summaryrefslogtreecommitdiff
path: root/src/external
AgeCommit message (Collapse)AuthorFilesLines
2013-10-17heimdal: Fix sss_krb5_get_init_creds_opt_set_canonicalizeBenjamin Franzke1-0/+18
Heimdal and MIT Kerberos have a different number of arguments for that function. Add a configure compile check and use the appropriate form.
2013-10-17heimdal: Add fallback for krb5_authdatatypeBenjamin Franzke1-1/+1
2013-10-17heimdal: Add wrapper for krb5_get_time_offsetsBenjamin Franzke1-0/+1
Using krb5_get_kdc_sec_offset from heimdal.
2013-10-17heimdal: Add wrapper for krb5_unparse_name_extBenjamin Franzke1-0/+1
Use krb5_unparse_name in heimdal and calculate length using strlen.
2013-10-17heimdal: Add wrapper for krb5_free_stringBenjamin Franzke1-1/+3
Uses krb5_free_string for MIT and krb5_xfree for heimdal.
2013-10-17heimdal: Add a check whether profile.h existsBenjamin Franzke1-1/+1
2013-10-15Add CIFS idmap pluginBenjamin Franzke1-0/+16
https://fedorahosted.org/sssd/ticket/1534
2013-09-18Add journald supportJakub Hrozek1-0/+13
2013-09-17Do not set HAVE_SYSTEMD_LOGIN if libsystemd-login is not availableSumit Bose1-1/+1
Even if HAVE_SYSTEMD_LOGIN is set to 0 #ifdef will still see it as defined.
2013-09-16util: Use systemd-login to check user sessionsSimo Sorce1-0/+4
Use systemd-lgin in preference to check if the user is logged in or not. Fall back to the old method if no systemd-login support is available at compile time or if it returns a fatal error, and can't determine the status of the user on its own. This will allow to consider a user really active (in order to reuse or refresh crdentials) only if it really is logged into the system, and not just if one of the user's processes is stuck around. Resolves: https://fedorahosted.org/sssd/ticket/2084
2013-09-11Fix formating of variables with type: id_tLukas Slebodnik1-0/+3
2013-09-09tests: Add dlopen test to make sure modules worksSimo Sorce1-1/+2
This tests dlopens and resolves all symbols to make sure there are no missing symbols in our provider modules.
2013-09-09AUTOTOOLS: More robust detection of inotify.Lukas Slebodnik1-0/+32
We checked only header file "sys/inotify" for detection whether inotify works. Some platforms do not have built in inotify, but contain library, which provides inotify-compatible interface. This patch adds more robust detection of inotify in configuration time and appends linker flags to Makefile if inotify is provided by library.
2013-09-09AUTOTOOLS: Use pkg-config to detect libraries.Lukas Slebodnik6-27/+70
We used pkg-config only as a fallback if header files was not found, but detection of library failed in case of available header file and linking problem (missing -Ldir). This patch prefers pkg-config.
2013-09-09AUTOTOOLS: add check for type intptr_tLukas Slebodnik1-3/+6
We check whether HAVE_INTPTR_T is defined in definition of macro discard_const_p, but autootols macro AC_CHECK_TYPE did not generate it.
2013-09-09AUTOTOOLS: Refactor unicode library detectionLukas Slebodnik1-7/+24
If $libdir is not in default library path libunistring cannot be found. (pkg-config can not be used in this case). This patch helps to search libunistring in "$libdir" directory. In refactoring part, indentation was updated to be more readable and some duplicated parts were removed.
2013-09-09AUTOTOOLS: Add directories for searching ldap headers and libsLukas Slebodnik1-2/+2
2013-09-09AUTOTOOLS: Add missing AC_MSG_RESULTLukas Slebodnik4-5/+10
AC_MSG_RESULT was not used everywhere after AC_MSG_CHECKING. Therefore two lines from configure output was mixed in some cases.
2013-09-09AUTOTOOLS: Add -LLIBDIR to PYTHON_LIBSLukas Slebodnik1-1/+2
Detect directory with python libraries and add this directory to the list of directories to be searched for linker.
2013-07-02BUILD: Use pkg-config to detect cmockaLukas Slebodnik1-19/+18
2013-05-02DNS sites support - add AD SRV pluginPavel Březina1-0/+5
https://fedorahosted.org/sssd/ticket/1032
2013-04-26DB: Switch to new libini_config APIOndrej Kos1-7/+17
https://fedorahosted.org/sssd/ticket/1786 Since we need to support the old interface as well, the configure scritp is modified and correct ini interface is chosen.
