Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • mika/sssd
  • guillem/debian-pkg-sssd
  • john.veitch/sssd
  • jgullberg/sssd
  • gioele/sssd
  • oktay454/sssd
  • sergiodj/sssd
  • 3v1n0/sssd
  • jfalk-guest/sssd
  • sathieu/sssd
  • dpward/sssd
  • sssd-team/sssd
  • ahasenack/sssd
  • jbicha/sssd
  • yrro-guest/sssd
15 results
Show changes
Commits on Source (216)
......@@ -53,9 +53,6 @@ endif
if BUILD_SAMBA
winbindplugindir = @winbindpluginpath@
endif
if BUILD_LIBWBCLIENT
libwbclientdir = @appmodpath@
endif
sssdconfdir = $(sysconfdir)/sssd
sssddatadir = $(datadir)/sssd
sssdapiplugindir = $(sssddatadir)/sssd.api.d
......@@ -104,6 +101,14 @@ condconfigexists =
else
condconfigexists = ConditionPathExists=\|/etc/sssd/sssd.conf\nConditionDirectoryNotEmpty=\|/etc/sssd/conf.d/
endif
# If sssd is configured with --with-sssd-user=<user> where <user>!='root'
# but is actually run under the root we need CAP_DAC_OVERRIDE to access
# files owned by <user>:<user>
# If sssd is really run under non-root account that doesn't have this cap
# originally then it's addition to CapabilityBoundingSet doesn't matter.
if SSSD_NON_ROOT_USER
additional_caps = CAP_DAC_OVERRIDE
endif
else
ifp_exec_cmd = $(sssdlibexecdir)/sss_signal
ifp_systemdservice =
......@@ -277,7 +282,6 @@ if HAVE_CMOCKA
test_sysdb_sudo \
test_sysdb_utils \
test_sysdb_domain_resolution_order \
test_wbc_calls \
test_be_ptask \
test_copy_ccache \
test_copy_keytab \
......@@ -322,9 +326,14 @@ if BUILD_KCM
non_interactive_cmocka_based_tests += \
test_kcm_marshalling \
test_kcm_queue \
$(NULL)
$(NULL)
endif # BUILD_KCM
if BUILD_KCM_RENEWAL
non_interactive_cmocka_based_tests += test_kcm_renewals
endif # BUILD_KCM_RENEWAL
if BUILD_SAMBA
non_interactive_cmocka_based_tests += \
ad_access_filter_tests \
......@@ -688,6 +697,7 @@ dist_noinst_HEADERS = \
src/util/session_recording.h \
src/util/strtonum.h \
src/util/sss_cli_cmd.h \
src/util/sss_chain_id.h \
src/util/sss_ptr_hash.h \
src/util/sss_ptr_list.h \
src/util/sss_endian.h \
......@@ -762,7 +772,7 @@ dist_noinst_HEADERS = \
src/responder/secrets/secsrv_private.h \
src/responder/secrets/secsrv_local.h \
src/responder/secrets/secsrv_proxy.h \
src/responder/kcm/kcm.h \
src/responder/kcm/kcm_renew.h \
src/responder/kcm/kcmsrv_pvt.h \
src/responder/kcm/kcmsrv_ccache.h \
src/responder/kcm/kcmsrv_ccache_pvt.h \
......@@ -895,10 +905,6 @@ dist_noinst_HEADERS = \
src/sss_client/pam_message.h \
src/sss_client/ssh/sss_ssh_client.h \
src/sss_client/sudo/sss_sudo.h \
src/sss_client/libwbclient/libwbclient.h \
src/sss_client/libwbclient/wbc_err_internal.h \
src/sss_client/libwbclient/wbclient_internal.h \
src/sss_client/libwbclient/wbc_sssd_internal.h \
src/sss_client/nfs/nfsidmap_internal.h \
src/lib/idmap/sss_idmap_private.h \
src/lib/sifp/sss_sifp_private.h \
