summaryrefslogtreecommitdiff
path: root/Makefile.am
AgeCommit message (Collapse)AuthorFilesLines
2013-03-20BUILD: Always run distcheck and RPM tests in /dev/shmStephen Gallagher1-1/+7
Some of the tests (such as the sysdb tests) are highly I/O limited. By running them on a ramdisk, we can significantly speed up the test runs when doing a distcheck or RPM build. https://fedorahosted.org/sssd/ticket/1840
2013-03-20ldap: Fallback option for rfc2307 schemaSimo Sorce1-0/+1
Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
2013-03-19Resolve GIDs in the simple access providerJakub Hrozek1-4/+11
Changes the simple access provider's interface to be asynchronous. When the simple access provider encounters a group that has gid, but no meaningful name, it attempts to resolve the name using the be_file_account_request function. Some providers (like the AD provider) might perform initgroups without resolving the group names. In order for the simple access provider to work correctly, we need to resolve the groups before performing the access check. In AD provider, the situation is even more tricky b/c the groups HAVE name, but their name attribute is set to SID and they are set as non-POSIX
2013-03-18Fix sss_client breakage.Lukas Slebodnik1-0/+2
Adding missing dependencies for linker. Missing dependency was introduced by commit 22d381367c27910fe82f476a76b9f4ede555e35a in changed file src/sss_client/nss_mc_common.c All function declaration for io.c was moved from util.h to separate file io.h, https://fedorahosted.org/sssd/ticket/1838
2013-03-13Removing unused header file providers.hLukas Slebodnik1-1/+0
Header file "providers.h" is not included in any other file and function "dp_process_init" declared in this header file has no implementation. Header file protos.h is not also included in any other file and even hole content is commented out.
2013-03-13Reuse sss_open_cloexec at other places in code.Lukas Slebodnik1-2/+4
Functions open_cloexec and openat_cloexec were renamed with prefix "sss_" and moved to separete file. Replacing duplicated code of function sss_open_cloexec everywhere in the source code. https://fedorahosted.org/sssd/ticket/1794
2013-03-13BUILD: Fix up whitespace in Makefile.amStephen Gallagher1-11/+13
2013-03-11BUILD: Fix cmocka detectionStephen Gallagher1-0/+2
We were not properly detecting that cmocka was unavailable. It was expecting an empty value and getting "no" instead. This patch corrects the expectation, so we will now skip building and running cmocka tests on platforms that do not have it available. Also, we were missing the cmocka header files in the distribution tarball, so 'make distcheck' was failing.
2013-03-08CMocka based test for the NSS responderJakub Hrozek1-0/+43
2013-03-07BUILD: Include build aliases in the tarballStephen Gallagher1-0/+1
2013-03-04Add SSSD specific error codes and definitionsSimo Sorce1-1/+3
This code adds a new range of error codes specific to SSSD, It also provides helper functions to print out error defintions like you can do with system error messages and the strerror() function. The sss_strerror() function can accept both the new sssd errors and system errno_t errors falling back to the system strerror() if the error code provide is not a valid SSSD error code.
2013-03-01BUILD: Build shared components as an internal shared libraryStephen Gallagher1-6/+19
There is a large amount of duplicated code being linked into multiple SSSD binaries. Instead of statically linking this code throughout the SSSD, we should instead create private shared libraries for them and drop this code on the system only once.
2013-02-04Don't use srcdir with testsJakub Hrozek1-3/+3
Fixes build with automake 1.13 or newer.
2013-01-21Introduce be_req_terminate() helperSimo Sorce1-1/+0
Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
2013-01-21Split simple_access_check function outSimo Sorce1-1/+2
Need to split out the function or new additions to the handler funtion will not allow simple access tests to compile anymore.
2013-01-21Move ldap provider access functionsSimo Sorce1-0/+1
It was confusing to see the ldap provider own handler mixed with the generic ldap access code used also by the ipa and ad providers. So move the ldap provider handler code in its own file.