2013-04-22Allow usage of enterprise principalsSumit Bose1-0/+1
Enterprise principals are currently most useful for the AD provider and hence enabled here by default while for the other Kerberos based authentication providers they are disabled by default. If additional UPN suffixes are configured for the AD domain the user principal stored in the AD LDAP server might not contain the real Kerberos realm of the AD domain but one of the additional suffixes which might be completely randomly chooses, e.g. are not related to any existing DNS domain. This make it hard for a client to figure out the right KDC to send requests to. To get around this enterprise principals (see http://tools.ietf.org/html/rfc6806 for details) were introduced. Basically a default realm is added to the principal so that the Kerberos client libraries at least know where to send the request to. It is not in the responsibility of the KDC to either handle the request itself, return a client referral if he thinks a different KDC can handle the request or return and error. This feature is also use to allow authentication in AD environments with cross forest trusts. Fixes https://fedorahosted.org/sssd/ticket/1842
2013-03-27Provide libnl3 supportOndrej Kos1-25/+73
https://fedorahosted.org/sssd/ticket/812 Update the monitor code to be using the new libnl3 API. Changed configure option --with-libnl By default, it tries to build with libnl3, if not found, then with libnl1, if this isn't found either, build proceeds without libnl, just with warning. Specifing --with-libnl=<libnl3|libnl1|no> checks for the specific given version, if not found, configure ends with error.
2013-03-21Move signal.m4 from src/util to externalJakub Hrozek1-0/+1
2013-03-20Making the ldb check configurableLukas Slebodnik1-0/+15
It is possible to enable/disable checking in LDB memberof plugin whether it was built against the same version of LDB that is present on the system. This feature is turned off by default and enabled in Fedora/RHEL spec file. https://fedorahosted.org/sssd/ticket/1813
2013-03-08Detect the presence of libcmocka during configureJakub Hrozek1-0/+19
2013-03-08Add support for krb5 1.11's responder callback.Nathaniel McCallum1-0/+1
krb5 1.11 adds support for a new method for responding to structured data queries. This method, called the responder, provides an alternative to the prompter interface. This patch adds support for this method. It takes the password and provides it via a responder instead of the prompter. In the case of OTP authentication, it also disables the caching of credentials (since the credentials are one-time only).
2013-02-11krb5: include backwards compatible declaration of krb5_trace_infoJakub Hrozek1-1/+1
krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11 includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info". Do the same in the SSSD to allow compiling with both 1.10 and 1.11.
2012-11-20BUILD: Temporary workaround for Kerberos buildStephen Gallagher1-2/+3
This patch extends the Kerberos version check to support Kerberos version 1.11 alpha and later. It is a temporary measure until we can redesign the configure checks for better granularity.
2012-11-12Only build extract_and_send_pac on platforms that support itJakub Hrozek1-0/+2
2012-10-26Add replacement for krb5_find_authdata()Sumit Bose1-0/+1
krb5_find_authdata() is only available in MIT Kerberos 1.10 or higher. To allow sssd to be compiled on platform with lower version of MIT Kerberos a replacement call is added. Please note that on those platform the replacement call will only return an error. If the krb5_find_authdata functionality is really needed on those platform it must be implemented by a different patch.
2012-10-12Only call krb5_set_trace_callback on platforms that support itJakub Hrozek1-0/+1
2012-09-24Detect LDAPDerefRes in configure scriptJakub Hrozek1-1/+9
https://fedorahosted.org/sssd/ticket/1317
2012-09-24autofs, sudo, ssh and PAC are not experimental anymoreJakub Hrozek1-9/+4
2012-09-04Check if the SELinux login directory existsJakub Hrozek1-0/+9
https://fedorahosted.org/sssd/ticket/1492
2012-07-09heimdal: fix compile error in krb5-child-testRambaldi1-0/+1
2012-06-21Try to build PAC responder only if all dependencies are availableSumit Bose1-5/+8
2012-06-21PAC responder: add basic infrastructureSumit Bose1-0/+34
This adds only the basic outline of the PAC responder, it won't support any operations, it will just start and initialize itself.
2012-06-15KRB5: Auto-detect DIR cache support in configureStephen Gallagher1-1/+3
We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
2012-05-07Kerberos locator: Include the correct krb5.h header fileJakub Hrozek1-2/+13
https://fedorahosted.org/sssd/ticket/1325
2012-02-27Eliminate build-time requirement for nscdStephen Gallagher1-4/+4
We will now use the autodetected location if available, or else fall back to a value provided by --with-nscd in configure and finally resort to a hard-coded default of /usr/sbin/nscd.
2012-02-01Use profiling Docbook XSLT only if available, fall back to normalJakub Hrozek1-8/+5
2012-01-17IPA: Detect nsupdate support for the realm directiveStephen Gallagher1-1/+10
For older platforms, do not add the 'realm' line in the update message
2011-12-22Add compatibility layer for Heimdal Kerberos implementationStephen Gallagher1-1/+9
2011-12-05Allow using Glib for UTF8 supportStephen Gallagher1-0/+11
2011-11-18RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher1-0/+5
2011-11-02Add wrapper for krb5_get_init_creds_opt_set_canonicalizeJan Zeleny1-0/+1
2011-07-29libipa_hbac: Support case-insensitive comparisons with UTF8Stephen Gallagher1-0/+9
2011-07-13Fix python HBAC bindings for python <= 2.4Jakub Hrozek1-0/+20
Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4