......@@ -938,6 +944,7 @@ endif
pkglib_LTLIBRARIES += libsss_debug.la
libsss_debug_la_SOURCES = \
src/util/debug.c \
src/util/debug_backtrace.c \
src/util/sss_log.c \
src/util/sss_cli_cmd.c \
$(NULL)
......@@ -1062,6 +1069,8 @@ pkglib_LTLIBRARIES += libsss_sbus.la
libsss_sbus_la_SOURCES = \
src/util/check_and_open.c \
src/util/debug.c \
src/util/debug_backtrace.c \
src/util/sss_chain_id.c \
src/util/sss_ptr_hash.c \
src/util/sss_ptr_list.c \
src/util/sss_utf8.c \
......@@ -1125,6 +1134,7 @@ libsss_sbus_la_LDFLAGS = \
pkglib_LTLIBRARIES += libsss_sbus_sync.la
libsss_sbus_sync_la_SOURCES = \
src/util/debug.c \
src/util/debug_backtrace.c \
src/util/sss_utf8.c \
src/util/util.c \
src/util/util_errors.c \
......@@ -1272,6 +1282,7 @@ libsss_util_la_SOURCES = \
src/util/files.c \
src/util/selinux.c \
src/util/sss_regexp.c \
src/util/sss_chain_id.c \
$(NULL)
libsss_util_la_CFLAGS = \
$(AM_CFLAGS) \
......@@ -1425,46 +1436,6 @@ include_HEADERS = \
src/lib/certmap/sss_certmap.h \
$(NULL)
if BUILD_LIBWBCLIENT
libwbclient_LTLIBRARIES = libwbclient.la
pkgconfig_DATA += src/sss_client/libwbclient/wbclient_sssd.pc
EXTRA_libwbclient_la_DEPENDENCIES = \
src/sss_client/libwbclient/wbclient.exports \
$(NULL)
libwbclient_la_SOURCES = \
src/sss_client/libwbclient/wbc_guid.c \
src/sss_client/libwbclient/wbc_idmap_common.c \
src/sss_client/libwbclient/wbc_idmap_sssd.c \
src/sss_client/libwbclient/wbclient_common.c \
src/sss_client/libwbclient/wbclient_sssd.c \
src/sss_client/libwbclient/wbc_pam_sssd.c \
src/sss_client/libwbclient/wbc_pwd_sssd.c \
src/sss_client/libwbclient/wbc_sid_common.c \
src/sss_client/libwbclient/wbc_sid_sssd.c \
src/sss_client/libwbclient/wbc_sssd_internal.h \
src/sss_client/libwbclient/wbc_util_common.c \
src/sss_client/libwbclient/wbc_util_sssd.c \
src/sss_client/libwbclient/wbc_ctx_sssd.c \
$(NULL)
libwbclient_la_LIBADD = \
$(LIBADD_DL) \
libsss_nss_idmap.la \
$(CLIENT_LIBS) \
$(NULL)
libwbclient_la_LDFLAGS = \
-Wl,--version-script,$(srcdir)/src/sss_client/libwbclient/wbclient.exports \
-version-info @libwbclient_version_info@ \
$(NULL)
dist_noinst_DATA += src/sss_client/libwbclient/wbclient.exports \
$(NULL)
include_HEADERS += src/sss_client/libwbclient/wbclient_sssd.h
endif #BUILD_LIBWBCLIENT
if BUILD_IFP
lib_LTLIBRARIES += libsss_simpleifp.la
pkgconfig_DATA += src/lib/sifp/sss_simpleifp.pc
......@@ -1871,6 +1842,15 @@ sssd_kcm_LDADD += \
$(NULL)
endif
if BUILD_KCM_RENEWAL
sssd_kcm_SOURCES += \
src/responder/kcm/kcm_renew.c \
src/providers/krb5/krb5_opts.c \
src/providers/krb5/krb5_child_handler.c \
src/providers/data_provider_opts.c \
$(NULL)
endif
endif
sssd_be_SOURCES = \
......@@ -3402,30 +3382,6 @@ test_sysdb_domain_resolution_order_LDADD = \
libsss_test_common.la \
$(NULL)
test_wbc_calls_SOURCES = \