2013-01-15TOOLS: Refresh memcache after changes to local users and groupsJakub Hrozek1-2/+8
2013-01-15TOOLS: Split querying nss responder into a separate functionJakub Hrozek1-6/+11
The tools query the responder in order to sync the memcache after performing changes to the local database. The functions will be reused by other tools so I split them into a separate functions.
2013-01-15TOOLS: move memcache related functions to tools_mc_utils.cJakub Hrozek1-0/+1
The upcoming patches will link only users of this file with client libs, so it's better to have it separate. There is no functional change in this patch
2013-01-10Change pam data auth tokens.Simo Sorce1-0/+2
Use the new authtok abstraction and interfaces throught the code.
2013-01-10Add authtok utility functions.Simo Sorce1-0/+2
These functions allow handling of auth tokens in a completely opaque way, with clear semantics and accessor fucntions that guarantee consistency, proper access to data and error conditions.
2013-01-08Add tests for get_gids_from_pac()Sumit Bose1-0/+1
2012-12-18Add responder_sbus.h to noinst_HEADERSJakub Hrozek1-0/+1
2012-12-13tools: sss_userdel and groupdel remove entries from memory cacheMichal Zidek1-0/+8
https://fedorahosted.org/sssd/ticket/1659
2012-12-04link sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy with -lpthreadTimo Aaltonen1-0/+2
There used to be an overlinked dependency that's gone now, so to fix a build error add CLIENT_LIBS to sss_ssh_knownhostsproxy_LDFLAGS. v2: Fix sss_ssh_authorizedkeys linking as well.
2012-12-02avoid versioning libsss_sudoPavel Březina1-3/+4
2012-11-12Include the auth_utils.h header in the distributionJakub Hrozek1-0/+1
2012-11-06util: Added new file util_lock.cMichal Zidek1-1/+2
2012-10-26krb5_child: send PAC to PAC responderSumit Bose1-2/+4
If the authenticated user comes from a different realm the service ticket which was returned during the validation of the TGT is used to extract the PAC which is send to the pac responder for evaluation.
2012-10-12Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudoJakub Hrozek1-1/+0
2012-10-01BUILD: Include the patch file in the tarballStephen Gallagher1-0/+1
2012-09-04Adding -std=gnu99 flag.Michal Zidek1-1/+2
2012-08-28RPM: Switch the default ccache locationJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1500
2012-08-27Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the clientJakub Hrozek1-1/+11
https://fedorahosted.org/sssd/ticket/1460
2012-08-23Clean up cache on server reinitializationPavel Březina1-0/+1
https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
2012-08-15Add python bindings for murmurhash3Sumit Bose1-3/+18
2012-08-03tests: build sysdb ssh tests conditionallyPavel Březina1-1/+4
2012-08-01Create a domain-realm mapping for krb5.conf to be includedJakub Hrozek1-0/+1
When new subdomains are discovered, the SSSD creates a file that includes the domain-realm mappings. This file can in turn be included in the krb5.conf using the includedir directive, such as: includedir /var/lib/sss/pubconf/realm_mappings
2012-08-01First-boot sss_seed toolNick Guay1-1/+9
2012-08-01Added unit test for sysdb_ssh.cMichal Zidek1-0/+14
2012-07-27Write SELinux config files in responder instead of PAM moduleJan Zeleny1-1/+1
2012-07-27tests: allow changing cwd in all testsPavel Březina1-1/+4
2012-07-27Renamed session provider to selinux providerJan Zeleny1-2/+2
2012-07-10pac responder: limit access by checking UIDsSumit Bose1-1/+16
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
2012-07-06AD: Add manpages and SSSDConfig entriesStephen Gallagher1-0/+1
2012-07-06AD: Add AD access-control providerStephen Gallagher1-0/+2
This patch adds support for checking whether a user is expired or disabled in AD.
2012-07-06AD: Add AD identity providerStephen Gallagher1-0/+42
This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.
2012-07-06KRB5: Create a common init routine for krb5_child optionsStephen Gallagher1-1/+3
This will reduce code duplication between the krb5, ipa and ad providers
2012-06-29sudo ldap provider: load host filter configuration on initPavel Březina1-0/+1
We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
2012-06-29sudo ldap provider: add new timer APIPavel Březina1-0/+1