summaryrefslogtreecommitdiffstats
path: root/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* AD: async request to retrieve master domain infoJakub Hrozek2013-09-181-0/+3
| | | | Adds a reusable async request to download the master domain info.
* Add journald supportJakub Hrozek2013-09-181-0/+6
|
* util: add sss_idmap_talloc[_free]Pavel Březina2013-09-171-1/+3
| | | | Remove code duplication.
* util: Use systemd-login to check user sessionsSimo Sorce2013-09-161-5/+24
| | | | | | | | | | | | | Use systemd-lgin in preference to check if the user is logged in or not. Fall back to the old method if no systemd-login support is available at compile time or if it returns a fatal error, and can't determine the status of the user on its own. This will allow to consider a user really active (in order to reuse or refresh crdentials) only if it really is logged into the system, and not just if one of the user's processes is stuck around. Resolves: https://fedorahosted.org/sssd/ticket/2084
* Adding new header for printf formating macrosLukas Slebodnik2013-09-111-0/+1
|
* krb5: Use krb5_cc_destroy to remove old ccachesSimo Sorce2013-09-091-0/+2
| | | | | | | | | This completely replaces the per-ccache-type custom code to remove old cacches and instead uses libkrb5 base doperations (krb5_cc_destroy) and operating as the user owner. Resolves: https://fedorahosted.org/sssd/ticket/2061
* tests: Add dlopen test to make sure modules worksSimo Sorce2013-09-091-0/+31
| | | | | This tests dlopens and resolves all symbols to make sure there are no missing symbols in our provider modules.
* AUTOTOOLS: More robust detection of inotify.Lukas Slebodnik2013-09-091-0/+1
| | | | | | | | | We checked only header file "sys/inotify" for detection whether inotify works. Some platforms do not have built in inotify, but contain library, which provides inotify-compatible interface. This patch adds more robust detection of inotify in configuration time and appends linker flags to Makefile if inotify is provided by library.
* AUTOMAKE: Use portable way to link with gettextLukas Slebodnik2013-09-091-1/+4
| | | | | | | | | | | | Function gettext needn't be included in libc, it can be part of another library. Autotools macro AM_GNU_GETTEXT generate makefile variables (LIBINTL, LTLIBINTL), which contain necessary linker flags. checking for GNU gettext in libc... no checking for iconv... yes checking for GNU gettext in libintl... yes checking whether to use NLS... yes checking where the gettext function comes from... external libintl
* AUTOMAKE: Use portable way to link with dlopenLukas Slebodnik2013-09-091-2/+2
|
* Makefile: Fix sssd_be targetsSimo Sorce2013-09-091-2/+2
| | | | The $(PAM_LIBS) variable should be added to LDADD not LDFLAGS
* AUTOMAKE: Add missing escaped newlineLukas Slebodnik2013-09-021-1/+1
|
* UTIL: Create new wraper header file sss_endian.hLukas Slebodnik2013-08-281-0/+1
| | | | | | Some platform have header file endian.h and anothers have sys/endian.h. We nedd to use conditional build to handle it correctly, therefore new header file sss_endian.h was created.
* LDAP: Move the ldap enum request to its own reusable moduleJakub Hrozek2013-08-281-0/+2
| | | | | | | | | | | The LDAP enumeration was too closely tied to the LDAP identity provider. Because some providers might need special handling such as refresh the master domain record before proceeding with the enumeration itself, this patch splits the request itself to a separate async request and lets the ldap_id_enum.c module only configure this new request. Also move the enum timestamp to sdap_domain to make the enum tracking per sdap domain. The cleanup timestamp will be moved in another patch.
* ipa-server-mode: add IPA group memberships to AD usersSumit Bose2013-08-281-0/+1
| | | | | | | | | | | | | | | | When IPA trusts an AD domain the AD user or groups can be placed into IPA groups e.g. to put AD users under the control of HBAC. Since IPA group can only have members from the IPA directory tree and the AD users and groups are not stored there a special IPA object called external group was introduced. SIDs of users and groups can be added to the external group and since the external groups are in the IPA directory tree they can be member of IPA groups. To speed things up and to remove some load from the IPA servers SSSD reads all external groups and stores them in memory for some time before rereading the data. Enhances https://fedorahosted.org/sssd/ticket/1962
* BUILD: Remove unnecessary patch and configure optsSimo Sorce2013-08-281-2/+0
| | | | | | | | | Now that we use the libkrb5 defaults for the default ccname template we do not need the patch that changes the man pages defaults nor the configure options to change sssd defaults anymore. Related: https://fedorahosted.org/sssd/ticket/2036
* BUILD: Ignore translations when building RPMsStephen Gallagher2013-08-271-0/+6
| | | | | | | When we're running 'make rpms' for development purposes, the nested call to 'make distdir' ends up forcing an update of the translation pot files. With this patch, we'll automatically ignore them during (S)RPM actions.