src/tests/cmocka/test_wbc_calls.c \
src/sss_client/libwbclient/wbc_sid_sssd.c \
src/sss_client/libwbclient/wbclient_common.c \
src/sss_client/libwbclient/wbc_sid_common.c \
src/sss_client/common.c \
$(NULL)
test_wbc_calls_CFLAGS = \
$(AM_CFLAGS) \
$(CMOCKA_CFLAGS) \
$(NULL)
test_wbc_calls_LDFLAGS = \
-Wl,-wrap,sss_nss_getnamebysid \
$(NULL)
test_wbc_calls_LDADD = \
$(CLIENT_LIBS) \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
libsss_nss_idmap.la \
$(NULL)
test_be_ptask_SOURCES = \
src/tests/cmocka/common_mock_be.c \
src/tests/cmocka/test_be_ptask.c \
......@@ -3484,6 +3440,7 @@ dummy_child_SOURCES = \
$(NULL)
dummy_child_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(NULL)
......@@ -3986,6 +3943,43 @@ test_kcm_queue_LDADD = \
libsss_sbus.la \
$(NULL)
if BUILD_KCM_RENEWAL
test_kcm_renewals_SOURCES = \
$(TEST_MOCK_RESP_OBJ) \
src/tests/cmocka/test_kcm_renewals.c \
src/responder/kcm/kcm_renew.c \
src/responder/kcm/kcmsrv_ccache.c \
src/responder/kcm/kcmsrv_ccache_key.c \
src/responder/kcm/kcmsrv_ccache_binary.c \
src/responder/kcm/kcmsrv_ccache_json.c \
src/util/sss_krb5.c \
src/util/sss_iobuf.c \
src/util/secrets/secrets.c \
src/util/secrets/config.c \
src/providers/krb5/krb5_child_handler.c \
src/providers/krb5/krb5_opts.c \
src/providers/data_provider_opts.c \
$(NULL)
test_kcm_renewals_CFLAGS = \
$(AM_CFLAGS) \
$(NULL)
test_kcm_renewals_LDFLAGS = \
-Wl,-wrap,fstat
test_kcm_renewals_LDADD = \
$(LIBADD_DL) \
$(UUID_LIBS) \
$(JANSSON_LIBS) \
$(KRB5_LIBS) \
$(CARES_LIBS) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
libsss_iface.la \
libsss_sbus.la \
$(NULL)
endif # BUILD_KCM_RENEWAL
endif # BUILD_KCM
endif # HAVE_CMOCKA
......@@ -4738,7 +4732,8 @@ gpo_child_LDADD = \
$(POPT_LIBS) \
$(DHASH_LIBS) \
$(INI_CONFIG_LIBS) \
$(SMBCLIENT_LIBS)
$(SMBCLIENT_LIBS) \
$(SAMBA_UTIL_LIBS)
proxy_child_SOURCES = \
src/providers/proxy/proxy_child.c \
......@@ -5082,19 +5077,15 @@ if BUILD_KCM
$(NULL)
endif
else
if HAVE_SUSE
init_SCRIPTS += \
src/sysv/SUSE/sssd
else
if HAVE_GENTOO
init_SCRIPTS += \
src/sysv/gentoo/sssd
src/sysv/gentoo/sssd \
src/sysv/gentoo/sssd-kcm
else
init_SCRIPTS += \
src/sysv/sssd
endif
endif
endif
dist_sssddata_DATA = \
......@@ -5122,7 +5113,8 @@ edit_cmd = $(SED) \
-e 's|@pipepath[@]|$(pipepath)|g' \
-e 's|@prefix[@]|$(prefix)|g' \
-e 's|@SSSD_USER[@]|$(SSSD_USER)|g' \
-e 's|@condconfigexists[@]|$(condconfigexists)|g'
-e 's|@condconfigexists[@]|$(condconfigexists)|g' \
-e 's|@additional_caps[@]|$(additional_caps)|g'
replace_script = \
@rm -f $@ $@.tmp; \
......@@ -5520,6 +5512,7 @@ test_CA: test_CA.stamp
test_CA.stamp: $(srcdir)/src/tests/test_CA/* $(srcdir)/src/tests/test_ECC_CA/*
$(MAKE) -C src/tests/test_CA ca_all
$(MAKE) -C src/tests/test_CA/intermediate_CA ca_all
$(MAKE) -C src/tests/test_ECC_CA ca_all
touch $@
......
