summaryrefslogtreecommitdiff
path: root/Makefile.am
AgeCommit message (Collapse)AuthorFilesLines
2013-08-07add simple access provider init testPavel Březina1-0/+1
2013-08-07Add script make_srpm.sh to dist tarball.Lukas Slebodnik1-0/+1
2013-07-22build: fix dependencies for pysss moduleAlexander Bokovoy1-0/+1
https://fedorahosted.org/sssd/ticket/2025
2013-07-19AD: Set the bool value same as default value in optsJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/2023 When the option values are copied using dp_opt_copy_map, the .val member is used if it's not NULL. At the same time, the bool options are never NULL, unlike integers or strings that can have special NULL-like values such as NULL_STRING. This effectively means that when copying a bool option, the .val member is always used. But in the AD maps, some .val fields were set differently from the .def_val fields. The effect was that when the AD subdomain provider was initialized from IPA subdomain provider using only the defaults, some options (notably referral chasing) were set to a value that didn't make sense for the AD provider. This patch makes sure that for all boolean option, the .val is always the same as .def_val.
2013-06-28IPA: Initialize server mode ctx if server mode is onJakub Hrozek1-0/+7
This patch introduces a new structure that holds information about a subdomain and its ad_id_ctx. This structure will be used only in server mode to make it possible to search subdomains with a particular ad_id_ctx. Subtask of: https://fedorahosted.org/sssd/ticket/1962
2013-06-28Add ipa_idmap_init()Sumit Bose1-0/+1
Use the sdap_idmap context for the IPA provider as well. https://fedorahosted.org/sssd/ticket/1961
2013-06-28Add cmocka based tests for libsss_idmapSumit Bose1-1/+13
This patch implements some unit tests for the recent enhancements to libsss_idmap.
2013-06-12Change order of libraries in linking process.Lukas Slebodnik1-2/+2
It seems that some linkers have problem with wrong order of libraries. This commit only change order.
2013-06-10providers: refresh expired netgroupsPavel Březina1-0/+1
https://fedorahosted.org/sssd/ticket/1713
2013-06-10back end: add refresh expired records periodic taskPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
2013-06-10back end: periodical refresh of expired records APIPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/1713
2013-06-10back end: periodic task APIPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/1891
2013-06-07rpm: Fold libsss_sudo and libsss_autofs back into the main SSSD packageJakub Hrozek1-5/+1
https://fedorahosted.org/sssd/ticket/1845 libsss_sudo and libsss_autofs are separate packages that contain just a single client library with no additional dependencies. This separation comes from the F-17 timeframe where the feature was really just a tech preview so we didn't want it to be packaged in sssd proper. On the other hand users are getting regularly confused about "sudo not working" when all they really miss is the single library. This patch moves the files owned by the libsss_autofs and libsss_sudo packages back to the main sssd package. We also no longer build the libsss_sudo documentation by default and do not ship the header file as it was just a private one.
2013-06-07Move domain_to_basedn outside IPA subtreeJakub Hrozek1-2/+1
The utility function will be reused to guess search base from the base DN of AD trusted domains.
2013-06-06Enhance PAC responder for AD usersSumit Bose1-21/+0
This patch modifies the PAC responder so that it can be used with the AD provider as well. The main difference is that the POSIX UIDs and GIDs are now lookup up with the help of the SID instead of being calculated algorithmically. This was necessary because the AD provider allows either algorithmic mapping or reading the value from attributes stored in AD. Fixes https://fedorahosted.org/sssd/ticket/1558
2013-05-30Fix compilation with disabled link_all_deplibs.Lukas Slebodnik1-75/+69
From the Debian patch: ># Do not link against deplibs. This is not needed for shared libs ># on at least ELF systems since those already know which libs they ># need themself. This seems to break a few things and will be fixed ># in a better way in a future upstream version. Overlinking has several issues. An obvious one is performance on startup, a more serious is if one of the lib deps changes soname of something it links against, and you could load two versions to the memory at the same time.. This patch changes dependencies among libsss_util and libsss_child, libsss_crypt, libsss_debug. Library libsss_util no longer depends on any internal library. Each program, which was linked with libsss_util, now directly link necessary libraries (libsss_child, libsss_crypt, libsss_debug) https://fedorahosted.org/sssd/ticket/1928
2013-05-30tests: Link fqnames_tests with libsss_test_common.laJakub Hrozek1-0/+1
2013-05-30Allow flat name in the FQname formatJakub Hrozek1-1/+12
https://fedorahosted.org/sssd/ticket/1648 Adds another expansion in the printf format that allows the user to use the domain flat name in the format.