* add simple access provider init testPavel Březina2013-08-071-0/+1
|
* Add script make_srpm.sh to dist tarball.Lukas Slebodnik2013-08-071-0/+1
|
* build: fix dependencies for pysss moduleAlexander Bokovoy2013-07-221-0/+1
| | | | https://fedorahosted.org/sssd/ticket/2025
* AD: Set the bool value same as default value in optsJakub Hrozek2013-07-191-0/+1
| | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2023 When the option values are copied using dp_opt_copy_map, the .val member is used if it's not NULL. At the same time, the bool options are never NULL, unlike integers or strings that can have special NULL-like values such as NULL_STRING. This effectively means that when copying a bool option, the .val member is always used. But in the AD maps, some .val fields were set differently from the .def_val fields. The effect was that when the AD subdomain provider was initialized from IPA subdomain provider using only the defaults, some options (notably referral chasing) were set to a value that didn't make sense for the AD provider. This patch makes sure that for all boolean option, the .val is always the same as .def_val.
* IPA: Initialize server mode ctx if server mode is onJakub Hrozek2013-06-281-0/+7
| | | | | | | | | | This patch introduces a new structure that holds information about a subdomain and its ad_id_ctx. This structure will be used only in server mode to make it possible to search subdomains with a particular ad_id_ctx. Subtask of: https://fedorahosted.org/sssd/ticket/1962
* Add ipa_idmap_init()Sumit Bose2013-06-281-0/+1
| | | | | | Use the sdap_idmap context for the IPA provider as well. https://fedorahosted.org/sssd/ticket/1961
* Add cmocka based tests for libsss_idmapSumit Bose2013-06-281-1/+13
| | | | | This patch implements some unit tests for the recent enhancements to libsss_idmap.
* Change order of libraries in linking process.Lukas Slebodnik2013-06-121-2/+2
| | | | | It seems that some linkers have problem with wrong order of libraries. This commit only change order.
* providers: refresh expired netgroupsPavel Březina2013-06-101-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1713
* back end: add refresh expired records periodic taskPavel Březina2013-06-101-0/+2
| | | | | | https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
* back end: periodical refresh of expired records APIPavel Březina2013-06-101-0/+2
| | | | https://fedorahosted.org/sssd/ticket/1713
* back end: periodic task APIPavel Březina2013-06-101-0/+2
| | | | https://fedorahosted.org/sssd/ticket/1891
* rpm: Fold libsss_sudo and libsss_autofs back into the main SSSD packageJakub Hrozek2013-06-071-5/+1
| | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1845 libsss_sudo and libsss_autofs are separate packages that contain just a single client library with no additional dependencies. This separation comes from the F-17 timeframe where the feature was really just a tech preview so we didn't want it to be packaged in sssd proper. On the other hand users are getting regularly confused about "sudo not working" when all they really miss is the single library. This patch moves the files owned by the libsss_autofs and libsss_sudo packages back to the main sssd package. We also no longer build the libsss_sudo documentation by default and do not ship the header file as it was just a private one.
* Move domain_to_basedn outside IPA subtreeJakub Hrozek2013-06-071-2/+1
| | | | | The utility function will be reused to guess search base from the base DN of AD trusted domains.
* Enhance PAC responder for AD usersSumit Bose2013-06-061-21/+0
| | | | | | | | | | | This patch modifies the PAC responder so that it can be used with the AD provider as well. The main difference is that the POSIX UIDs and GIDs are now lookup up with the help of the SID instead of being calculated algorithmically. This was necessary because the AD provider allows either algorithmic mapping or reading the value from attributes stored in AD. Fixes https://fedorahosted.org/sssd/ticket/1558
* Fix compilation with disabled link_all_deplibs.Lukas Slebodnik2013-05-301-75/+69
| | | | | | | | | | | | | | | | | | | | From the Debian patch: ># Do not link against deplibs. This is not needed for shared libs ># on at least ELF systems since those already know which libs they ># need themself. This seems to break a few things and will be fixed ># in a better way in a future upstream version. Overlinking has several issues. An obvious one is performance on startup, a more serious is if one of the lib deps changes soname of something it links against, and you could load two versions to the memory at the same time.. This patch changes dependencies among libsss_util and libsss_child, libsss_crypt, libsss_debug. Library libsss_util no longer depends on any internal library. Each program, which was linked with libsss_util, now directly link necessary libraries (libsss_child, libsss_crypt, libsss_debug) https://fedorahosted.org/sssd/ticket/1928
* tests: Link fqnames_tests with libsss_test_common.laJakub Hrozek2013-05-301-0/+1
|
* Allow flat name in the FQname formatJakub Hrozek2013-05-301-1/+12
| | | | | | | https://fedorahosted.org/sssd/ticket/1648 Adds another expansion in the printf format that allows the user to use the domain flat name in the format.