......@@ -19,26 +19,23 @@ SSSD maintains two release streams - stable and LTM. Releases designated as
LTM are long-term maintenance releases and will see bugfixes and security
patches for a longer time than other releases.
The list of all releases is maintained together with [SSSD documentation](https://sssd.io/docs/users/releases.html).
The list of all releases is maintained together with [SSSD documentation](https://sssd.io/releases.html).
## Building and installation from source
Please see the [our developer documentation](https://sssd.io/docs/developers/).
Please see the [our developer documentation](https://sssd.io/contrib/building-sssd.html).
## Documentation
The most up-to-date documentation can be found at https://sssd.io.
Its source code is hosted at https://github.com/SSSD/sssd.github.io.
Its source code is hosted at https://github.com/SSSD/sssd.io.
## Submitting bugs
Please file an issue in the [SSSD github instance](https://github.com/SSSD/sssd/issues).
Make sure to follow the [guide on reporting SSSD bugs](https://sssd.io/docs/users/reporting_bugs.html).
Make sure to follow the [guide on reporting SSSD bugs](https://sssd.io/docs/reporting-bugs.html).
## Licensing
Please see the file called [COPYING](COPYING).
## Social networks
We maintain our presence on [Twitter](https://twitter.com/SysSecSvcDaemon).
## Contacts
There are several ways to contact us:
......@@ -46,6 +43,6 @@ There are several ways to contact us:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/)
* the sssd-users mailing list: [End-user discussions about the System Security Services Daemon](
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/)
* the #sssd and #freeipa IRC channels on freenode:
* irc://irc.freenode.net/sssd
* irc://irc.freenode.net/freeipa
* the #sssd and #freeipa IRC channels on libera.chat:
* irc://irc.libera.chat/sssd
* irc://irc.libera.chat/freeipa
......@@ -20,6 +20,7 @@ AM_PROG_CC_C_O
m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
AC_DISABLE_STATIC
AC_PROG_INSTALL
AC_PROG_CPP
LT_INIT
m4_ifdef([AC_PROG_MKDIR_P],
[AC_PROG_MKDIR_P],
......@@ -166,7 +167,6 @@ WITH_SYSLOG
WITH_SAMBA
WITH_NFS
WITH_NFS_LIB_PATH
WITH_LIBWBCLIENT
WITH_SSSD_USER
SSSD_RUNSTATEDIR
WITH_SECRETS
......@@ -213,20 +213,20 @@ m4_include([src/external/service.m4])
m4_include([src/external/test_ca.m4])
m4_include([src/external/ax_valgrind_check.m4])
if test x$with_secrets = xyes; then
AS_IF([test x$with_secrets = xyes], [
m4_include([src/external/libhttp_parser.m4])
m4_include([src/external/libcurl.m4])
fi
])
if test x$with_kcm = xyes; then
AS_IF([test x$with_kcm = xyes], [
m4_include([src/external/libuuid.m4])
fi
])
if test x$with_kcm = xyes -o x$with_secrets = xyes; then
AS_IF([test x$with_kcm = xyes -o x$with_secrets = xyes], [
BUILD_WITH_LIBSECRET=1
AC_DEFINE_UNQUOTED(BUILD_WITH_LIBSECRET, 1, [libsecret will be built])