2013-05-30Making order in tests.Lukas Slebodnik1-20/+14
--removed duplicated test-io --reusing library libsss_test_common in other tests --cmocka test sss_nss_idmap-tests was moved to cmocka dir --moved leak_check.c to libsss_test_common --moved common_tev.c,common_dom.c to libsss_test_common (leak_check.c,common_tev.c,common_dom.c) are test framework independent
2013-05-23Remove old hash support from example specStephen Gallagher1-1/+0
SSSD 1.10 and later will no longer support RHEL 5, so we should be using the native hash algorithm on the newer versions of RPM by default.
2013-05-21Check NSCD configuration fileOndrej Kos1-1/+2
https://fedorahosted.org/sssd/ticket/1785 nscd.conf file is now checked for the presence of caching settings for databases controlled by SSSD. Syslog warning is now written only if NSCD is running with interfering configuration or if configuration file couldn't be loaded. New configure option added to support non-standard locations --with-nscd-conf=PATH (defaultly set to /etc/nscd.conf) This is just a workaround until the following bugzilla is resolved: https://bugzilla.redhat.com/show_bug.cgi?id=963908
2013-05-21Move nscd.c from tools to utilOndrej Kos1-1/+1
Preparation for the following patch which will include the nscd.c in the monitor code due to newly introduced function for checking the nscd configuration file.
2013-05-14Rename SAFEALIGN macros.Michal Zidek1-0/+1
https://fedorahosted.org/sssd/ticket/1772 SAFEALIGN macros have been renamed in this patch to make it easy to pick the right macro when data is copied from byte buffer to a variable or vice versa. The renamed macros are placed in new header file to avoid code duplication (the old ones were defined in two files, one for the client code and one for the rest of sssd).
2013-05-07AD: read flat name and SID of the AD domainSumit Bose1-0/+2
For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468
2013-05-03Active Directory dynamic DNS updatesJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1504 Implements dynamic DNS updates for the AD provider. By default, the updates also update the reverse zone and run periodically every 24 hours.
2013-05-03dyndns: new option dyndns_refresh_intervalJakub Hrozek1-0/+3
This new options adds the possibility of updating the DNS entries periodically regardless if they have changed or not. This feature will be useful mainly in AD environments where the Windows clients periodically update their DNS records.
2013-05-03Convert IPA-specific options to be back-end agnosticJakub Hrozek1-1/+2
This patch introduces new options for dynamic DNS updates that are not specific to any back end. The current ipa dyndns options are still usable, just with a deprecation warning.
2013-05-03Refactor dynamic DNS updatesJakub Hrozek1-3/+27
Provides two new layers instead of the previous IPA specific layer: 1) dp_dyndns.c -- a very generic dyndns layer on the DP level. Its purpose it to make it possible for any back end to use dynamic DNS updates. 2) sdap_dyndns.c -- a wrapper around dp_dyndns.c that utilizes some LDAP-specific features like autodetecting the address from the LDAP connection. Also converts the dyndns code to new specific error codes.
2013-05-03Add python interface to libsss_nss_idmapSumit Bose1-1/+14
To allow to use libsss_nss_idmap from python applications, e.g. the FreeIPA server, the patch adds pythin bindings to libsss_nss_idmap. The contributed spec file will place the python bindings in a new package called libsss_nss_idmap-python. Alexander Bokovoy <abokovoy@redhat.com> kindly provided the code to check the type of the python objects and loop over the list entries.
2013-05-03Add client library for SID related lookupsSumit Bose1-4/+24
This patch add a library for client side lookups for a SID or with a SID through the calls: - sss_nss_getsidbyname - sss_nss_getsidbyid - sss_nss_getnamebysid - sss_nss_getidbysid The library is called libsss_nss_idmap and the contributed spec file will create two new packages libsss_nss_idmap and libsss_nss_idmap-devel.
2013-05-03Add SID related calls to the NSS responderSumit Bose1-0/+1
The patch adds 4 new calls to the NSS responder: - SSS_NSS_GETSIDBYNAME - SSS_NSS_GETSIDBYID - SSS_NSS_GETNAMEBYSID - SSS_NSS_GETIDBYSID to either return the SIDs of the requested object or map the SID to the name or the POSIX ID of the related object.
2013-05-03SUDO: IPA providerLukas Slebodnik1-0/+5
This patch added auto configuration SUDO with ipa provider and compat tree. https://fedorahosted.org/sssd/ticket/1733
2013-05-02Fix segmentation fault in test_io.Abhishek Singh1-1/+2
tests_set_cwd is used and relativepath calculation method is changed and is made general based on basedir.