* Making order in tests.Lukas Slebodnik2013-05-301-20/+14
| | | | | | | | | --removed duplicated test-io --reusing library libsss_test_common in other tests --cmocka test sss_nss_idmap-tests was moved to cmocka dir --moved leak_check.c to libsss_test_common --moved common_tev.c,common_dom.c to libsss_test_common (leak_check.c,common_tev.c,common_dom.c) are test framework independent
* Remove old hash support from example specStephen Gallagher2013-05-231-1/+0
| | | | | | SSSD 1.10 and later will no longer support RHEL 5, so we should be using the native hash algorithm on the newer versions of RPM by default.
* Check NSCD configuration fileOndrej Kos2013-05-211-1/+2
| | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1785 nscd.conf file is now checked for the presence of caching settings for databases controlled by SSSD. Syslog warning is now written only if NSCD is running with interfering configuration or if configuration file couldn't be loaded. New configure option added to support non-standard locations --with-nscd-conf=PATH (defaultly set to /etc/nscd.conf) This is just a workaround until the following bugzilla is resolved: https://bugzilla.redhat.com/show_bug.cgi?id=963908
* Move nscd.c from tools to utilOndrej Kos2013-05-211-1/+1
| | | | | | Preparation for the following patch which will include the nscd.c in the monitor code due to newly introduced function for checking the nscd configuration file.
* Rename SAFEALIGN macros.Michal Zidek2013-05-141-0/+1
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1772 SAFEALIGN macros have been renamed in this patch to make it easy to pick the right macro when data is copied from byte buffer to a variable or vice versa. The renamed macros are placed in new header file to avoid code duplication (the old ones were defined in two files, one for the client code and one for the rest of sssd).
* AD: read flat name and SID of the AD domainSumit Bose2013-05-071-0/+2
| | | | | | | | | | | | | | | For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468
* Active Directory dynamic DNS updatesJakub Hrozek2013-05-031-0/+1
| | | | | | | | https://fedorahosted.org/sssd/ticket/1504 Implements dynamic DNS updates for the AD provider. By default, the updates also update the reverse zone and run periodically every 24 hours.
* dyndns: new option dyndns_refresh_intervalJakub Hrozek2013-05-031-0/+3
| | | | | | | This new options adds the possibility of updating the DNS entries periodically regardless if they have changed or not. This feature will be useful mainly in AD environments where the Windows clients periodically update their DNS records.
* Convert IPA-specific options to be back-end agnosticJakub Hrozek2013-05-031-1/+2
| | | | | | This patch introduces new options for dynamic DNS updates that are not specific to any back end. The current ipa dyndns options are still usable, just with a deprecation warning.
* Refactor dynamic DNS updatesJakub Hrozek2013-05-031-3/+27
| | | | | | | | | | | | Provides two new layers instead of the previous IPA specific layer: 1) dp_dyndns.c -- a very generic dyndns layer on the DP level. Its purpose it to make it possible for any back end to use dynamic DNS updates. 2) sdap_dyndns.c -- a wrapper around dp_dyndns.c that utilizes some LDAP-specific features like autodetecting the address from the LDAP connection. Also converts the dyndns code to new specific error codes.
* Add python interface to libsss_nss_idmapSumit Bose2013-05-031-1/+14
| | | | | | | | | | To allow to use libsss_nss_idmap from python applications, e.g. the FreeIPA server, the patch adds pythin bindings to libsss_nss_idmap. The contributed spec file will place the python bindings in a new package called libsss_nss_idmap-python. Alexander Bokovoy <abokovoy@redhat.com> kindly provided the code to check the type of the python objects and loop over the list entries.
* Add client library for SID related lookupsSumit Bose2013-05-031-4/+24
| | | | | | | | | | | | This patch add a library for client side lookups for a SID or with a SID through the calls: - sss_nss_getsidbyname - sss_nss_getsidbyid - sss_nss_getnamebysid - sss_nss_getidbysid The library is called libsss_nss_idmap and the contributed spec file will create two new packages libsss_nss_idmap and libsss_nss_idmap-devel.
* Add SID related calls to the NSS responderSumit Bose2013-05-031-0/+1
| | | | | | | | | | The patch adds 4 new calls to the NSS responder: - SSS_NSS_GETSIDBYNAME - SSS_NSS_GETSIDBYID - SSS_NSS_GETNAMEBYSID - SSS_NSS_GETIDBYSID to either return the SIDs of the requested object or map the SID to the name or the POSIX ID of the related object.
* SUDO: IPA providerLukas Slebodnik2013-05-031-0/+5
| | | | | | This patch added auto configuration SUDO with ipa provider and compat tree. https://fedorahosted.org/sssd/ticket/1733
* Fix segmentation fault in test_io.Abhishek Singh2013-05-021-1/+2
| | | | | tests_set_cwd is used and relativepath calculation method is changed and is made general based on basedir.