFLAGSMichal Židek2015-09-031-0/+5
| | | | | | | | Some targets were missing AM_CFLAGS so it was not possible to compile C99 features in their source code. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* TESTS: Add trailing whitespace testNikolai Kondrashov2015-09-031-1/+5
| | | | | | | Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* UTIL: Fixing Makefile.am for util/sss_cli_cmd.hPetr Cech2015-09-011-0/+1
| | | | | | | | | Last patch for ticket 2708 broke make distcheck. This is fix. Resolves: https://fedorahosted.org/sssd/ticket/2708 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* UTIL: Function 2string for enum sss_cli_commandPetr Cech2015-08-311-1/+3
| | | | | | | | | | | | Improvement of debug messages. Instead of:"(0x0400): Running command [17]..." We could see:"(0x0400): Running command [17][SSS_NSS_GETPWNAM]..." (It's not used in sss_client. There are only hex numbers of commands.) Resolves: https://fedorahosted.org/sssd/ticket/2708 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_override: support import and exportPavel Březina2015-08-201-0/+2
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2737 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: sanitize group name when used in filterPavel Reichl2015-08-171-0/+22
| | | | | | | | | | | cleanup_groups() uses DN of group in filter for ldbsearch. But the name might contain characters with special meaning for filtering like - "*()\/" Resolves: https://fedorahosted.org/sssd/ticket/2744 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* pam: Incerease p11 child timeoutMichal Židek2015-08-171-0/+1
| | | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2746 It was timeouting often in CI machines. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* IPA: Always re-fetch the keytab from the IPA serverJakub Hrozek2015-08-141-0/+2
| | | | | | | | | | Even if a keytab for one-way trust exists, re-fetch the keytab again and try to use it. Fall back to the previous one if it exists. This is in order to allow the admin to re-establish the trust keytabs with a simple sssd restart. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* krb5 utils: add sss_krb5_realm_has_proxy()Sumit Bose2015-08-051-0/+1
| | | | | Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* ssh: generate public keys from certificateSumit Bose2015-07-311-2/+5
| | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: add certificate support to PAM (pre-)auth requestsSumit Bose2015-07-311-0/+5
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Add NSS version of p11_childSumit Bose2015-07-311-1/+24
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* utils: add NSS version of cert utilsSumit Bose2015-07-311-4/+25
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TOOLS: add sss_override for local overridesPavel Březina2015-07-271-1/+15
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2584 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TOOLS: add common command frameworkPavel Březina2015-07-271-1/+4
| | | | | | | | | | Add general framework to simplify creating "cmd COMMAND [OPTIONS...]" style tools. Preparation for: https://fedorahosted.org/sssd/ticket/2584 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* KRB5: Add and use krb5_auth_queue_send to queue requests by defaultJakub Hrozek2015-07-061-0/+17
| | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2701 Previously, only the krb5 provides used to queue requests, which resulted in concurrent authentication requests stepping on one another. This patch queues requests by default. Reviewed-by: Sumit Bose <sbose@redhat.com>
* sss_client: Use initgr mmap cache in client codeLukas Slebodnik2015-07-031-0/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2485 Reviewed-by: Michal Židek <mzidek@redhat.com>
* test_ipa_subdomains_server: Fix build with --coverageLukas Slebodnik2015-07-021-0/+1
| | | | | | | | | | | It seems that gcc did some optimization and used execve instead of execle when the code was instrumented for coverage analysis. So the exec* function was not wrapped and it tried to call real binary ipa-getkeytab Reviewed-by: Michal Židek <mzidek@redhat.com>
* IFP: add FindByCertificate method for User objectsSumit Bose2015-06-191-1/+3
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sysdb: add sysdb_search_user_by_cert() and sysdb_search_object_by_cert()Sumit Bose2015-06-191-0/+1
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* certs: add PEM/DER conversion utilitiesSumit Bose2015-06-191-0/+38
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sbus: listen to NameOwnerChangedPavel Březina2015-06-191-0/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2326 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: add support for incoming signalsPavel Březina2015-06-191-0/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Export nodesPavel Březina2015-06-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | IFP now exports cached users and groups in introspection. After a user is cached with: dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Store And Introspection called with: dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.DBus.Introspectable.Introspect The cached users would be visible in the Introspection XML as: <node name="ipaldap/397400000" /> </node> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Implement org.freedesktop.sssd.infopipe.Cache[.Object]Pavel Březina2015-06-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2338 Example use: $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.FindByName \ string:admin object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000" $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ ] $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Store boolean true $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ object path "/org/freedesktop/sssd/infopipe/Users/ipaldap/397400000" ] $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users/ipaldap/397400000 \ org.freedesktop.sssd.infopipe.Cache.Object.Remove boolean true $ dbus-send --print-reply --system \ --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Cache.List array [ ] Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Store keytabs in /var/lib/sss/keytabsJakub Hrozek2015-06-161-2/+5
| | | | | | Make sure the directory is only accessible to the sssd user Reviewed-by: Michal Židek <mzidek@redhat.com>
* CONFIG: Add SSS_STATEDIR as VARDIR/lib/sssJakub Hrozek2015-06-161-0/+2
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* AD: Rename ad_create_default_options to ad_create_2way_trust_optionsJakub Hrozek2015-06-141-5/+12
| | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2638 Better reflects what's going on in the function. Also adds a unit test. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Fetch keytab for 1way trustsJakub Hrozek2015-06-141-0/+4
| | | | | | | | | Uses the ipa-getkeytab call to retrieve keytabs for one-way trust relationships. https://fedorahosted.org/sssd/ticket/2636 Reviewed-by: Sumit Bose <sbose@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-06 04:39:57 +0000