2013-05-02Add idmap context to nss contextSumit Bose1-0/+1
This allows the nss responder to use libsss_idmap to convert between different SID representations.
2013-05-02DNS sites support - add AD SRV pluginPavel Březina1-1/+5
https://fedorahosted.org/sssd/ticket/1032
2013-04-29libsss_idmap: function to calculate rangeMichal Zidek1-2/+3
Calculation of range for domains is moved from sdap_idmap code to sss_idmap code. Some refactoring have been done to allow this move. https://fedorahosted.org/sssd/ticket/1844
2013-04-26DB: Switch to new libini_config APIOndrej Kos1-0/+2
https://fedorahosted.org/sssd/ticket/1786 Since we need to support the old interface as well, the configure scritp is modified and correct ini interface is chosen.
2013-04-22tests: Link the simple access tests with -ldlJakub Hrozek1-0/+1
In SSSD, we use dlopen() and dlsym() in two files src/providers/data_provider_be.c and src/providers/proxy/proxy_init.c. Hence we should explicitly link with -ldl also in simple_access-tests. SSSD can be compiled with two crypto libraries nss or libcrypto. NSS has dependency nspr which depends on "libdl and libpthread" This is a reason why compilation of test did not fail even if -ldl was not explicitly added to simple_access_tests_LDADD. But libcrypto doesn't depend on libdl, so in this case compilation of tests will not be successful. Upstream nspr 4.9 has two ways have to obtain metainformation about libraries pkg-config and own script nspr-config. First one doesn't list "-ldl" "-lpthread" but second one lists both "-ldl" "-lpthread" That's also why the Ubuntu maintainer found this bug -- Fedora has got patched version of nspr, but Debian (Ubuntu) doesn't
2013-04-17Make leak checks usable in tests that do not utilize checkJakub Hrozek1-1/+3
* Remove check-specific failure reporting from common_check.c * Check-specific abstraction over memleak checks * Rename common_check.c to leak_check.c
2013-04-10DNS sites support - add IPA SRV pluginPavel Březina1-0/+2
https://fedorahosted.org/sssd/ticket/1032
2013-04-10DNS sites support - SRV DNS lookup pluginPavel Březina1-0/+1
https://fedorahosted.org/sssd/ticket/1032 This plugin mimics the current behaviour. If discovery_domain is set it is the only domain that is tried. If discovery_domain is not set, we try to autodetect domain first and if that fails or SRV lookup on this domain fails, we fallback to SSSD domain name.
2013-04-10DNS sites support - SRV lookup plugin interfacePavel Březina1-0/+1
https://fedorahosted.org/sssd/ticket/1032 Introduces two new error codes: - ERR_SRV_NOT_FOUND - ERR_SRV_LOOKUP_ERROR Since id_provider is authoritative in case of SRV plugin choise, ability to override the selected pluging during runtime is not desirable. We rely on the fact that id_provider is initialized before all other providers, thus the plugin is set correctly.
2013-04-10resolv: add resolv_get_domain request to resolv utilsPavel Březina1-1/+2
2013-04-10cmocka unittest for io addedAbhishek Singh1-1/+10
2013-04-10cmocka unittest for find_uid addedAbhishek Singh1-1/+20
2013-04-03Init failover with be_res optionsJakub Hrozek1-0/+1
2013-04-02refactor nested group processing: replace old codePavel Březina1-0/+1
https://fedorahosted.org/sssd/ticket/1784
2013-03-20BUILD: Always run distcheck and RPM tests in /dev/shmStephen Gallagher1-1/+7
Some of the tests (such as the sysdb tests) are highly I/O limited. By running them on a ramdisk, we can significantly speed up the test runs when doing a distcheck or RPM build. https://fedorahosted.org/sssd/ticket/1840
2013-03-20ldap: Fallback option for rfc2307 schemaSimo Sorce1-0/+1
Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
2013-03-19Resolve GIDs in the simple access providerJakub Hrozek1-4/+11
Changes the simple access provider's interface to be asynchronous. When the simple access provider encounters a group that has gid, but no meaningful name, it attempts to resolve the name using the be_file_account_request function. Some providers (like the AD provider) might perform initgroups without resolving the group names. In order for the simple access provider to work correctly, we need to resolve the groups before performing the access check. In AD provider, the situation is even more tricky b/c the groups HAVE name, but their name attribute is set to SID and they are set as non-POSIX