sssd.git/src/external, branch sssctl Unnamed repository; edit this file 'description' to name the repository. BUILD: Accept krb5 1.16 for building the PAC plugin 2017-10-09T11:16:37+00:00 Sumit Bose sbose@redhat.com 2017-10-09T07:55:31+00:00 ce68b4ff25cbd52935a540046f0412ce869a27a5 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
BUILD: Improve error messages for optional dependencies 2017-05-31T13:24:12+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-05-30T12:40:07+00:00 8ccc9b7c317cf5ee8f295b38bfc4c2b7d551f8f1 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
configure: fix typo 2017-03-30T17:08:28+00:00 Pavel Březina pbrezina@redhat.com 2017-03-29T11:28:49+00:00 dc186bfe90665c13d589b3b4efd9009293e62c46 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
build: make curl required by secrets 2017-03-30T17:07:39+00:00 Pavel Březina pbrezina@redhat.com 2017-03-22T11:32:31+00:00 793f2573b2beaf8b48eab850429482acf68ec2b1 Also remove --disable-libcurl since it doesn't make sense. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Also remove --disable-libcurl since it doesn't make sense.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
CONFIGURE: Fix fallback if pkg-config for uuid is missing 2017-03-28T10:36:53+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-03-27T09:59:01+00:00 7c67679ba86682d8c2afea404ec0229641a7f473 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
KCM: Implement an internal ccache storage and retrieval API 2017-03-27T07:57:31+00:00 Jakub Hrozek jhrozek@redhat.com 2017-03-07T12:49:21+00:00 bea0dc79faf609de8603cb42f190adae544bc8fb In order for the KCM server to work with ccaches stored in different locations, implement a middle-man between the KCM server and the ccache storage. This module has asynchronous API because we can't assume anything about where the ccaches are stored. Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
In order for the KCM server to work with ccaches stored in different
locations, implement a middle-man between the KCM server and the ccache
storage.

This module has asynchronous API because we can't assume anything about
where the ccaches are stored.

Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
KCM: Initial responder build and packaging 2017-03-27T07:56:19+00:00 Jakub Hrozek jhrozek@redhat.com 2016-08-01T10:52:07+00:00 b9c563c29243291f40489bb0dcbf3946fca72d58 Adds the initial build of the Kerberos Cache Manager responder (KCM). This is a deamon that is capable of holding and storing Kerberos ccaches. When KCM is used, the kerberos libraries (invoked through e.g. kinit) are referred to as a 'client' and the KCM deamon is referred to as 'server'. At the moment, only the Heimdal implementation of Kerberos implements the KCM server: https://www.h5l.org/manual/HEAD/info/heimdal/Credential-cache-server-_002d-KCM.html This patch adds a KCM server to SSSD. In MIT, only the 'client-side' support was added: http://k5wiki.kerberos.org/wiki/Projects/KCM_client This page also describes the protocol between the client and the server. The client is capable of talking to the server over either UNIX sockets (Linux, most Unixes) or Mach RPC (macOS). Our server only implements the UNIX sockets way and should be socket-activated by systemd, although can in theory be also ran explicitly. The KCM server only builds if the configuration option "--with-kcm" is enabled. It is packaged in a new subpackage sssd-kcm in order to allow distributions to enable the KCM credential caches by installing this subpackage only, without the rest of the SSSD. The sssd-kcm subpackage also includes a krb5.conf.d snippet that allows the admin to just uncomment the KCM defaults and instructs them to start the socket. The server can be configured in sssd.conf in the "[kcm]" section. By default, the server only listens on the same socket path the Heimdal server uses, which is "/var/run/.heim_org.h5l.kcm-socket". This is, however, configurable. The file src/responder/kcm/kcm.h is more or less directly imported from the MIT Kerberos tree, with an additional sentinel code and some comments. Not all KCM operations are implemented, only those that also the MIT client implements. That said, this KCM server should also be usable with a Heimdal client, although no special testing was with this hybrid. The patch also adds several error codes that will be used in later patches. Related to: https://pagure.io/SSSD/sssd/issue/2887 Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Adds the initial build of the Kerberos Cache Manager responder (KCM).

This is a deamon that is capable of holding and storing Kerberos
ccaches. When KCM is used, the kerberos libraries (invoked through e.g.
kinit) are referred to as a 'client' and the KCM deamon is referred to
as 'server'.

At the moment, only the Heimdal implementation of Kerberos implements the
KCM server:
    https://www.h5l.org/manual/HEAD/info/heimdal/Credential-cache-server-_002d-KCM.html
This patch adds a KCM server to SSSD.

In MIT, only the 'client-side' support was added:
    http://k5wiki.kerberos.org/wiki/Projects/KCM_client
This page also describes the protocol between the client and the server.

The client is capable of talking to the server over either UNIX sockets
(Linux, most Unixes) or Mach RPC (macOS). Our server only implements the
UNIX sockets way and should be socket-activated by systemd, although can
in theory be also ran explicitly.

The KCM server only builds if the configuration option "--with-kcm" is
enabled. It is packaged in a new subpackage sssd-kcm in order to allow
distributions to enable the KCM credential caches by installing this
subpackage only, without the rest of the SSSD. The sssd-kcm subpackage
also includes a krb5.conf.d snippet that allows the admin to just uncomment
the KCM defaults and instructs them to start the socket.

The server can be configured in sssd.conf in the "[kcm]" section.
By default, the server only listens on the same socket path the Heimdal
server uses, which is "/var/run/.heim_org.h5l.kcm-socket". This is,
however, configurable.

The file src/responder/kcm/kcm.h is more or less directly imported from
the MIT Kerberos tree, with an additional sentinel code and some
comments. Not all KCM operations are implemented, only those that also
the MIT client implements. That said, this KCM server should also be
usable with a Heimdal client, although no special testing was with this
hybrid.

The patch also adds several error codes that will be used in later
patches.

Related to:
    https://pagure.io/SSSD/sssd/issue/2887

Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
BUILD: Detect libcurl during configure 2017-03-14T12:31:47+00:00 Jakub Hrozek jhrozek@redhat.com 2017-01-12T12:00:21+00:00 321ca28277cbf9882769537fd4c0dfaea224c86e Currently libcurl is optional and if not present, just silently skipped. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Currently libcurl is optional and if not present, just silently skipped.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
UTIL: Add a generic inotify module 2017-02-15T13:51:36+00:00 Jakub Hrozek jhrozek@redhat.com 2016-05-27T16:19:59+00:00 8cfb42e1985550e99585d311f68087d414932806 Adds a reusable module for watching files using the Linux-specific inotify(7) interface. Adds the possibility to watch the file's parent directory as well to make it possible to watch moves into the directory and allow watching file that doesn't exist at the time the watch is created. This interface is needed to implement the files provider, so this commit is related to: https://fedorahosted.org/sssd/ticket/2228 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Adds a reusable module for watching files using the Linux-specific
inotify(7) interface. Adds the possibility to watch the file's parent
directory as well to make it possible to watch moves into the directory
and allow watching file that doesn't exist at the time the watch is
created.

This interface is needed to implement the files provider, so this commit
is related to:
    https://fedorahosted.org/sssd/ticket/2228

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
BUILD: Find a host-prefixed krb5-config when cross-compiling 2016-12-16T11:06:02+00:00 David Michael david.michael@coreos.com 2016-12-14T23:08:28+00:00 baadb6080be0ec5cee2e351c3d5324d755f86f9c Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>