summaryrefslogtreecommitdiff
path: root/src/external
AgeCommit message (Collapse)AuthorFilesLines
2012-11-20BUILD: Temporary workaround for Kerberos buildStephen Gallagher1-2/+3
This patch extends the Kerberos version check to support Kerberos version 1.11 alpha and later. It is a temporary measure until we can redesign the configure checks for better granularity.
2012-11-12Only build extract_and_send_pac on platforms that support itJakub Hrozek1-0/+2
2012-10-26Add replacement for krb5_find_authdata()Sumit Bose1-0/+1
krb5_find_authdata() is only available in MIT Kerberos 1.10 or higher. To allow sssd to be compiled on platform with lower version of MIT Kerberos a replacement call is added. Please note that on those platform the replacement call will only return an error. If the krb5_find_authdata functionality is really needed on those platform it must be implemented by a different patch.
2012-10-12Only call krb5_set_trace_callback on platforms that support itJakub Hrozek1-0/+1
2012-09-24Detect LDAPDerefRes in configure scriptJakub Hrozek1-1/+9
https://fedorahosted.org/sssd/ticket/1317
2012-09-24autofs, sudo, ssh and PAC are not experimental anymoreJakub Hrozek1-9/+4
2012-09-04Check if the SELinux login directory existsJakub Hrozek1-0/+9
https://fedorahosted.org/sssd/ticket/1492
2012-07-09heimdal: fix compile error in krb5-child-testRambaldi1-0/+1
2012-06-21Try to build PAC responder only if all dependencies are availableSumit Bose1-5/+8
2012-06-21PAC responder: add basic infrastructureSumit Bose1-0/+34
This adds only the basic outline of the PAC responder, it won't support any operations, it will just start and initialize itself.
2012-06-15KRB5: Auto-detect DIR cache support in configureStephen Gallagher1-1/+3
We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
2012-05-07Kerberos locator: Include the correct krb5.h header fileJakub Hrozek1-2/+13
https://fedorahosted.org/sssd/ticket/1325
2012-02-27Eliminate build-time requirement for nscdStephen Gallagher1-4/+4
We will now use the autodetected location if available, or else fall back to a value provided by --with-nscd in configure and finally resort to a hard-coded default of /usr/sbin/nscd.
2012-02-01Use profiling Docbook XSLT only if available, fall back to normalJakub Hrozek1-8/+5
2012-01-17IPA: Detect nsupdate support for the realm directiveStephen Gallagher1-1/+10
For older platforms, do not add the 'realm' line in the update message
2011-12-22Add compatibility layer for Heimdal Kerberos implementationStephen Gallagher1-1/+9
2011-12-05Allow using Glib for UTF8 supportStephen Gallagher1-0/+11
2011-11-18RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher1-0/+5
2011-11-02Add wrapper for krb5_get_init_creds_opt_set_canonicalizeJan Zeleny1-0/+1
2011-07-29libipa_hbac: Support case-insensitive comparisons with UTF8Stephen Gallagher1-0/+9
2011-07-13Fix python HBAC bindings for python <= 2.4Jakub Hrozek1-0/+20
Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4
2011-06-30Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose1-1/+1
2011-06-16Provide TTL structure names for c-ares < 1.7Jakub Hrozek1-0/+3
https://fedorahosted.org/sssd/ticket/898 In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to ares_addrttl/ares_addr6ttl so they are in the ares_ namespace. Because they are committed to stable ABI, the contents are the same, just the name changed -- so it is safe to just #define the new name for older c-ares version in case the new one is not detected in configure time.
2011-05-23Set _GNU_SOURCE globallySumit Bose1-2/+1
2011-05-06Add support for openldap24 package on RHEL 5.7Sumit Bose1-0/+21
2011-05-05Added some kerberos functions for building on RHEL5Jan Zeleny1-1/+2
2011-04-27Require openssl-devel is libcrypto backend is selectedJakub Hrozek1-12/+8
2011-04-12Provide a configuration option to use systemd unit fileJakub Hrozek1-0/+8
https://fedorahosted.org/sssd/ticket/837
2011-01-17Remove support for pre-1.1 netlinkStephen Gallagher1-25/+24
Netlink 1.0 and older is buggy and unreliable, occasionally causing tight-loops. We're no longer going to try to support it. https://fedorahosted.org/sssd/ticket/755
2010-12-07Add support for FAST in krb5 providerSumit Bose1-1/+3
2010-10-13Raise the required version of libdhashSumit Bose1-1/+1
libdhash version 0.4.2 is required because older versions cannot update hash entries.
2010-09-23Use new MIT krb5 API for better password expiration warningsSumit Bose1-1/+2
2010-09-02Add gentoo distrubutionsMaxim1-1/+5
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2010-08-23Fix configure check for ldbMaxim1-1/+1
2010-08-19Rewrite toplevel MakefileStephen Gallagher3-30/+24
There is no longer a need to have nested Makefiles and configure scripts. This patch combines the src/ Makefile and configure.ac into the root.
2010-08-03Require -ltalloc for tevent configure checkStephen Gallagher1-2/+8
2010-07-09Use netlink to detect going onlineJakub Hrozek1-0/+36
Integrates libnl to detect adding routes. When a route is added, the offline status of all back ends is reset. This patch adds no heuristics to detect whether back end went offline. Fixes: #456
2010-05-26Add support for delayed kinit if offlineSumit Bose1-0/+11
If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
2010-05-21Remove bash-isms from configure macrosPetter Reinholdtsen2-9/+9
2010-05-16Allow Debian/Ubuntu build to pass --install-layout=deb to setup.pyPetter Reinholdtsen1-2/+6
2010-05-16Add dynamic DNS updates to FreeIPAStephen Gallagher1-0/+8
This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
2010-05-07Revert "Add dynamic DNS updates to FreeIPA"Stephen Gallagher1-8/+0
This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
2010-05-07Add dynamic DNS updates to FreeIPAStephen Gallagher1-0/+8
This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
2010-04-16Use SO_PEERCRED on the PAM socketSumit Bose1-0/+12
This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
2010-04-16Revert "Add better checks on PAM socket"Sumit Bose1-12/+0
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
2010-04-08SELinux login managementJakub Hrozek1-0/+12
Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again. MLS security is not supported as of this patch.
2010-03-15Flush NSCD cache after modifying local databaseJakub Hrozek1-0/+9
Fixes: #221
2010-03-11Add better checks on PAM socketSumit Bose1-0/+12
- check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available
2010-02-18Rename server/ directory to src/Stephen Gallagher20-0/+609
Also update BUILD.txt