m4_include([src/external/libjansson.m4])
fi
])
AM_CONDITIONAL([BUILD_WITH_LIBSECRET],
[test x"$BUILD_WITH_LIBSECRET" != "x"])
......@@ -237,39 +237,39 @@ AM_CONDITIONAL([BUILD_WITH_LIBCURL],
[test x"$have_curlopt_unix_sockpath" = xyes])
WITH_UNICODE_LIB
if test x$unicode_lib = xlibunistring; then
AS_IF([test x$unicode_lib = xlibunistring], [
m4_include([src/external/libunistring.m4])
AC_DEFINE_UNQUOTED(HAVE_LIBUNISTRING, 1, [Using libunistring for unicode])
UNICODE_LIBS=$UNISTRING_LIBS
else
], [
m4_include([src/external/glib.m4])
AC_DEFINE_UNQUOTED(HAVE_GLIB2, 1, [Using glib2 for unicode])
UNICODE_LIBS=$GLIB2_LIBS
fi
])
AC_SUBST(UNICODE_LIBS)
WITH_LIBNL
if test x$HAVE_NSCD; then
AS_IF([test x$HAVE_NSCD], [
WITH_NSCD_CONF
fi
])
WITH_INITSCRIPT
if test x$initscript = xsystemd; then
AS_IF([test x$initscript = xsystemd], [
WITH_SYSTEMD_UNIT_DIR
WITH_SYSTEMD_CONF_DIR
else
], [
CHECK_SERVICE_EXECUTABLE
fi
])
PKG_CHECK_MODULES([DBUS],[dbus-1])
dnl if test -n "`$PKG_CONFIG --modversion dbus-1 | grep '^0\.'`" ; then
if ! $PKG_CONFIG --atleast-version 1.0.0 dbus-1; then
AS_IF([! $PKG_CONFIG --atleast-version 1.0.0 dbus-1], [
DBUS_CFLAGS="$DBUS_CFLAGS -DDBUS_API_SUBJECT_TO_CHANGE"
AC_MSG_RESULT([setting -DDBUS_API_SUBJECT_TO_CHANGE])
fi
])
if test x$has_dbus != xno; then
AS_IF([test x$has_dbus != xno], [
SAFE_LIBS="$LIBS"
LIBS="$DBUS_LIBS"
SAFE_CFLAGS=$CFLAGS
......@@ -285,12 +285,12 @@ if test x$has_dbus != xno; then
LIBS="$SAFE_LIBS"
CFLAGS=$SAFE_CFLAGS
fi
])
# work around a bug in cov-build from Coverity
test -n "$XML_CATALOG_FILES" || unset XML_CATALOG_FILES
if test x$HAVE_MANPAGES != x; then
AS_IF([test x$HAVE_MANPAGES != x], [
CHECK_XML_TOOLS
DOCBOOK_XSLT=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl
......@@ -300,18 +300,18 @@ if test x$HAVE_MANPAGES != x; then
[HAVE_PROFILE_CATALOGS=1],
[AC_MSG_WARN([Man pages might contain documentation for experimental features])])
if test x$HAVE_PROFILE_CATALOGS = x; then
AS_IF([test x$HAVE_PROFILE_CATALOGS = x], [
DOCBOOK_XSLT=http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl
CHECK_STYLESHEET([$SGML_CATALOG_FILES],
[$DOCBOOK_XSLT],
[Docbook XSL templates],
[],
[AC_MSG_ERROR([could not find the docbook xsl catalog])])
fi
])
AC_CHECK_PROG([PO4A],[po4a],[po4a],[no])
AC_SUBST(DOCBOOK_XSLT)
fi
])
AM_CONDITIONAL([HAVE_PROFILE_CATALOGS], [test "x$HAVE_PROFILE_CATALOGS" != "x"])
AM_CONDITIONAL([HAVE_MANPAGES], [test "x$HAVE_MANPAGES" != "x"])
AM_CONDITIONAL([HAVE_PO4A], [test "x$PO4A" != "xno"])
......@@ -324,9 +324,9 @@ AC_CHECK_PROG(HAVE_PYTHON3, python3, yes, no)
AS_IF([test x$HAVE_PYTHON3 = xyes],
[AC_PATH_PROG(PYTHON3, python3)])
if test x$HAVE_PYTHON2_BINDINGS = xyes; then
AS_IF([test x$HAVE_PYTHON2 != xyes],
[AC_MSG_ERROR([
AS_IF([test x$HAVE_PYTHON2_BINDINGS = xyes],
[AS_IF([test x$HAVE_PYTHON2 != xyes],
[AC_MSG_ERROR([
The program python2 was not found in search path.
