summaryrefslogtreecommitdiff
path: root/Makefile.am
AgeCommit message (Collapse)AuthorFilesLines
2012-12-04link sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy with -lpthreadTimo Aaltonen1-0/+2
There used to be an overlinked dependency that's gone now, so to fix a build error add CLIENT_LIBS to sss_ssh_knownhostsproxy_LDFLAGS. v2: Fix sss_ssh_authorizedkeys linking as well.
2012-12-02avoid versioning libsss_sudoPavel Březina1-3/+4
2012-11-12Include the auth_utils.h header in the distributionJakub Hrozek1-0/+1
2012-11-06util: Added new file util_lock.cMichal Zidek1-1/+2
2012-10-26krb5_child: send PAC to PAC responderSumit Bose1-2/+4
If the authenticated user comes from a different realm the service ticket which was returned during the validation of the TGT is used to extract the PAC which is send to the pac responder for evaluation.
2012-10-12Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudoJakub Hrozek1-1/+0
2012-10-01BUILD: Include the patch file in the tarballStephen Gallagher1-0/+1
2012-09-04Adding -std=gnu99 flag.Michal Zidek1-1/+2
2012-08-28RPM: Switch the default ccache locationJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1500
2012-08-27Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the clientJakub Hrozek1-1/+11
https://fedorahosted.org/sssd/ticket/1460
2012-08-23Clean up cache on server reinitializationPavel Březina1-0/+1
https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
2012-08-15Add python bindings for murmurhash3Sumit Bose1-3/+18
2012-08-03tests: build sysdb ssh tests conditionallyPavel Březina1-1/+4
2012-08-01Create a domain-realm mapping for krb5.conf to be includedJakub Hrozek1-0/+1
When new subdomains are discovered, the SSSD creates a file that includes the domain-realm mappings. This file can in turn be included in the krb5.conf using the includedir directive, such as: includedir /var/lib/sss/pubconf/realm_mappings
2012-08-01First-boot sss_seed toolNick Guay1-1/+9
2012-08-01Added unit test for sysdb_ssh.cMichal Zidek1-0/+14
2012-07-27Write SELinux config files in responder instead of PAM moduleJan Zeleny1-1/+1
2012-07-27tests: allow changing cwd in all testsPavel Březina1-1/+4
2012-07-27Renamed session provider to selinux providerJan Zeleny1-2/+2
2012-07-10pac responder: limit access by checking UIDsSumit Bose1-1/+16
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
2012-07-06AD: Add manpages and SSSDConfig entriesStephen Gallagher1-0/+1
2012-07-06AD: Add AD access-control providerStephen Gallagher1-0/+2
This patch adds support for checking whether a user is expired or disabled in AD.
2012-07-06AD: Add AD identity providerStephen Gallagher1-0/+42
This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.
2012-07-06KRB5: Create a common init routine for krb5_child optionsStephen Gallagher1-1/+3
This will reduce code duplication between the krb5, ipa and ad providers
2012-06-29sudo ldap provider: load host filter configuration on initPavel Březina1-0/+1
We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
2012-06-29sudo ldap provider: add new timer APIPavel Březina1-0/+1
2012-06-29sudo provider: remove old timerPavel Březina1-2/+0
2012-06-29sudo ldap provider: move async routines to sdap_async_sudo.cPavel Březina1-0/+1
2012-06-29sudo responder: discard in-memory cachePavel Březina1-1/+0
2012-06-29libsss_sudo: bump version to 2:0:1Pavel Březina1-1/+1
2012-06-25Build pac responder tests only if pac responder is buildSumit Bose1-2/+6
2012-06-21Add support for ID rangesSumit Bose1-0/+1
2012-06-21PAC client: add krb5 authdata pluginSumit Bose1-0/+21
2012-06-21PAC responder: test suiteJan Zeleny1-1/+18
2012-06-21PAC responder: add some utility functionsJan Zeleny1-0/+1
2012-06-21PAC responder: add basic infrastructureSumit Bose1-0/+21
This adds only the basic outline of the PAC responder, it won't support any operations, it will just start and initialize itself.
2012-06-14Add a credential cache back end structureJakub Hrozek1-0/+3
To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
2012-06-14Add a krb5_child test toolJakub Hrozek1-0/+24
https://fedorahosted.org/sssd/ticket/1127
2012-06-13LDAP: Add support for AD chain matching extension in initgroupsStephen Gallagher1-0/+1
2012-06-13LDAP: Add support for AD chain matching extension in group lookupsStephen Gallagher1-0/+1
2012-05-31SSSDConfig: Make default config and schema file locations configurableStephen Gallagher1-5/+27
https://fedorahosted.org/sssd/ticket/1008
2012-05-31SSSDConfig: Make SSSDConfig a packageStephen Gallagher1-3/+3
We were polluting the primary Python space with several dependencies. We will now install them their own directory/module.
2012-05-14Fix libsss_hbac library versionSumit Bose1-1/+1
2012-05-14Rename struct dom_sid to struct sss_dom_sidSumit Bose1-1/+1
To avoid conflicts with struct dom_sid used by samba the sss_ prefix is added to the struct used by libsss_idmap.
2012-05-11build: resolve link failureJan Engelhardt1-0/+1
libtool: link: gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -fno-strict-aliasing -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,--version-script -Wl,./src/providers/sssd_be.exports -o sssd_be src/providers/data_provider_be.o src/providers/data_provider_fo.o src/providers/data_provider_opts.o src/providers/data_provider_callbacks.o src/providers/fail_over.o src/resolv/async_resolv.o -Wl,--export-dynamic -lpam -lcares ./.libs/libsss_util.a -ltevent -ltalloc -lpopt -lldb -ldbus-1 -lpcre -lini_config -lcollection -ldhash -llber -lldap -ltdb -lunistring -lcrypto /usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: src/providers/data_provider_be.o: undefined reference to symbol 'dlsym@@GLIBC_2.2.5' /usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: note: 'dlsym@@GLIBC_2.2.5' is defined in DSO /lib64/libdl.so.2 so try adding it to the linker command line /lib64/libdl.so.2: could not read symbols: Invalid operation collect2: error: ld returned 1 exit status make[2]: *** [sssd_be] Error 1 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2012-05-10LDAP: Handle very large Active Directory groupsStephen Gallagher1-0/+2
Active Directory 2008R2 allows only 1500 group members to be retrieved in a single lookup. However, when we hit such a situation, we can take advantage of the ASQ lookups, which are not similarly limited. With this patch, we will add any members found by ASQ that were not found by the initial lookup so we will end with a complete group listing. https://fedorahosted.org/sssd/ticket/783
2012-05-03LDAP: Add helper routines for ID-mappingStephen Gallagher1-2/+6
2012-05-03SYSDB: Add sysdb routines for ID-mappingStephen Gallagher1-0/+1
2012-05-03SSH: Add dp_get_host_send to common responder codeJakub Hrozek1-0/+1
Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176
2012-05-01Allow different SID representations in libidmapSumit Bose1-2/+4
Besides as strings it is now possible to use binary SIDs or a struct containing all SID information. Functions to convert between these formats are added as well.