Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Use systemd-lgin in preference to check if the user is logged in or not.
Fall back to the old method if no systemd-login support is available at compile
time or if it returns a fatal error, and can't determine the status of the user
on its own.
This will allow to consider a user really active (in order to reuse or refresh
crdentials) only if it really is logged into the system, and not just if one
of the user's processes is stuck around.
Resolves:
https://fedorahosted.org/sssd/ticket/2084
|
|
It was discovered that duplicating files in two subpackages is not
permitted by Fedora packaging guidelines[1]. This patch moves the PAC
responder to a new sssd-common-pac subpackage that both the sssd-ipa
and sssd-ad subpackages will require.
[1] https://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#DuplicateFiles
|
|
Now that we use the libkrb5 defaults for the default ccname template
we do not need the patch that changes the man pages defaults nor the
configure options to change sssd defaults anymore.
Related:
https://fedorahosted.org/sssd/ticket/2036
|
|
There was an inconsistency with how the warnings were specified and
how they were consumed by the macros. The result was that warnings were
hidden.
|
|
The NSS responder recently started using libsss_idmap in the getbysid
functions. The bug itself was spotted by one of our automated QA tools.
|
|
This will ensure that we aren't pulling in extra samba4
dependencies for the Kerberos provider.
|
|
The PAC responder is now used by both IPA and AD providers.
|
|
There are no longer any Fedora platforms running SSSD with SYSV
init scripts. We don't need the upgrade logic any more.
|
|
|
|
* Include localized pam_sss manpages in sssd-client
* Call ldconfig after libsss_nss_idmap is installed or removed
|
|
https://fedorahosted.org/sssd/ticket/1510
This patch splits the previously monolithic sssd package into sssd-common
that contains the deamon and the responders and per-provider packages
such as sssd-ldap or sssd-ipa.
This split would benefit two parties:
1) security auditors who are often trying to find the smallest package
set including dependencies needed for the package to function.
They would be able to i.e. install sssd-ldap and not bother
about sssd-ipa or sssd-ad pulling in more dependencies.
2) 3rd party programs such as realmd or authconfig
that would only be able to require or install on demand the
needed packages.
|
|
https://fedorahosted.org/sssd/ticket/1797
This patch adds the _hardened_build macro on platforms where it is
defined by the RPM. The macro amounts to compiling with cc
--spec=/usr/lib/rpm/redhat/redhat-hardened-cc1 and then linking with ld
--spec=/usr/lib/rpm/redhat/redhat-hardened-ld.
On Fedora 19, the gcc spec files contain -z now and fPIC or fPIE.
|
|
https://fedorahosted.org/sssd/ticket/1845
libsss_sudo and libsss_autofs are separate packages that contain just a
single client library with no additional dependencies. This separation
comes from the F-17 timeframe where the feature was really just a tech
preview so we didn't want it to be packaged in sssd proper. On the other
hand users are getting regularly confused about "sudo not working" when
all they really miss is the single library.
This patch moves the files owned by the libsss_autofs and libsss_sudo
packages back to the main sssd package. We also no longer build the
libsss_sudo documentation by default and do not ship the header file as
it was just a private one.
|
|
Recommended way to create SRPM is to run make (prerelease-)srpm.
But in previous case make file have to be generated, therefore
configure script should not fail. (all sssd required dependencies have to be
installed)
Script make_srpm.sh can be runned without running configure, script can be
runned only from git repository.
https://fedorahosted.org/sssd/ticket/1927
|
|
To allow to use libsss_nss_idmap from python applications, e.g. the
FreeIPA server, the patch adds pythin bindings to libsss_nss_idmap. The
contributed spec file will place the python bindings in a new package
called libsss_nss_idmap-python.
Alexander Bokovoy <abokovoy@redhat.com> kindly provided the code to
check the type of the python objects and loop over the list entries.
|
|
This patch add a library for client side lookups for a SID or with a
SID through the calls:
- sss_nss_getsidbyname
- sss_nss_getsidbyid
- sss_nss_getnamebysid
- sss_nss_getidbysid
The library is called libsss_nss_idmap and the contributed spec file
will create two new packages libsss_nss_idmap and
libsss_nss_idmap-devel.
|
|
Package sssd contains python files. Python files should be installed
in noarch package, therefore all python files from directory
src/config/SSSDConfig was moved to new noarch package python-sssdconfig.
https://fedorahosted.org/sssd/ticket/1839
|
|
https://fedorahosted.org/sssd/ticket/812
Update the monitor code to be using the new libnl3 API.
Changed configure option
--with-libnl
By default, it tries to build with libnl3, if not found, then with
libnl1, if this isn't found either, build proceeds without libnl, just
with warning.
Specifing --with-libnl=<libnl3|libnl1|no> checks for the specific given
version, if not found, configure ends with error.
|
|
Some of the tests (such as the sysdb tests) are highly I/O limited.
By running them on a ramdisk, we can significantly speed up the
test runs when doing a distcheck or RPM build.
https://fedorahosted.org/sssd/ticket/1840
|
|
|
|
|
|
|
|
There is a large amount of duplicated code being linked into multiple
SSSD binaries. Instead of statically linking this code throughout the
SSSD, we should instead create private shared libraries for them and
drop this code on the system only once.
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1437
|
|
https://fedorahosted.org/sssd/ticket/1481
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1487
|
|
Localized sssd_krb5_locator_plugin manpages were added into main
sssd package instead of client.
https://fedorahosted.org/sssd/ticket/1394
|
|
selinux-policy-targeted contains the /etc/selinux/targeted/logins
directory that is checked during build time to determine if the platform
supports SELinux user logins.
|
|
https://fedorahosted.org/sssd/ticket/1509
|
|
|
|
https://fedorahosted.org/sssd/ticket/1500
|
|
|
|
When new subdomains are discovered, the SSSD creates a file that
includes the domain-realm mappings. This file can in turn be included in
the krb5.conf using the includedir directive, such as:
includedir /var/lib/sss/pubconf/realm_mappings
|
|
|
|
The SSSD subpackages were not calling ldconfig even though they contain
shared libraries.
|
|
https://fedorahosted.org/sssd/ticket/1418
|
|
|
|
|
|
|
|
|
|
This patch also removes the references to 'cvs' and 'nscd' from
BUILD.txt, as they are no longer necessary.
|
|
|
|
|