Please ensure that it is installed and its directory is included in the search
path. It is required for building python2 bindings. If you do not want to build
......@@ -348,11 +348,11 @@ them please use argument --without-python2-bindings when running configure.])])
AC_SUBST([PYTHON2_EXEC_PREFIX], [$PYTHON_EXEC_PREFIX])
SSS_CLEAN_PYTHON_VARIABLES
fi
])
if test x$HAVE_PYTHON3_BINDINGS = xyes; then
AS_IF([test x$HAVE_PYTHON3 != xyes],
[AC_MSG_ERROR([
AS_IF([test x$HAVE_PYTHON3_BINDINGS = xyes],
[AS_IF([test x$HAVE_PYTHON3 != xyes],
[AC_MSG_ERROR([
The program python3 was not found in search path.
Please ensure that it is installed and its directory is included in the search
path. It is required for building python3 bindings. If you do not want to build
......@@ -374,31 +374,31 @@ them please use argument --without-python3-bindings when running configure.])])
AC_SUBST([PYTHON3_EXEC_PREFIX], [$PYTHON_EXEC_PREFIX])
SSS_CLEAN_PYTHON_VARIABLES
fi
])
if test x$HAVE_PYTHON3 = xyes; then
AS_IF([test x$HAVE_PYTHON3 = xyes], [
PYTHON_EXEC=$PYTHON3
else
], [
PYTHON_EXEC=$PYTHON2
fi
])
AC_SUBST(PYTHON_EXEC)
AM_CONDITIONAL([BUILD_PYTHON_BINDINGS],
[test x"$with_python2_bindings" = xyes \
-o x"$with_python3_bindings" = xyes])
if test x$HAVE_SELINUX != x; then
AS_IF([test x$HAVE_SELINUX != x], [
AM_CHECK_SELINUX
fi
])
if test x$HAVE_SEMANAGE != x -a x$HAVE_SELINUX != x; then
AS_IF([test x$HAVE_SEMANAGE != x -a x$HAVE_SELINUX != x], [
AM_CHECK_SEMANAGE
fi
])
dnl If journald was selected for logging, configure journald
if test x$syslog = xjournald; then
AS_IF([test x$syslog = xjournald], [
AM_CHECK_JOURNALD
fi
])
AM_CHECK_LIBCRYPTO
m4_include([src/external/p11-kit.m4])
......@@ -412,10 +412,10 @@ AC_CACHE_CHECK([whether compiler supports __attribute__((destructor))],
sss_client_cv_attribute_destructor=yes)
])
if test x"$sss_client_cv_attribute_destructor" = xyes ; then
AS_IF([test x"$sss_client_cv_attribute_destructor" = xyes], [
AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1,
[whether compiler supports __attribute__((destructor))])
fi
])
AC_CACHE_CHECK([whether compiler supports __attribute__((format))],
sss_cv_attribute_format,
......@@ -430,10 +430,10 @@ AC_CACHE_CHECK([whether compiler supports __attribute__((format))],
])
])
if test x"$sss_cv_attribute_format" = xyes ; then
AS_IF([test x"$sss_cv_attribute_format" = xyes], [
AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_FORMAT, 1,
[whether compiler supports __attribute__((format))])
fi
])
AC_CACHE_CHECK([whether compiler supports __attribute__((warn_unused_result))],
sss_cv_attribute_warn_unused_result,
......@@ -447,10 +447,10 @@ AC_CACHE_CHECK([whether compiler supports __attribute__((warn_unused_result))],
AC_MSG_WARN([compiler does NOT support __attribute__((warn_unused_result))])
])
])
if test x"$sss_cv_attribute_warn_unused_result" = xyes ; then
AS_IF([test x"$sss_cv_attribute_warn_unused_result" = xyes], [
AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_WARN_UNUSED_RESULT, 1,
[whether compiler supports __attribute__((warn_unused_result))])
fi
])
SAFE_CFLAGS=$CFLAGS
CFLAGS="-Werror"
......@@ -487,11 +487,11 @@ AC_DEFINE_UNQUOTED(
PKG_CHECK_MODULES([CHECK], [check >= 0.9.5], [have_check=1], [have_check=])
if test x$have_check = x; then
AS_IF([test x$have_check = x], [
AC_MSG_WARN([Without the 'CHECK' libraries, you will be unable to run all tests in the 'make check' suite])
else
], [
AC_CHECK_HEADERS([check.h],,AC_MSG_ERROR([Could not find CHECK headers]))
fi
])
AC_PATH_PROG([DOXYGEN], [doxygen], [false])
AM_CONDITIONAL([HAVE_DOXYGEN], [test x$DOXYGEN != xfalse ])
......@@ -524,16 +524,16 @@ AC_DEFINE_UNQUOTED([ABS_SRC_DIR], ["$my_srcdir"], [Absolute path to the source d
AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config
contrib/sssd-pcsc.rules
src/sysv/sssd src/sysv/gentoo/sssd src/sysv/SUSE/sssd
src/sysv/sssd src/sysv/gentoo/sssd src/sysv/gentoo/sssd-kcm
po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile
src/tests/intg/Makefile src/tests/test_CA/Makefile
src/tests/test_CA/intermediate_CA/Makefile
src/tests/test_ECC_CA/Makefile
src/lib/ipa_hbac/ipa_hbac.pc src/lib/ipa_hbac/ipa_hbac.doxy
src/lib/idmap/sss_idmap.pc src/lib/idmap/sss_idmap.doxy
src/lib/certmap/sss_certmap.pc src/lib/certmap/sss_certmap.doxy
src/sss_client/idmap/sss_nss_idmap.pc
src/sss_client/idmap/sss_nss_idmap.doxy
src/sss_client/libwbclient/wbclient_sssd.pc
src/lib/sifp/sss_simpleifp.pc
src/lib/sifp/sss_simpleifp.doxy
src/config/setup.py
......
......@@ -60,7 +60,7 @@ declare RIGOROUS=false
# pep8 was renamed to pycodestyle
declare PEP8_BIN="pep8"
if which pycodestyle &> /dev/null; then
if command -v pycodestyle &> /dev/null; then
PEP8_BIN="pycodestyle"
fi
......
......@@ -70,6 +70,18 @@
...
}
# And the same, as above, for pcre2
{
sssd-leak-sss_names_pcre2
Memcheck:Leak
fun:malloc
fun:pcre2_compile_8
fun:sss_regexp_pcre2_compile
fun:sss_regexp_new
fun:sss_names_init_from_args
...
}
# Ignore tests exiting and abandoning cmocka state, concerns dyndns test
{
sssd-leak-cmocka-exit
......
......@@ -7,6 +7,13 @@
%global sssd_user root
%endif
# Set setuid bit on child helpers if we support non-root user.
%if "%{sssd_user}" == "root"
%global child_attrs 0750
%else
%global child_attrs 4750
%endif
# we don't want to provide private python extension libs
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
......@@ -36,7 +43,6 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
### Dependencies ###
Requires: python3-sssdconfig = %{version}-%{release}
Requires: sssd-ad = %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-ipa = %{version}-%{release}
......@@ -44,6 +50,7 @@ Requires: sssd-krb5 = %{version}-%{release}
Requires: sssd-ldap = %{version}-%{release}
Recommends: sssd-proxy = %{version}-%{release}
Recommends: logrotate
Suggests: python3-sssdconfig = %{version}-%{release}
Suggests: sssd-dbus = %{version}-%{release}
%global servicename sssd
......@@ -99,11 +106,13 @@ BuildRequires: make
BuildRequires: nss_wrapper
BuildRequires: openldap-devel
BuildRequires: openssh
# required for p11_child smartcard tests
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: p11-kit-devel
BuildRequires: pam_wrapper
BuildRequires: pam-devel
BuildRequires: pcre-devel
BuildRequires: pcre2-devel
BuildRequires: pkgconfig
BuildRequires: popt-devel
BuildRequires: python3-devel
......@@ -116,6 +125,7 @@ BuildRequires: softhsm >= 2.1.0
BuildRequires: systemd-devel
BuildRequires: systemtap-sdt-devel
BuildRequires: uid_wrapper
BuildRequires: po4a
%description
Provides a set of daemons to manage access to remote directories and
......@@ -158,7 +168,6 @@ Summary: SSSD Client libraries for NSS and PAM
License: LGPLv3+
Requires: libsss_nss_idmap = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
Requires(post): /sbin/ldconfig
Requires(post): /usr/sbin/alternatives
Requires(preun): /usr/sbin/alternatives
......@@ -479,7 +488,6 @@ autoreconf -ivf
%configure \
--disable-rpath \
--disable-static \
--enable-files-domain \
--enable-gss-spnego-for-zero-maxssf \
--enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
--enable-nsslibdir=%{_libdir} \
......@@ -499,6 +507,7 @@ autoreconf -ivf
--with-syslog=journald \
--with-test-dir=/dev/shm \
%if 0%{?fedora}
--enable-files-domain \
--disable-polkit-rules-path \
%endif
%{nil}
......@@ -751,8 +760,8 @@ done
%files krb5-common
%license COPYING
%attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}/krb5.include.d
%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/ldap_child
%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/krb5_child
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/ldap_child
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/krb5_child
%files krb5 -f sssd_krb5.lang
%license COPYING
......@@ -767,7 +776,7 @@ done
%license COPYING
%attr(700,%{sssd_user},%{sssd_user}) %dir %{keytabdir}
%{_libdir}/%{name}/libsss_ipa.so
%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/selinux_child
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/selinux_child
%{_mandir}/man5/sssd-ipa.5*
%files ad -f sssd_ad.lang
......@@ -778,7 +787,7 @@ done
%files proxy
%license COPYING
%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/proxy_child
%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/proxy_child
%{_libdir}/%{name}/libsss_proxy.so
%files dbus -f sssd_dbus.lang
......@@ -949,18 +958,20 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
%postun common
%systemd_postun_with_restart sssd-autofs.socket
%systemd_postun_with_restart sssd-autofs.service
%systemd_postun_with_restart sssd-nss.socket
%systemd_postun_with_restart sssd-nss.service
%systemd_postun_with_restart sssd-pac.socket
%systemd_postun_with_restart sssd-pac.service
%systemd_postun_with_restart sssd-pam.socket
%systemd_postun_with_restart sssd-pam-priv.socket
%systemd_postun_with_restart sssd-pam.service
%systemd_postun_with_restart sssd-ssh.socket
%systemd_postun_with_restart sssd-ssh.service
%systemd_postun_with_restart sssd-sudo.socket
%systemd_postun_with_restart sssd-sudo.service
# Services have RefuseManualStart=true, therefore we can't request restart.
%systemd_postun sssd-autofs.service
%systemd_postun sssd-nss.service
%systemd_postun sssd-pac.service
%systemd_postun sssd-pam.service
%systemd_postun sssd-ssh.service
%systemd_postun sssd-sudo.service
%post dbus
%systemd_post sssd-ifp.service
......@@ -982,7 +993,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
%systemd_postun_with_restart sssd-kcm.service
%post client
%{?ldconfig}
/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20
%preun client
......@@ -990,20 +1000,6 @@ if [ $1 -eq 0 ] ; then
/usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so
fi
%ldconfig_postun client
%ldconfig_scriptlets -n libsss_sudo
%ldconfig_scriptlets -n libipa_hbac
%ldconfig_scriptlets -n libsss_idmap
%ldconfig_scriptlets -n libsss_nss_idmap
%ldconfig_scriptlets -n libsss_simpleifp
%ldconfig_scriptlets -n libsss_certmap
%posttrans common
%systemd_postun_with_restart sssd.service
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.